Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
408
Views
0
Helpful
2
Replies

What do you use to monitoring the IDs and Alerts?

p.mckay
Level 1
Level 1

‎04-12-2005 01:03 PM - edited ‎03-10-2019 01:23 AM

I have installed a 4250 and built out some custom signatures got the email working from VMS 2.2 for some of high priority alerts. This all great but I was wondering what other people use to monitor the alerts and how they get notifications. I see what I have as being very limited in scope and there are a number of parts in VMS that just do not work.

Do you use other console products? I have seen a couple of applications advertised that say they aggregate alerts from the pix, ids and mcaffee. Just wondering if or what others use. I only have one ids but I do have other items pix, mcaffee.

Labels:
0 Helpful
2 Replies 2

milan.kulik
Level 10
Level 10

‎04-12-2005 10:16 PM

Good question!

I've got also only one IDS, too. I don't want to spent any additional money on monitoring sw, my opinion is it should be included the IDS price.

So I tried VMS Basic (VMS 2.2 actually), but it simply didn't work - it was not able to download the IDS config from my running device (there was some bug concerning fiters using system variables).

Finally, after updating it to latest version, it destroyed my syslog server (I was running VMS on the same machine as my LMS).

I was told on Networkers that it would be possible to run VMS and LMS on the same machine in the next version, but I haven't tested yet.

So the only working monitor console is the Event Viewer, which is not comfortable at all.

Regarding CTR (Cisco Threat Response) it was advertised End-of-life, but again, I was said it should continue.

So nobody knows...

But generally, I'm strongly disapointed with this Cisco alert monitoring capabilities...

Regards,

Milan

0 Helpful

a.arndt
Level 3
Level 3
In response to milan.kulik

‎04-13-2005 06:40 AM

I wish I could but I can't offer up anything that won't come at a cost.

The original poster in this thread alluded to solutions capable of looking at disperate data in one console. That’s a Security Information Management System (SIMS), pure and simple. Cisco sells one, as do many other vendors. The unfortunate thing is that there is no inexpensive SIMS solution out there that offers multi-product monitoring. They all come at a significant price point.

Since you both have a single sensor, I agree that VMS Basic is more than you need. The hiccups with it far outweigh the benefits. IEV might be "uncomfortable" to use but it works. In my experience (in a single-sensor monitoring environment), using IEV for monitoring and IDM for configuration management is the easiest, if not the most eloquent, solution.

If you want fancy visualization or reporting, you're going to have to be willing to plunk down some cash to buy it. With a single IDS sensor, it's just not economically viable IMHO.

I hope this helps,

Alex Arndt

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card