While I have experience with the 42xx sensor appliances I have not previously worked with the nm-cids modules. I have been told though that they are limited to use about 100 signatures. From their talk about memory and cpu restrictions it made sense. So my questions are:
2.) If true, then how is the selection made of which 100 signatures to use? Dealer's Choice? Cisco's Choice but modifiable?
3.) Links to any discussions of the differences between the appliances and modules both for management and signature choices.
4.) I saw the EOL message for the nm-cids not long ago. While that means it is still viable for a couple years has there been any discussion on what is going to replace the nm-cids - or if anything will?
Cost-wise it could become a problem to sell to our customers if we have to replace every nm-cids with a full-blown appliance. If the limitations I was told about the nm-cids are true I would hazard a guess that the (100 sig) limit was being problematic and a root cause of the decision to EOL them - The smallest appliance (4215 now?) is more costly but certainly more robust and managable I would imagine.
Anyways, I am looking for links, documents, past discussions, etc., to help guide my recommendations to the customer. Everyone's 2-cents is valuable! Thanks much!