IDS event filtering

["Billy Dodson" <CraftedPacket () securitynerds org>]

I am wanting to get an idea of what you guys out there filter from your
IDS sensors.  Some of the sensors I monitor get TONS of events for MSSQL
control overflows.  If the customer is patched for slammer and does not
have any SQL services on the internet, is it safe to filter out those
events?  Do you still want to see that traffic even though you know your
are not vulnerable?  Thanks!

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------