The Security Device Event Exchange (SDEE) protocol was developed to communicate the events generated by security devices.
The SDEE client establishes a session with the server by successfully authenticating with that server. Once authenticated, a session ID or session cookie is given to the client, which is included with all future requests.
SDEE supports two methods for retrieving events:
a. An event query.
b. Event subscription.
Both methods use SSL to query the SDEE server and retrieve the events.
IPS produces different types of events including intrusion alerts and status events. IPS communicates events to clients such as management applications using SDEE.
Systems that use SDEE to communicate events to clients are referred to as SDEE providers. SDEE specifies that events can be transported using the HTTP or HTTP over SSL and TLS protocols. When HTTP or HTTPS is used, SDEE providers act as HTTP servers, while SDEE clients are the initiators of HTTP requests.
IPS includes Web Server, which processes HTTP or HTTPS requests. Web Server uses run-time loadable servlets to process the different types of HTTP requests. Each servlet handles HTTP requests that are directed to the URL associated with the servlet. The SDEE server is implemented as a web server servlet.
The SDEE server only processes authorized requests. A request is authorized if it originates from a web server to authenticate the identity of the client and determine the privilege level of the client.
IME uses SDEE to retrieve events from the event store of IPS. Any 3rd party SDEE server can also connect to the IPS and pull events from it.
General Open Subscriptions = 1 <--- Blocked Subscriptions = 0 Maximum Available Subscriptions = 5 <--- Maximum Events Per Retrieval = 500 Subscriptions sub-1-97ae4503 State = Read Pending Last Read Time = 17:07:54 UTC Mon Aug 09 2010 Last Read Time (nanoseconds) = 1281373674222327000 sub-2-a1b6691b State = Open Last Read Time = 17:07:27 UTC Mon Aug 09 2010 Last Read Time (nanoseconds) = 1281373647796374000 sub-3-30a920a4 State = Open Last Read Time = 16:15:57 UTC Mon Aug 09 2010 Last Read Time (nanoseconds) = 1281370557298374000 sub-4-85194f8f State = Open Last Read Time = 15:57:51 UTC Sun Aug 01 2010 Last Read Time (nanoseconds) = 1280678271287811000
IPS# show stat web-server listener-443 session-7 remote host = 18.104.22.168 <---- ( Device connecting to IPS) session is persistent = yes number of requests serviced on current connection = 317 last status code = 200 last request method = GET last request URI = cgi-bin/sdee-server <----- ( Device using SDEE ) last protocol version = HTTP/1.1 session state = processingActionsState session-0 remote host = 22.214.171.124 session is persistent = no number of requests serviced on current connection = 1 last status code = 200 last request method = GET last request URI = cgi-bin/sdee-server last protocol version = HTTP/1.1 session state = processingGetServlet number of server session requests handled = 95731 number of server session requests rejected = 0 total HTTP requests handled = 142699 maximum number of session objects allowed = 40 number of idle allocated session objects = 8 number of busy allocated session objects = 2 summarized log messages number of TCP socket failure messages logged = 0 number of TLS socket failure messages logged = 0 number of TLS protocol failure messages logged = 0 number of TLS connection failure messages logged = 6 number of TLS crypto warning messages logged = 0 number of TLS expired certificate warning messages logged = 0 number of receipt of TLS fatal alert message messages logged = 2 crypto library version = 126.96.36.199
Hello team I have configured guest access on ise which is working fine.But rigth now when requestion access, guest can put 4 numeric value in phone number fields. How to force use filling the account creation form with a minimum of 8 numer...
Hi all,We have some Cisco ws-3850-24xs switches. As per one of the VA findings , the switches are using SSL certificates that are signed by a weak hashing algorithm. We are unable to get external CA to issue certificates. Please be kind enough to let me k...
I have a cisco firepower 1010. I have used cisco asa's before and can forward ports on them but firepowers fdm are a little different and I can't seem to figure out how to forward ports on it. Can somebody give me a step by step to forward por...
Dear Support,i'm new to configure firepower module. i'm using cisco ASA 5525-X with Firepower module installed.i have a L3 switch with vlans configure. ASA Inside interface is connected to the L3 switch. the Firepower module is also connected to the L3 sw...