cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
492
Views
0
Helpful
3
Replies

getting all the signature id that ips has triggered in last 24 hrs

exploit_haxor
Level 1
Level 1

Hi All,

          Is there a way to know the list of all  the signatures that the ips has triggered for the last 24 hrs.......i need just the signature id that the ips has triggered for the last 24 hrs......is there a way to know that?....any suggestions would be helpful.


Thanks

3 Replies 3

praprama
Cisco Employee
Cisco Employee

Hi,

If you have the IME installed on one of your machines and your IPS module added to the IME, you hsould be able to do the below:

1) Go to Reports.

2) Select "Top Signatures Reports".

3) Under here select "Basic Top Signature".

4) Specify the duration for which you want the report and then press "Generate Report".

5) You can also save the generated report.

If you have multiple  IPS devices added to the IME, you can filter for the IPS module you wnat by going to the "Filter" tab and there under "Other Parameters", you should be able to specify the particular "Sensor Name(s)" that you owyuld like the report for.

Let me know if this helps!!

Thanks and Regards,

Prapanch

praprama
Cisco Employee
Cisco Employee

Hi,

Have you managed to try the above out? If there are no more queries, please mark this thrread as answered

Regards,

Prapanch

rhermes
Level 7
Level 7

If you are just sitting on the CLI you can run

show event alert past 23:59

I'm sure there's a way to filter it down to just the signature IDs you're looking for.

- Robert

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: