cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
644
Views
4
Helpful
6
Replies

updating IPS sig using Cisco Works LMS 2.5

w.haslam
Level 1
Level 1

I'm a new and novice user of Cisoworks

I have been navigating through the package for two days now and have discoved how powerful the tools are

Can some direct me to the area to udpate a Sig of an IPS I believe that it may be in the Software Mangement section of RME

6 Replies 6

didyap
Level 6
Level 6

To update the signatures of IPS using Ciscoworks you need to have the VMS package and this can not be done with LMS or RME.

You'll need to install Cisco Security Manager if you want to manage many IPS devices from a single console. Just as an FYI, this product also manages firewalls and such.

If you only have a few devices, the GUI will do just fine. Reply if you are unfamiliar with how to accomplish this.

Hello Chickman,

Greetings !

I have 3 Cisco IDS Sensors which i want to manage centrally .How will i accomplish that ?Can i download Cisco Security manager from Cisco site if i have CCO Login and install it on windows machine ? Also i would like to generate reports of sensors (like Top 10 Attackers , Top 10 Signatures ).Please help me in this

Regards

Ankur Sachdev

Hey Ankur,

Well, you'll be able to download CSM from the site. But, you'll need to ensure you have the appropriate license. I would suggest CSM, as its the forward direction of Cisco with regards to managing these devices.

Now reports are tricky. We actually use Ciscoworks VMS. I know its not the future, but it works. It provides us the use of Security Monitor as well as report generation. If this is not the direction you wish to take, MARS is your other option. I honestly have no experience with this system. You will be able to do several things with this solution, but it comes at a price.

BTW, you can generate various IPS reports through VMS. The downside is that it does not get granular enough to generate the reports you're requesting. You can generate a general IPS report and see this information readily available, but you'll get additional information as well.

So, you can use CSM and purchase MARS for your management and reporting or the older alternative.

Yesterday Cisco announced a new tool for managing IPS sensors at smaller sites (less than 5 sensors).

The Cisco IPS Manager Express (IME):

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5715/ps9610/data_sheet_c78-459033_ps4077_Products_Data_Sheet.html

IME is the next generation of IEV. It is designed for small deployments of up to 5 sensors. It can do event monitoring and reporting (it can do the Top 10 Attacker, and Top 10 Signature reports you asked about).

But new in IME it can also do configuration when managing IPS version 6.1 sensors.

IME and IPS version 6.1 are not yet available. Both are in the final stages of testing.

Both should be available in the next month or 2.

IME (just like IEV) is available at no additional cost for users with active Cisco Service for IPS contracts for their sensors.

NOTE: The same contract also includes entitlement to the IPS 6.1 version, as well as the Signature Update License. If your signature license is up to date, then your contract is up to date and you are entitled to both IME and IPS 6.1.

For small deployments of 5 sensors or less we currently recommend using IEV 5.2 for monitoring and IDM for configuration.

With the release of IME we would recommend IME for both monitoring and configuration.

NOTE: IME can be used to monitor the new IPS 6.1 sensors, but can also be used for monitoring the older 6.0 and 5.1 sensors as well. When using IPS 6.1 you could choose between IME or IDM for configuration. But if using IPS 6.0 or 5.1, then configuration would still be done through IDM.

For larger sensor deployments of 6 or more sensors, then CSM is recommended for configuraiton, and CS MARS is recommended for monitoring.

Very good to know for users with up to 5 IPS devices.

I still want to see if they'll figure something besides MARS for real-time reporting for users with 100+ IPS devices. I see they repackaged Security Monitor for the IME. Possible they make a module for CSM or something of that nature. Will be interesting to see how it progresses.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: