Cisco Systems, Inc.
                  Cisco Intrusion Prevention System
                Cisco IPS Manager Express (IME) 7.0(3)
                           May 6, 2010

 

Copyright (C) 2010 Cisco Systems, Inc. All rights reserved. Printed in
the USA. Cisco, Cisco Systems, and the Cisco Systems logo are 
registered trademarks of Cisco Systems, Inc. in the U.S. and certain 
other countries. All other trademarks mentioned in this document are 
the property of their registered owners.

======================================================================

                         Table Of Contents

======================================================================

REVISION HISTORY
 

CISCO IPS MANAGER EXPRESS 7.0(3)

  - FEATURES

  - IMPORTANT INSTALLATION NOTE

  - FILE LIST

  - SYSTEM REQUIREMENTS

  - INSTALLATION
  
  - UPGRADING FROM IME 7.0(2) TO IME 7.0(3)

  - UPGRADING FROM IME 7.0(1) TO IME 7.0(3)

  - UPGRADING FROM IME 6.2 TO IME 7.0(3)
    
  - UPGRADING FROM IME 6.1 TO IME 7.0(3)

  - MIGRATING FROM IEV 5.X TO IME 7.0(3)

  - UNINSTALL

  - STARTING IME

  - DOCUMENTATION

  - CAVEATS 

======================================================================

REVISION HISTORY


05/06/2010: Initial Version

======================================================================

CISCO IPS MANAGER EXPRESS 7.0(3)

 
FEATURES
 
The Cisco IPS Manager Express is a powerful all-in-one IPS management 
application. With one application, you can provision, monitor, 
troubleshoot, and generate reports for as many as ten IDS, IPS, or 
IOS IPS devices.

NOTE: While IME can be used to monitor sensor devices running Cisco 
IPS 5.0 and later, some of the new features and functionality delivered
in IME are only supported on sensors running Cisco IPS 6.1 or later.

IME 7.0(3) introduces the following new features:
   - Password configuration for IME during first time launch. Users 
     must enter this password when starting IME.
   - Password recovery is performed by stopping the IME client, 
     deleting the hosts.cfg file and restarting IME. Hosts.cfg is 
     found under the system documents directory. For example, on 
     Windows XP, that would be: 
     C:/Documents and Settings/All Users/Application Data/Cisco Systems/
     IME/iev/hosts.cfg.
   - MySQL database upgrade to 5.1. No alarm tables or data will be 
     modified during the upgrade, but a user account with encrypted 
     password will be added and the root and anonymous accounts will 
     be deleted.
   - Users are advised, but not required, to set up 2 accounts for each 
     monitored sensor. The configuration account should have admin 
     privileges. The event monitor account need only have viewer 
     privileges.
   - Add IPS Engine update E4 support.
   
The base functionality provided by IME has not changed since IME 7.0(2).

NOTE: IME replaces IPS Event Viewer (IEV).
 

IMPORTANT INSTALLATION NOTE

You cannot install IME on systems with existing CSM or IEV 
installations. You must uninstall these applications before installing the IME 
application file. For more details, refer to Installing and Using 
Cisco Intrusion Prevention System Manager Express 7.0.

 
FILE LIST

The following files are included as part of this release:

Readme

 - IME-7.0.3.readme.txt 

Cisco IME

 - IME-7.0.3.exe 

 
SYSTEM REQUIREMENTS

Minimum Hardware Requirements         

 - CPU: Pentium, AMD Athlon or equivalent running at 2 GHz (minimum) 

 - Memory: 2 GB      
 
Supported OS         

 - Windows Vista Business and Ultimate, Windows XP Professional, 

   Windows Server 2003 R2 

   Note: Both the English and Japanese versions of Windows are supported.

 - 32-bit (64-bit not supported)

   NOTE: IPS Manager Express does not support Windows OS virtualization. 

Hard-disk capacity             

 - 100GB       

Minimum Screen Size            

 - 1024x768    
 

INSTALLATION

WARNING: Do not install IME on top of existing installations of CSM or
IEV. You must uninstall these applications before installing IME. If
you are migrating from IEV 5.x and want to import your existing database
into IME, refer to the MIGRATING FROM IEV 5.X TO IME 7.0(3) section 
below.


WARNING: Disable any anti-virus or host-based intrusion detection 
software before beginning the installation, and close any open 
applications. The installer spawns a command shell application that 
may trigger your host-based detection software causing the install to 
fail. The installation and run account must have Administrator 
privileges.


NOTE: IME 7.0(3) supports Cisco IPS 5.0 and later sensors. It does not 
support Cisco IPS 4.x or 3.x sensors. The new functionality included 
in IME, including the health monitoring console, dashboards, and 
integrated configuration, are only supported on sensors running IPS 
version 6.1 or later.


NOTE: IME event monitoring is also supported in IOS-IPS versions that
support the  Cisco IPS 5.x/6.x signature format. We recommend IOS-IPS
12.4(15)T4 if you intend to use IME to monitor an IOS IPS device.  


To install Cisco IME 7.0(3), follow these steps: 

1. Download the executable file from the following location on 
   Cisco.com: 

   http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ime 

2. Locate and double-click the executable file to launch the setup 
   program and follow the Installation wizard.


NOTE: IME ships with a demo version of the product, which lets you
use the IME features without requiring actual sensors. The IME Demo
feature simulates real-time events and includes sample configuration 
files. 

The installer creates two desktop shortcuts called Cisco IME and 
Cisco IME – Demo. You can click Cisco IME to start the actual IME 
application or Cisco IME – Demo to start the demo version of the 
product.


UPGRADING FROM IME 7.0(2) TO IME 7.0(3)

If you have IME 7.0(2) already installed on your system, you can 
install IME 7.0(3) over it by running the same installation 
instructions noted previously. You should close any open instances of 
IME 7.0(2) prior to installing IME 7.0(3), but there is no need to 
uninstall IME 7.0(2) before installing IME 7.0(3). All alarm database 
and user settings will be preserved.


UPGRADING FROM IME 7.0(1) TO IME 7.0(3)

If you have IME 7.0(1) already installed on your system, you can 
install IME 7.0(3) over it by running the same installation 
instructions noted previously. You should close any open instances of 
IME 7.0(1) prior to installing IME 7.0(3), but there is no need to 
uninstall IME 7.0(1) before installing IME 7.0(3). All alarm database 
and user settings will be preserved.


UPGRADING FROM IME 6.2 TO IME 7.0(3)

If you have IME 6.2 already installed on your system, you can install
IME 7.0(3) over it by running the same installation instructions noted 
previously. You should close any open instances of IME 6.2 prior to
installing IME 7.0(3), but there is no need to uninstall IME 6.2 
before installing IME 7.0(3). All alarm database and user settings 
will be preserved.


UPGRADING FROM IME 6.1 TO IME 7.0(3)

If you have IME 6.1 already installed on your system, you can install
IME 7.0(3) over it by running the same installation instructions noted 
previously.  You should close any open instances of IME 6.1 prior to
installing IME 7.0(3), but there is no need to uninstall IME 6.1 
before installing IME 7.0(3). All alarm database and user settings 
will be preserved.


MIGRATING FROM IEV 5.X TO IME 7.0(3) 

NOTE: You must uninstall IEV 5.x before installing IME 7.0(3).  Refer 
to the INSTALLATION section for details. 

In order to migrate the event data stored in IEV 5.x to IME 7.0(3), 
you must manually export the data file from IEV 5.x and import it into 
IME.

To export event data from IEV 5.x to a local file: 

1. From IEV 5.x, choose File > Database Administration > Export 
   Database Tables.

2. Enter the file name and select the table(s). 

3. Click OK. 

The events in the selected table(s) will be exported to the specified
local file.

 
To import the event data into IME: 

1. From IME, choose File > Import.

2. Select the file exported from IEV 5.x and click Open.

The content of the selected file will be imported into IME.


UNINSTALL  

Choose Start > Control Panel > Add or Remove Programs > Cisco IPS 
Manager Express > Remove.

   
STARTING IME 

To start IPS Manager Express: 

 -- Double-click the Cisco IME shortcut on your desktop, or 

 -- Choose Start > Programs > Cisco Systems > IPS Manager Express > 
    Cisco IME 

NOTE: IDM functionality is embedded in the configuration pane within 
IME (for Cisco IPS 6.1 sensors and later only). While IDM can still be 
installed as a standalone, all IDM functionality is available through
IME. 

DOCUMENTATION

Cisco IME includes several Video tutorials on how to use the product.
You can click Video Help in the appropriate panes or launch it by 
choosing Help > Show Video Help. You can also click Help in the 
toolbar for onscreen help. 

For more details regarding IME 7.0(3), refer to Installing and Using 
Cisco Intrusion Prevention System Manager Express 7.0 at this URL:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/
ime/imeguide7.html


CAVEATS

The following known issues are present in Cisco IME 7.0(3).  You can
view release notes in Bug Toolkit at this URL:

http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl

Identifier   Headline 
CSCtg50439 - Events not retrieved when source address is the victim
CSCtg63072 - Deleted IME customer reports show back after exit/restart 
             IME client 
CSCso13143 - Events for pull down menu should take care of more than 
             10 attackers
CSCtg53580 - Misspell Exporting as Expoting on Export Alarm Data 
CSCtb88463 - Video Help needs updating for 10 device, and new features
CSCtg50407 - Unexpected java exception when generate IME Reports
CSCtg14777 - IME Installation wizard should warn user if IME client 
             is running 

======================================================================