Cisco CSM - Has anyone deployed it in their environment for IDS/IPS devices

Unanswered Question
Jun 25th, 2007

We are an MSP and are evaluating Cisco CSM to manage about 50 IDS/IPS devices. Each of these devices has their own customer signature policy.

Does anyone use it in their production environments? Do you find it useful?

Regarding policy management for devices that already have a signature policy, I know you can discover the policy, what we want to do is take the current discovered policy, modify it if we need to and then re-deploy it to the device. I'm finding that this is all read only once the policy is discovered.

Is there a way to modify the signature, for example, adding a logging parameter and then re-deploy?

Just curious if others had similar experiences with CSM.

Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dradhika Tue, 06/26/2007 - 11:29

Hi Haxworthy,

I see that there are no responses for your posting.

Did you try posting your question in Ask Your Expert:Cisco Security Manager Section. Amrit might be knowing about it for sure.

Thanks,

Radhika

mhellman Thu, 06/28/2007 - 14:03

I haven't used CSM...but what would be the point if you couldn't modify the various policies? What exactly would CSM be managing?

wiluszm Thu, 07/05/2007 - 12:03

haxworthy,

I currently use CSM to manager a variety of IPS devices (IOS IPS, 42xx Sensors, 65xx-series blades). The policies vary on some devices. CSM works wonderfully. CSM discoveries the various policies on the device on an individual basis. Policies can then be edited on a per-sensor basis or on a group level. Has worked wonderful in our environment. A nice upgrade from the old IPSMC. Let me know if you have any other questions.

-Mike

http://cs-mars.blogspot.com

Actions

This Discussion