Re: IDS CISCO alarm

• Previous message: ADT: "Re: CISCOs new IPS"
• In reply to: Julio Crespo: "IDS CISCO alarm"
• Next in thread: Arndt.WA_at_forces.gc.ca: "RE: IDS CISCO alarm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 7 Jan 2005 08:15:44 +0100
To: Julio Crespo <jcrespo@sigfe.cl>

I'm not sure if I'm answering your question but here it goes : yes it
is possible to configure Cisco IDS (talking abour IDS v 4.1.4), to
filter out some events -> not create alarm events (its called Event
filter).

Filtering out alarms is done by configuring signature IDs, IP of
source or/and destination.

On Wed, 5 Jan 2005 18:41:29 -0300, Julio Crespo <jcrespo@sigfe.cl> wrote:
> Hi, someone knows if is configurable for send alarms the IDS CISCO ?
>
> I have looked for by all the site of Cisco without obtaining no
> reference
>
> As it is possible that a IDS does not have form to alarm? it is
> necessary
>
> to be patch to log that it gives product IDS Event Viewer?
>
> Thanks a lot.
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------------------
>
>

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

• Previous message: ADT: "Re: CISCOs new IPS"
• In reply to: Julio Crespo: "IDS CISCO alarm"
• Next in thread: Arndt.WA_at_forces.gc.ca: "RE: IDS CISCO alarm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Recommending an IDS system ... re: Cisco IDS, I have a few things to say about Cisco's product: junk. ... into ONE inky-dinky "black box" that was maintained by a "security ... Like I said before, ISS ... (Security-Basics) RE: Recommending an IDS system ... That feature is not an "Auto-Update" in Cisco. ... As for writing your own signatures, ... Subject: Recommending an IDS system ... (Security-Basics) Re: Recommending an IDS system ... I'm running a smaller setup than your old employer attempted to run. ... re: Cisco IDS, I have a few things to say about Cisco's product: junk. ... but the management of the signatures and ... (Security-Basics) RE: CISCOs new IPS ... There is no way we would consider using their IPS units....their IDS have enough problems. ... Christoph, ... I can tell you from real world experience that Cisco has not been the best ... (Focus-IDS) RE: CISCOs new IPS ... The Cisco IDS runs on Red Hat Linux 7.3 as the underlying OS (we have the ... Cisco 4250 sensors). ... Cisco router with an IPS and firewall card. ... (Focus-IDS)