Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
1
Replies

Default action by severity?

Go to solution
n.oneill
Level 1
Level 1

‎06-26-2003 03:06 AM - edited ‎03-09-2019 03:49 AM

Is it possible to define a default action by severity such as "log" all high severity signatures?

Is there any way of having e-mail notifications without purchasing Ciscoworks?

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ywadhavk
Cisco Employee
Cisco Employee

‎06-26-2003 07:41 AM

Hi Nicholas,

There is no default action as such for any signature besides the fact that all medium and high severity signatures will trigger an event to be logged into the event viewer.

If you are referring to the "IP Log" action, then this has to be manually setup for the signatures that you want it for.

IP Log is used for forensic purposes and it is very very chatty, it can easily overwhelm the event viewer if not tuned properly.

Using IDSMC, you could select all the High Severity signatures and in one stroke configure all these for any action you want. Don't have to go into each signature and do it.

Email notification is a feature that only comes with IDSMC/Security Monitor.

Thanks,

yatin

View solution in original post

0 Helpful
1 Reply 1

Go to solution
ywadhavk
Cisco Employee
Cisco Employee

‎06-26-2003 07:41 AM

Hi Nicholas,

There is no default action as such for any signature besides the fact that all medium and high severity signatures will trigger an event to be logged into the event viewer.

If you are referring to the "IP Log" action, then this has to be manually setup for the signatures that you want it for.

IP Log is used for forensic purposes and it is very very chatty, it can easily overwhelm the event viewer if not tuned properly.

Using IDSMC, you could select all the High Severity signatures and in one stroke configure all these for any action you want. Don't have to go into each signature and do it.

Email notification is a feature that only comes with IDSMC/Security Monitor.

Thanks,

yatin

0 Helpful
Customers Also Viewed These Support Documents