Rchattop_307189
Jan 22, 2017Nimbostratus
Best practice to put security signatures in blocking mode
What is the best practice to put security signatures in blocking mode. Should we put security signatures in blocking mode before putting it in production or will put it in detection mode and after analyzing the traffic we will put them in blocking mode one by one? If we will follow second method is there any possibilities to block legitimate traffic suddenly when we will change any signature in blocking mode. Do we have any best practice document on this.