Solved: New deployment with ASA & AIP-SSM module

DialerString_2 · ‎04-07-2010

Hi guys and gals,

I'm thinking of deploying an ASA with IPS module AIP-SSM at my perimeter. I'm going to use Cisco IPS Manager Express (IME) to monitor the IPS to monitor the ASA. I have no plans on deploying an IDS device.

Question: Is IME designed to send notification about threats? What are some of the setups in your network? (Just poking with the last question.)

thx..

Jennifer Halim · ‎04-07-2010

IME is designed just to monitor IPS (whether it is IPS appliance, AIP-SSM module on ASA, or other IPS module). IME is not capable on monitoring ASA.

IME can provide email notification on events which are being triggered on the IPS, while IPS itself can't. IME can also keep all the events triggered by the IPS, while IPS buffer is pretty small, therefore if you have huge events, the buffer gets overwritten pretty quickly.

Here is more information on IME if you are interested:

http://www.cisco.com/en/US/products/ps9610/index.html

View solution in original post

Jennifer Halim · ‎04-07-2010

IME is designed just to monitor IPS (whether it is IPS appliance, AIP-SSM module on ASA, or other IPS module). IME is not capable on monitoring ASA.

IME can provide email notification on events which are being triggered on the IPS, while IPS itself can't. IME can also keep all the events triggered by the IPS, while IPS buffer is pretty small, therefore if you have huge events, the buffer gets overwritten pretty quickly.

Here is more information on IME if you are interested:

http://www.cisco.com/en/US/products/ps9610/index.html

DialerString_2 · ‎04-08-2010

You can always change the buffer size and there's probably a way to syslog those events. Halijen thanks for you reply and it was very helpful.