Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1017
Views
0
Helpful
1
Replies

general IPS question

yong khang NG
Level 7
Level 7

‎09-27-2011 12:34 AM - edited ‎03-10-2019 05:29 AM

Hi forumers'

i am quite new to IPS.

few quesiton to ask

01. i install and configure the AIP-SSM-01 on my ASA unit, is it operating accordingly (attach 01 IPS)

02. the virtual sensor 0 event action i set show as attached (attach 02 VS), is it meaning to say when any anomoly activity that violate signature definition, and the signatature action enable with alert and log will generate the log that can view on sensor monitoring?

thanks

Noel

Labels:
Preview file
10 KB
Preview file
42 KB
0 Helpful
1 Reply 1

sramakr2
Level 2
Level 2

‎09-29-2011 05:51 AM

Hi Yong,

You can create many instances in device with different configurations

For Ex:

ad0, ad1, ad2

sig0,sig1,sig2

rules0,rules1,rules2

Here based on your requirement you can assign above policies to VS0.

Ie. traffic passigng through virtual sensor0(vs0) will monitor traffic based on the policy assignment

if you assign ad0,sig0,rules0 to Vs0 then VS0 monitor the traffic based the tunings you have done on sig0

To give one practical example:

Consider you have tuned one signature in sig0 which will block all incoming telnet session

So if you assign sig0 to VS0, then you cannot telnet to any of your intenal device

if you asign sig1 to VS0, You can telnet to any deice

Event action override wrks based on risk rating value. If the triggered signature has high value which comes under(High risk) then it will take action based on your configuration

Hope it help!

Thnaks,

Suresh.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card