cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
331
Views
5
Helpful
3
Replies

Reporting and Alert Querying

rolandshum
Level 1
Level 1

I'm just getting started with my IDS/IPS SSM-20 module. I'm looking for some reporting and querying capabilities for it. Is there a function or ability within the IDM 5.1 application or even if I upgrade. Is possible to look for all alerts for a particular IP address or a specified signature? Can I generate a report on how many attacks were mitigated?

Any help would be appreciated.

3 Replies 3

ovt
Level 4
Level 4

Both IDM and "show events alert" have very basic querying capabilities. The only thing you can do is to mark some signature with "traits" code and show alerts fired by this signature with:

sensor# sh events alert include-traits ?

<0-15> Traits to include in the show events output.

Try IDS Event Viewer. IEV is a free tool that can be downloaded from the Cisco website. But is very limited too. The primary Cisco product for viewing/reporting is the Cisco MARS. But it is expensive...

I was afraid of that. Even though I'm looking into MARS I hate to have my decision tied to improving the functionality of a product I already have.

bwilmoth
Level 5
Level 5
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: