IDS mailing list archives
RE: Reports from Cisco IDS
From: Seamus Hartmann <shartmann () fujifilmesys com>
Date: Thu, 5 Dec 2002 08:52:11 -0500
Hello, I'm guessing you've got a Cat 6000 with the IDS blade? If so, this documentation should help... If not, it's useless! http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/idsm/idsm_1/1089 0_02.htm "After the IDSM detects an attack, it responds by generating an alarm. Alarms are generated by the IDSM through the Catalyst 6000 family switch backplane to the Cisco Secure Director or PM, where they are logged or displayed on a graphical user interface. Alarm communication is handled by the Cisco Secure IDS Communication service protocol, a proprietary protocol that transmits alarms from the IDSM to the Cisco Secure Director or PM. Refer to the Cisco Secure Director or PM documentation at the following websites for more information about how to manage the IDSM" Secure Director Documentation: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids5/index.htm Or Policy Manager Documentation http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy Basically, the blade only reports to the Secure Policy manager, the Secure director (old software, runs on Unix platforms) or the new CiscoWorks 2000 Management Center for IDS sensors. The IDS Management Center is a new CiscoWorks 2000 product. The IDS management center documents are here... http://www.cisco.com/en/US/products/sw/cscowork/ps3990/products_user_guide_b ook09186a0080104eff.html You can usually get a 90 day evaluation of CiscoWorks from your Cisco rep. Ask specifically for the Management center to be included, and they'll send it along. Hope this helps. Seamus Hartmann Senior Network Engineer Fuji Film, eSystems shartmann () fujifilmesys com -----Original Message----- From: ids-lists () hushmail com [mailto:ids-lists () hushmail com] Sent: Wednesday, December 04, 2002 7:01 AM To: focus-ids () securityfocus com Subject: Reports from Cisco IDS -----BEGIN PGP SIGNED MESSAGE----- Hi, I have a Cisco IDS (switch module) with the HPOV plug-in. I would like to know how can I get reports from it. Any kind of report, like by source IP, top signatures...is this possible? If not, how can I get reports from Cisco IDS? Thank you, Peter sr. security analyst -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wl4EARECAB4FAj3t/ToXHGlkcy1saXN0c0BodXNobWFpbC5jb20ACgkQihHDGzW258Pn dwCfTltZ9UbFk785y3FuYI8DIBeHeu4An0f6Au0R5/GM6g1VsZ7EjDfUTEsx =r1LM -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- Reports from Cisco IDS ids-lists (Dec 04)
- <Possible follow-ups>
- RE: Reports from Cisco IDS Dante Mercurio (Dec 05)
- RE: Reports from Cisco IDS Seamus Hartmann (Dec 05)
- Reports from Cisco IDS Pete S. (Dec 08)
- RE: Reports from Cisco IDS Mark L. Evans (Dec 08)
- RE: Reports from Cisco IDS Alan Shimel (Dec 09)