05-31-2010 09:43 PM - edited 03-10-2019 05:00 AM
06-01-2010 03:38 AM
Cisco's IPS sensors allow event retrieval via the Security Device Event Exchange (SDEE) protocol. There are many products that support this protocol. Cisco provides a free solution called IPS Manager Express (IME). It will retrieve signature events from Cisco IPS sensors and store them in a local MySQL database. You can find out more about IME, and download it here:
Another solution, for multiple security device log collection and incident correlation, is CS-MARS. You can find out more about CS-MARS here:
Scott
06-01-2010 11:54 PM
Scott,
Is there any product/tool avialable that our customer can use to pull IPS alarms/event logs via SDEE and save it on a syslog server (kiwi for example) ?
Thanks
Munaf
06-02-2010 03:28 AM
Munaf;
I am not aware of such a product. I have heard of customers using perl scripts, and other custom solutions, to accomplish similar IPS event manipulation.
Scott
06-02-2010 05:06 AM
I did some research, Security Information & Event Management (SIEM) solution provides log management capabilities for Cisco IPS and CS-MARS. Sansage SIEM supports SDEE protocol and it can pull data from Cisco IPS and CS-MARS.
http://www.sensage.com/solutions/siem.php?expandable=1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide