IDS mailing list archives

RE: IDS CISCO alarm

From: "Phil Hollows" <phollows () open com>
Date: Tue, 11 Jan 2005 09:53:07 -0500

RDEP is the protocol used in 4.x sensors.  There's a PERL library on
CPAN that OpenService (another SIM vendor www.open.com ) has released
that allows you to analyze RDEP data.

Thanks,

Phil



-----Original Message-----
From: Gary Halleen (ghalleen) [mailto:ghalleen () cisco com] 
Sent: Thursday, January 06, 2005 9:06 PM
To: 'Julio Crespo'; focus-ids () securityfocus com
Subject: RE: IDS CISCO alarm

Julio,

With IDS 4.1 code, the Cisco IDS only communicates directly with the
monitoring console (either Cisco's IDS Event Viewer, or Security
Monitor, or
to any of a variety of third-party vendor products, like Arcsight,
Protego,
netForensics, etc).  The monitoring consoles have the ability of either
forwarding events or executing a script based on the events.

With IPS 5.0 code (currently in beta), the sensor can send SNMP traps in
addition to the above.

Gary
 

-----Original Message-----
From: Julio Crespo [mailto:jcrespo () sigfe cl] 
Sent: Wednesday, January 05, 2005 1:41 PM
To: focus-ids () securityfocus com
Subject: IDS CISCO alarm

Hi, someone knows if is configurable for send alarms the IDS CISCO ?

I have looked for by all the site of Cisco without obtaining no
reference

 

As it is possible that a IDS does not have form to alarm? it is
necessary 

to be patch to log that it gives product IDS Event Viewer?

 

Thanks a lot.

------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
--

------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

Current thread:

IDS CISCO alarm Julio Crespo (Jan 06)
- Re: IDS CISCO alarm Krystian Antoni (Jan 08)
- RE: IDS CISCO alarm Gary Halleen (ghalleen) (Jan 10)
- <Possible follow-ups>
- RE: IDS CISCO alarm Arndt . WA (Jan 08)
- RE: IDS CISCO alarm Phil Hollows (Jan 12)