RE: IDS CISCO alarm

• Previous message: avi chesla: "Re: newbie quetsions"
• Maybe in reply to: Julio Crespo: "IDS CISCO alarm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 11 Jan 2005 09:53:07 -0500
To: <ghalleen@cisco.com>, "Julio Crespo" <jcrespo@sigfe.cl>, <focus-ids@securityfocus.com>

RDEP is the protocol used in 4.x sensors. There's a PERL library on
CPAN that OpenService (another SIM vendor www.open.com ) has released
that allows you to analyze RDEP data.

Thanks,

Phil

-----Original Message-----
From: Gary Halleen (ghalleen) [mailto:ghalleen@cisco.com]
Sent: Thursday, January 06, 2005 9:06 PM
To: 'Julio Crespo'; focus-ids@securityfocus.com
Subject: RE: IDS CISCO alarm

Julio,

With IDS 4.1 code, the Cisco IDS only communicates directly with the
monitoring console (either Cisco's IDS Event Viewer, or Security
Monitor, or
to any of a variety of third-party vendor products, like Arcsight,
Protego,
netForensics, etc). The monitoring consoles have the ability of either
forwarding events or executing a script based on the events.

With IPS 5.0 code (currently in beta), the sensor can send SNMP traps in
addition to the above.

Gary
 

-----Original Message-----
From: Julio Crespo [mailto:jcrespo@sigfe.cl]
Sent: Wednesday, January 05, 2005 1:41 PM
To: focus-ids@securityfocus.com
Subject: IDS CISCO alarm

Hi, someone knows if is configurable for send alarms the IDS CISCO ?

I have looked for by all the site of Cisco without obtaining no
reference

As it is possible that a IDS does not have form to alarm? it is
necessary

to be patch to log that it gives product IDS Event Viewer?

Thanks a lot.

------------------------------------------------------------------------

--
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
--
------------------------------------------------------------------------
--
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
--
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

• Previous message: avi chesla: "Re: newbie quetsions"
• Maybe in reply to: Julio Crespo: "IDS CISCO alarm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]