https://community.cisco.com/t5/network-security/security-monitor-2-1/m-p/435610#M95454 <P>Folks,</P><P> I have a couple of questions regarding IDS MC 2.1.</P><P></P><P>1) Will it generate reports giving information about lets say critical alarms or lets say informational alarms?</P><P></P><P>2) How often does it access the database. I mean lets say the attck was happening, how soon would the security monitor be able to send an e-mail about that??</P> Sun, 10 Mar 2019 09:36:44 GMT NAVIN PARWAL 2019-03-10T09:36:44Z https://community.cisco.com/t5/network-security/security-monitor-2-1/m-p/435610#M95454 <P>Folks,</P><P> I have a couple of questions regarding IDS MC 2.1.</P><P></P><P>1) Will it generate reports giving information about lets say critical alarms or lets say informational alarms?</P><P></P><P>2) How often does it access the database. I mean lets say the attck was happening, how soon would the security monitor be able to send an e-mail about that??</P> Sun, 10 Mar 2019 09:36:44 GMT https://community.cisco.com/t5/network-security/security-monitor-2-1/m-p/435610#M95454 NAVIN PARWAL 2019-03-10T09:36:44Z https://community.cisco.com/t5/network-security/security-monitor-2-1/m-p/435611#M95463 <HTML><HEAD></HEAD><BODY><P>Use SecMon with MC2.1. </P><P></P><P>It will report severity as described in question #1.</P><P></P><P>As far as #2, secmon in MC2.1 will "subscribe" to a sensor and the events are "more or less" real time. This means that once a subscrition is established the IPS appliance will send the event as it is generated. However keep in mind that if the IPS box is busy, attack interrupts take precendnce over event reporting. Bottom line is that events should be in secmon within 10-20 second of when they fired.</P></BODY></HTML> Mon, 29 Aug 2005 18:34:00 GMT https://community.cisco.com/t5/network-security/security-monitor-2-1/m-p/435611#M95463 gabelar 2005-08-29T18:34:00Z