I recently installed an AIP-SSM-20 in my ASA5520. I have it configured in promiscuous mode right now, so it just alerts, doesn't block. I am using the Cisco IPS Manager Express to manage the sensor. I would like to eventually put the device in inline mode to block packets, but I want to do it the safest way possible. What is the best approach for signature tuning? I see now, that I have a lot of alerts, most of which are known good traffic. What is the best approach in this situation. I don't want to put the sensor in inline mode and this known good traffic be blocked.