Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco Intrusion Prevention System

IPS 6.X: Enable/Disable the Summary of a Specific Event Using IDM

Downloads

Document ID: 91527


Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Enable/Disable the Summary of a Specific Event Using IDM
      IDM Configuration
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

This document describes how to enable/disable the summary of a specific event in Intrusion Prevention System (IPS) software version 6.x using the IPS Device Manager (IDM).

Note: Access lists must be configured in the IPS appliances in order to allow the access from the host or network where management software such as IDM and IEV (IDS Event Viewer) are installed and work properly. Refer to the Changing the Access List section of the Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.0 for more information.

Prerequisites

Requirements

This document is created with the assumption that IPS 6.x is installed and works properly.

Components Used

The information in this document is based on the Cisco 4200 Series IPS Sensor that runs software version 6.0(2)E1.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Enable/Disable the Summary of a Specific Event Using IDM

For a clear understanding, this section provides an example in which you enable/disable the summary for the Signature ID: 5748.

IDM Configuration

Complete these steps.

  1. Launch IDM.

  2. Click Home in order to see the homepage of the IDM. This page shows the device information.

    ips-enble-dis-spec-evts-1.gif

  3. Choose Configuration > Policies > Signature Definitions > sig0 > Signature Configuration > Select By: Sig ID in order to display all the signatures available in the Sensor.

    ips-enble-dis-spec-evts-2.gif

  4. Choose Sig ID from the Select By drop-down menu and then enter Sig ID 5748 in order to find a specific signature.

    ips-enble-dis-spec-evts-3.gif

  5. Click Edit in order to edit the signature.

  6. In the Edit Signature window, choose Signature Definition > Alert Frequency > Summary Mode, and change the action from Summarize to Fire all in the Summary Mode drop-down menu.

    ips-enble-dis-spec-evts-4.gif

  7. Make sure that Specify Global Summary Threshold is set to No.

    ips-enble-dis-spec-evts-5.gif

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.
NetPro Discussion Forums - Featured Conversations for Security
Security: Intrusion Detection [Systems]
Security: AAA
Security: General
Security: Firewalling

Related Information

Updated: Aug 31, 2007Document ID: 91527