Cisco IDS/IPS OS and Application Identification?

Unanswered Question
May 29th, 2009

I'm researching IPS solutions for a client - one of the requirements that's important to them is the ability of the system to identify the OS and applications associated with individual hosts or clients. The intent would be to use this information in triaging and responding to alerts. I don't see that this capability is provided - but am wondering if anyone knows otherwise.


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Sat, 05/30/2009 - 05:51

The Cisco IPS can do this. You can even integrate with the Management Console for the Cisco Security Agent CSA (HIPS) to get accurate host fingerprint(s). Have a look at:


http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliExPrd.html


The auto-detection does not always do a good job, and you need to set things manually.


http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliEvAct.html#wpxref72157


Please rate if helpful


Regards


Farrukh

Actions

This Discussion