My company wants to deploy a Intrusion Detection System. We've already got a Management Platform (CiscoWorks), and I'd like to know if Cisco Security Policy Manager (CSPM) (the IDS Management Console) allows to "send" alerts toward CiscoWorks (central management console).
Which version (of CiscoWorks) I need?
How can the alerts be aggregated?
thanks alot ;-)
If you are planning to buy CSPM, you can buy the VMS instead which has the CSPM inbuilt, for more information take a look at the below URL
You want to purchase the Cisco Works VPN and Security Management Solution (CW VMS) v2.1:
This is a collection of security management tools sold under a single product name and price.
The CW VMS collection of tools contain 2 new tools for managing Cisco's network IDS sensors:
Management Center for IDS (IDS MC) - which is used to configure the sensors
Monitoring Center for Security (SecMon) - which is used for viewing IDS alarms
Both IDS MC and SecMon are web based and were created to fit directly into the Cisco Works 2000 framework.
NOTE: CSPM 2.3.1i is also included in CW VMS for managing IDS sensors, but the new IDS MC and SecMon were created to replace CSPM 2.3.1i. CSPM2.3.1i is still shippping to support users who have not yet made the switch from CSPM to IDS MC and SecMon.
SecMon would be the main tool used for viewing the IDS alarms.
SecMon can be used for generating email alerts for specific IDS alarms, or executing user defined scrypts.
I am not sure if SecMon can forward the IDS alarms to other Cisco Works tools (I am not sure what the central management console is that you mention). You would need to read through the SecMon documentation to see what integration exists between SecMon and the other Cisco Works management tools.
SecMon also has some functionality for aggregating alarms from the IDS sensors, but you would need to read the SecMon documentation to see to what extent the aggregation is done.