Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1206
Views
0
Helpful
5
Replies

Internal Auditor asking for IPS Report

doug.dockter
Level 1
Level 1

‎09-25-2012 09:10 AM - edited ‎03-10-2019 05:47 AM

Our Internal Auditor is asking for a copy of the logs or a report from our IPS showing that it is indeed keeping bad guys out.  If you have had this same request, what info have you provided?

Labels:
0 Helpful
5 Replies 5

sawgupta
Level 1
Level 1

‎09-25-2012 10:06 PM

Hi,

You may provide the list of signatures that have fired.

From CLI issue, "show stats virtual-sensor | inc Sig", this will give you the list of all signatures that fired.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta
0 Helpful

jmadill-intellimec
Level 1
Level 1
In response to sawgupta

‎09-27-2012 06:25 AM

Hi,

I ran this command on a recently enabled AIP-SSM-10 module and it reports several signatures have fired.  However, when I run a report or check the event monitor in IME all I see are events for the NetBIOS 5575/0 signature and the ICMP signatures (2000.0 and 2004.0) that I enabled for testing purposes.  Any idea why the other signatures do not appear in my report?

show statistics virtual-sensor | inc Sig

      Name of current Signature-Defintion instance = sig0

      The Signature Database Statistics.

      SigEvent Preliminary Stage Statistics

         Number of Active SigEventDataNodes  = 26

         Per-Signature SigEvent count since reset

            Sig 2000.0 = 73

            Sig 2004.0 = 122

            Sig 3653.0 = 40468

            Sig 5575.0 = 669

            Sig 6131.6 = 788554

            Sig 6250.1 = 2504

            Sig 16297.0 = 29

            Sig 21619.1 = 5299

            Sig 23782.2 = 17

      SigEvent Action Override Stage Statistics

      SigEvent Action Filter Stage Statistics

      SigEvent Action Handling Stage Statistics.

Thanks,

Jeff

0 Helpful

Luis Silva Benavides
Cisco Employee
Cisco Employee
In response to jmadill-intellimec

‎09-27-2012 08:52 PM

Jeff,

The other signatures have "Produce Alert" as one of its actions?

Luis Silva

Luis Silva
0 Helpful

jmadill-intellimec
Level 1
Level 1
In response to Luis Silva Benavides

‎09-28-2012 05:34 AM

Luis,

Thanks for the reply.  You are correct they are not set to alert and that is why I am not seeing anything in the event monitor or reports.  Thanks again for the response!

Jeff

0 Helpful

Luis Silva Benavides
Cisco Employee
Cisco Employee
In response to jmadill-intellimec

‎09-30-2012 09:20 AM

You are welcome!

Luis Silva

Luis Silva
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card