04-07-2010 02:23 PM - edited 03-10-2019 04:57 AM
Hi guys and gals,
I'm thinking of deploying an ASA with IPS module AIP-SSM at my perimeter. I'm going to use Cisco IPS Manager Express (IME) to monitor the IPS to monitor the ASA. I have no plans on deploying an IDS device.
Question: Is IME designed to send notification about threats? What are some of the setups in your network? (Just poking with the last question.)
thx..
Solved! Go to Solution.
04-07-2010 09:35 PM
IME is designed just to monitor IPS (whether it is IPS appliance, AIP-SSM module on ASA, or other IPS module). IME is not capable on monitoring ASA.
IME can provide email notification on events which are being triggered on the IPS, while IPS itself can't. IME can also keep all the events triggered by the IPS, while IPS buffer is pretty small, therefore if you have huge events, the buffer gets overwritten pretty quickly.
Here is more information on IME if you are interested:
04-07-2010 09:35 PM
IME is designed just to monitor IPS (whether it is IPS appliance, AIP-SSM module on ASA, or other IPS module). IME is not capable on monitoring ASA.
IME can provide email notification on events which are being triggered on the IPS, while IPS itself can't. IME can also keep all the events triggered by the IPS, while IPS buffer is pretty small, therefore if you have huge events, the buffer gets overwritten pretty quickly.
Here is more information on IME if you are interested:
04-08-2010 07:33 AM
You can always change the buffer size and there's probably a way to syslog those events. Halijen thanks for you reply and it was very helpful.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: