New deployment with ASA & AIP-SSM module

Answered Question
Apr 7th, 2010

Hi guys and gals,

I'm thinking of deploying an ASA with IPS module AIP-SSM at my perimeter. I'm going to use /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Cisco IPS Manager Express (IME) to monitor the IPS to monitor the ASA. I have no plans on deploying an IDS device.


Question: Is IME designed to send notification about threats? What are some of the setups in your network? (Just poking with the last question.)

thx..

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 9 months ago

IME is designed just to monitor IPS (whether it is IPS appliance, AIP-SSM module on ASA, or other IPS module). IME is not capable on monitoring ASA.

IME can provide email notification on events which are being triggered on the IPS, while IPS itself can't. IME can also keep all the events triggered by the IPS, while IPS buffer is pretty small, therefore if you have huge events, the buffer gets overwritten pretty quickly.

Here is more information on IME if you are interested:

http://www.cisco.com/en/US/products/ps9610/index.html

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Wed, 04/07/2010 - 21:35

IME is designed just to monitor IPS (whether it is IPS appliance, AIP-SSM module on ASA, or other IPS module). IME is not capable on monitoring ASA.

IME can provide email notification on events which are being triggered on the IPS, while IPS itself can't. IME can also keep all the events triggered by the IPS, while IPS buffer is pretty small, therefore if you have huge events, the buffer gets overwritten pretty quickly.

Here is more information on IME if you are interested:

http://www.cisco.com/en/US/products/ps9610/index.html

DialerString_2 Thu, 04/08/2010 - 07:33

You can always change the buffer size and there's probably a way to syslog those events. Halijen thanks for you reply and it was very helpful.

Actions

This Discussion