Hi Secin,
This is easily accomplished with exported "IPS attacks" logs. In MS Excel, check or uncheck the SID you are interested in:
However, I need to get for the allowed traffic.
Is it the audit signatures that you are interested in, if the traffic was detected but allowed?
Please update the thread if you need more assistance! This article may be worth a look...
Two Reasons why IPS is a "Must Have" for your Network
https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network
With thanks and best regards,
Mick