https://community.cisco.com/t5/network-security/reporting-and-alert-querying/m-p/872986#M84881 <HTML><HEAD></HEAD><BODY><P>I was afraid of that. Even though I'm looking into MARS I hate to have my decision tied to improving the functionality of a product I already have.</P></BODY></HTML> Thu, 24 Jan 2008 15:56:41 GMT rolandshum 2008-01-24T15:56:41Z https://community.cisco.com/t5/network-security/reporting-and-alert-querying/m-p/872984#M84879 <P>I'm just getting started with my IDS/IPS SSM-20 module. I'm looking for some reporting and querying capabilities for it. Is there a function or ability within the IDM 5.1 application or even if I upgrade. Is possible to look for all alerts for a particular IP address or a specified signature? Can I generate a report on how many attacks were mitigated?</P><P></P><P>Any help would be appreciated.</P> Sun, 10 Mar 2019 10:56:53 GMT https://community.cisco.com/t5/network-security/reporting-and-alert-querying/m-p/872984#M84879 rolandshum 2019-03-10T10:56:53Z https://community.cisco.com/t5/network-security/reporting-and-alert-querying/m-p/872985#M84880 <HTML><HEAD></HEAD><BODY><P>Both IDM and "show events alert" have very basic querying capabilities. The only thing you can do is to mark some signature with "traits" code and show alerts fired by this signature with:</P><P></P><P>sensor# sh events alert include-traits ?</P><P>&lt;0-15&gt; Traits to include in the show events output.</P><P></P><P>Try IDS Event Viewer. IEV is a free tool that can be downloaded from the Cisco website. But is very limited too. The primary Cisco product for viewing/reporting is the Cisco MARS. But it is expensive...</P><P></P></BODY></HTML> Thu, 24 Jan 2008 14:00:06 GMT https://community.cisco.com/t5/network-security/reporting-and-alert-querying/m-p/872985#M84880 ovt 2008-01-24T14:00:06Z https://community.cisco.com/t5/network-security/reporting-and-alert-querying/m-p/872986#M84881 <HTML><HEAD></HEAD><BODY><P>I was afraid of that. Even though I'm looking into MARS I hate to have my decision tied to improving the functionality of a product I already have.</P></BODY></HTML> Thu, 24 Jan 2008 15:56:41 GMT https://community.cisco.com/t5/network-security/reporting-and-alert-querying/m-p/872986#M84881 rolandshum 2008-01-24T15:56:41Z https://community.cisco.com/t5/network-security/reporting-and-alert-querying/m-p/872987#M84882 <HTML><HEAD></HEAD><BODY><P>You can refer this guide for more information on IDS</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_tech_note09186a008053183f.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_tech_note09186a008053183f.shtml</A></P></BODY></HTML> Thu, 24 Jan 2008 19:20:04 GMT https://community.cisco.com/t5/network-security/reporting-and-alert-querying/m-p/872987#M84882 bwilmoth 2008-01-24T19:20:04Z