Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We have problems in VMS 2.3 (IDSMC/SecMon 2.1) to run the 24 Hour Metrics Report. It seems to run, but returns following error on opening the report : Error loading report: null.
I'm experiencing troubles in adjusting parameters for this 'Long Http Request' signature (5322). We have a lot of legitimate http traffic with rather long http requests (> 1000 char). So I tried modifying all parameters that have something to do with...
Hi,We need to enable the 'capture packet' parameter on all attack signatures on an idsm-2 V4.1.4 and sensor 4210 V4.1.4. We use CiscoWorks VMS for configuring all sensors, but there seems to be no way to enable this parameter for a selection of signa...
We receive many alerts concerning signatures 3153 and 3154. These are all related to legitimate ftp traffic. I've studied the IP loggings, but I can't find the reason why it's triggering. One typical situation is of an FTP script that is accessing a ...
Hi,After updating the signatures to S96, all signatures had been activated on all sensors/blades. However in the CW VMS from where we lanched the update, all signature configurations were still OK. So somehow something went wrong locally on applying ...
We opened a ticket to have some explanation ; this is what we received :'It looks that these events are summarized events - so its normal that we see that target address is 0.0.0.0. It means that these alarms are not generated for one event but for m...
I've installed this sig update on a 4240 sensor and it went out of disk space causing the update process to hang and causing eventually the whole sensor application to crash during a reboot. This is the second time I'm experiencing this issue ; it di...
I'm in the same setup of using IPS V5 on the sensors managed by CiscoWorks VMS with IPS MC 2.1. I can confirm same kind of troubles with the interaction between both softwares. Here is what I have experienced sofar :- there is a difference in syntax ...
Upgrade done ! The two last cleanups did the trick ! I had read one of your first answers for cleaning up /usr/cids/idsRoot/var/updates/files/S69 and /usr/cids/idsRoot/var/updates/files/common, but this did not free up enough space. But by also clean...
This is the error when trying to install the 4.1.(5) upgrade to a 4240 sensor :Applying update IDS-K9-sp-4.1-5-S189. Shutting down all CIDS processes. All connections will be terminated. The system will be rebooted upon completion of the update.Err...
