This document describes how to enable/disable the summary of a specific event in Intrusion Prevention System (IPS) software version 6.x using the IPS Device Manager (IDM).
Note: Access lists must be configured in the IPS appliances in order to allow the access from the host or network where management software such as IDM and IEV (IDS Event Viewer) are installed and work properly. Refer to the Changing the Access List section of the Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.0 for more information.
This document is created with the assumption that IPS 6.x is installed and works properly.
The information in this document is based on the Cisco 4200 Series IPS Sensor that runs software version 6.0(2)E1.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
For a clear understanding, this section provides an example in which you enable/disable the summary for the Signature ID: 5748.
Complete these steps.
Click Home in order to see the homepage of the IDM. This page shows the device information.
Choose Configuration > Policies > Signature Definitions > sig0 > Signature Configuration > Select By: Sig ID in order to display all the signatures available in the Sensor.
Choose Sig ID from the Select By drop-down menu and then enter Sig ID 5748 in order to find a specific signature.
Click Edit in order to edit the signature.
In the Edit Signature window, choose Signature Definition > Alert Frequency > Summary Mode, and change the action from Summarize to Fire all in the Summary Mode drop-down menu.
Make sure that Specify Global Summary Threshold is set to No.