Cisco Systems, Inc.

                  Cisco Intrusion Prevention System

                Cisco IPS Manager Express (IME) 7.0(2)

                           September 10, 2009

 

Copyright (C) 2009 Cisco Systems, Inc. All rights reserved. Printed in

the USA. Cisco, Cisco Systems, and the Cisco Systems logo are 

registered trademarks of Cisco Systems, Inc. in the U.S. and certain 

other countries. All other trademarks mentioned in this document are 

the property of their registered owners.

 

======================================================================

                         Table Of Contents

======================================================================

 

REVISION HISTORY

 

CISCO IPS MANAGER EXPRESS 7.0(2)

  - FEATURES

  - IMPORTANT INSTALLATION NOTE

  - FILE LIST

  - SYSTEM REQUIREMENTS

  - INSTALLATION
  
  - UPGRADING FROM IME 7.0(1) TO IME 7.0(2)

  - UPGRADING FROM IME 6.2 TO IME 7.0(2)
    
  - UPGRADING FROM IME 6.1 TO IME 7.0(2)

  - MIGRATING FROM IEV 5.X TO IME 7.0(2)

  - UNINSTALL

  - STARTING IME

  - DOCUMENTATION

  - CAVEATS

 

======================================================================

 

REVISION HISTORY


09/10/2009: Initial Version


======================================================================

 

CISCO IPS MANAGER EXPRESS 7.0(2)

 

FEATURES

 

The Cisco IPS Manager Express is a powerful all-in-one IPS 

management application. With one application, you can provision, 

monitor, troubleshoot, and generate reports for as many as ten IDS, 

IPS, or IOS IPS devices.

 

NOTE: While IME can be used to monitor sensor devices running Cisco 

IPS 5.0 and later, some of the new features and functionality delivered

in IME are only supported on sensors running Cisco IPS 6.1 or later.

 

IME 7.0(2) introduces the following new feature:
 

   - The number of sensors supported by IME is increased from 5 to 10.
   
 
The base functionality provided by IME has not changed since IME 7.0(1).


NOTES: 

1. IME replaces IPS Event Viewer (IEV).

 

IMPORTANT INSTALLATION NOTE



You cannot install IME on systems with existing CSM or IEV install-

ations. You must uninstall these applications before installing the 

IME application file.  For more details, refer to Installing and 

Using Cisco Intrusion Prevention System Manager Express 7.0.

 

FILE LIST

 

The following files are included as part of this release:

 

Readme

 - IME-7.0-2.readme.txt

 

Cisco IME

 - IME-7.0.2.exe 

 

SYSTEM REQUIREMENTS

 

Minimum Hardware Requirements         

 - CPU: Pentium, AMD Athlon or equivalent running at 2 GHz (minimum) 

 - Memory: 2 GB        

 

Supported OS         

 - Windows Vista Business and Ultimate, Windows XP Professional, 

   Windows Server 2003 R2 

   (Note: both the English and Japanese versions of Windows are 

   supported)

 - 32-bit (64-bit not supported)

NOTE: IPS Manager Express does not support Windows OS virtualization. 

 

Hard-disk capacity             

 - 100GB       

 

Minimum Screen Size            

 - 1024x768    

 

INSTALLATION

 

WARNING: Do not install IME on top of existing installations of CSM or

IEV.  You must uninstall these applications before installing IME.  If

you are migrating from IEV 5.x and want to import your existing 

database into IME, refer to the MIGRATING FROM IEV 5.X TO IME 7.0(2) 

section below.

 

WARNING: Disable any anti-virus or host-based intrusion detection 

software before beginning the installation, and close any open 

applications. The installer spawns a command shell application that 

may trigger your host-based detection software causing the install to 

fail.  The installation and run account must have Administrator 

privileges.

 

NOTE: IME 7.0(2) supports Cisco IPS 5.0 and later sensors. It does not 

support Cisco IPS 4.x or 3.x sensors.  The new functionality included 

in IME, including the health monitoring console, dashboards, and 

integrated configuration, are only supported on sensors running IPS 

version 6.1 or later.

 

NOTE: IME event monitoring is also supported in IOS-IPS versions that

support the  Cisco IPS 5.x/6.x signature format. We recommend IOS-IPS

12.4(15)T4 if you intend to use IME to monitor an IOS IPS device.  

 

To install Cisco IME 7.0(2), follow these steps:

 

1. Download the executable file from the following location on 

   Cisco.com:

 

   http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ime

 

2. Locate and double-click the executable file to launch the setup 

   program and follow the Installation wizard.

 

NOTE: IME ships with a demo version of the product, which lets you 

use the IME features without requiring actual sensors.  The IME Demo

feature simulates real-time events and includes sample configuration files. 

 

The installer creates two desktop shortcuts called Cisco IME and 

Cisco IME – Demo. You can click Cisco IME to start the actual IME 

application or Cisco IME – Demo to start the demo version of the 

product.


UPGRADING FROM IME 7.0(1) TO IME 7.0(2)



If you have IME 7.0(1) already installed on your system, you can install

IME 7.0(2) over it by running the same installation instructions noted 

previously.  You should close any open instances of IME 7.0(1) prior to

installing IME 7.0(2), but there is no need to uninstall IME 7.0(1) before 

installing IME 7.0(2).  All alarm database and user settings will be 

preserved.


UPGRADING FROM IME 6.2 TO IME 7.0(2)



If you have IME 6.2 already installed on your system, you can install

IME 7.0(2) over it by running the same installation instructions noted 

previously.  You should close any open instances of IME 6.2 prior to

installing IME 7.0(2), but there is no need to uninstall IME 6.2 before 

installing IME 7.0(2).  All alarm database and user settings will be 

preserved.



UPGRADING FROM IME 6.1 TO IME 7.0(2)


If you have IME 6.1 already installed on your system, you can install

IME 7.0(2) over it by running the same installation instructions noted 

previously.  You should close any open instances of IME 6.1 prior to

installing IME 7.0(2), but there is no need to uninstall IME 6.1 before 

installing IME 7.0(2).  All alarm database and user settings will be 

preserved.



MIGRATING FROM IEV 5.X TO IME 7.0(2)

 

NOTE: You must uninstall IEV 5.x before installing IME 7.0(2).  Refer to 

the INSTALLATION section for details.

 

In order to migrate the event data stored in IEV 5.x to IME 7.0(2), you 

must manually export the data file from IEV 5.x and import it into 

IME as follows:

 

To export event data from IEV 5.x to a local file:

 

1. From IEV 5.x, choose File > Database Administration > Export 

   Database Tables.

2. Enter the file name and select the table(s). 

3. Click OK. 

The events in the selected table(s) will be exported to the 

specified local file.

 

To import the event data into IME:

 

1. From IME, choose File > Import.

2. Select the file exported from IEV 5.x and click Open.

The content of the selected file will be imported into IME.

 

UNINSTALL 

 

Choose Start > Control Panel > Add or Remove Programs > Cisco IPS 

Manager Express > Remove.

   

STARTING IME

 

To start IPS Manager Express,

 

 -- Double-click the Cisco IME shortcut on your desktop, or

 

 -- Choose Start > Programs > Cisco Systems > IPS Manager Express > 

    Cisco IME

 

NOTE: IDM functionality is embedded in the configuration pane within 

IME (for Cisco IPS 6.1 sensors and later only).  While IDM can still be 

installed as a standalone, all IDM functionality is available through

IME.

 

DOCUMENTATION


Cisco IME includes several Video tutorials on how to use the product.

You can click Video Help in the appropriate panes or launch it by 

choosing Help > Show Video Help. You can also click Help in the 

toolbar for onscreen help.

 

For more details regarding IME 7.0(2), refer to Installing and Using 

Cisco Intrusion Prevention System Manager Express 7.0 at this URL:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/ime/imeguide7.html



CAVEATS

The following known issues are present in Cisco IPS 7.0(2)E3.  You can
view release notes in Bug Toolkit at this URL:

http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl

Identifier       Headline
CSCsq38696	Unable to create Inline Vlan Pair using Startup Wizard
CSCsq40627	IME ver 6.1.1 the RSS feed fails to display
CSCsq50814	IME needs a refresh option for unsupported platforms
CSCsq66078	IME not purging user permissions when device is deleted
CSCsr02064	E-mail configuration missing from IME Help
CSCsr18447	IME: During session teardown with sensor, IME improperly sends TCP RST
CSCsr38568	Filters for Signatures not resetting
CSCsu78195	Importing event data results in table full
CSCsu90943	Change name Event Time to Local time for Event Details
CSCsu90970	E-mail for Events is sending times with local time offset added
CSCsx01428	EPS not being displayed for SSC-5
CSCsx01435	Top services not being created for SSC-5
CSCsx79397	IME allows combination of IPV4 and IPV6 address in deny attacker line
CSCsy72188	JavaSocketExceptions seen in console for all Help screens
CSCsz04668	IME fails in PooledExecutor: An error occured loading the configuration.
CSCtb56155	Ev Mon stop attacker inline is not populating ipv6 address
CSCtb88463	video Help needs updating for 10 device, and new features
CSCtb57689	Bar chart report has ip addresses formatted incorrectly
CSCtb58211	Save as not saving view description when making new view
CSCtb88455	IME Installation should check minimum memory requirements



==================================================================