IPS 6.X - Enable/Disable a Specific Event Summary via IDM

Available Languages

Download Options

  • PDF     (158.8 KB)
    View with Adobe Reader on a variety of devices
Updated:August 31, 2007
Document ID:91527

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to enable/disable the summary of a specific event in Intrusion Prevention System (IPS) software version 6.x using the IPS Device Manager (IDM).

Note: Access lists must be configured in the IPS appliances in order to allow the access from the host or network where management software such as IDM and IEV (IDS Event Viewer) are installed and work properly. Refer to the Changing the Access List section of the Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.0 for more information.

Prerequisites

Requirements

This document is created with the assumption that IPS 6.x is installed and works properly.

Components Used

The information in this document is based on the Cisco 4200 Series IPS Sensor that runs software version 6.0(2)E1.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Enable/Disable the Summary of a Specific Event Using IDM

For a clear understanding, this section provides an example in which you enable/disable the summary for the Signature ID: 5748.

IDM Configuration

Complete these steps.

  1. Launch IDM.

  2. Click Home in order to see the homepage of the IDM. This page shows the device information.

    ips-enble-dis-spec-evts-1.gif

  3. Choose Configuration > Policies > Signature Definitions > sig0 > Signature Configuration > Select By: Sig ID in order to display all the signatures available in the Sensor.

    ips-enble-dis-spec-evts-2.gif

  4. Choose Sig ID from the Select By drop-down menu and then enter Sig ID 5748 in order to find a specific signature.

    ips-enble-dis-spec-evts-3.gif

  5. Click Edit in order to edit the signature.

  6. In the Edit Signature window, choose Signature Definition > Alert Frequency > Summary Mode, and change the action from Summarize to Fire all in the Summary Mode drop-down menu.

    ips-enble-dis-spec-evts-4.gif

  7. Make sure that Specify Global Summary Threshold is set to No.

    ips-enble-dis-spec-evts-5.gif

Related Information

Revision History

Revision Publish Date Comments
1.0
31-Aug-2007
Initial Release

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products