IME & IDM

Answered Question
Jun 11th, 2010

Hello Friends,

What the difference between the IME and IDM, I think the IME is the replacement of IDM and IDM was compatible with previous version of IPS IOS.??? please correct me if i m wrong. I m very much new to IPS.

Thanks,

I have this problem too.
0 votes
Correct Answer by Scott Fringer about 6 years 5 months ago

As Marcin indicated, IDM is for single device management and IME supports up to 10 IPS sensors.

To expand:

IPS Device Manager (IDM) is built-in to all current sensor software releases.  It supports device configuration and manual event monitoring.

IPS Manager Express (IME) is a stand-alone Windows application that can manage up to 10 IPS devices in the current release (7.0.3).  IME can provide real-time event monitoring for most IPS releases (5.1, 6.0, 6.1, 6.2 and 7.0).  It is not necessary to run the IME GUI full time as the event collection process runs as a Windows service which collects the events via SDEE from the managed sensors and stores them in a local MySQL database.  As the events are stored in the local MySQL database, historical reporting and auditing may be performed against that data.  IME will cross-link to supporting signature event details from the Cisco IntelliShield site.  IME can also handle IPS configuration for IPS recent IPS releases (6.1, 6.2, 7.0).

IME is not replacing IDM, it provides the ability to manage multiple IPS sensors through one application.

Scott

Correct Answer by Marcin Latosiewicz about 6 years 6 months ago

IDM is just a single device manager.

While IME can manage multiple devices, collects logs, browses through them has SDEE etc etc

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Marcin Latosiewicz Sat, 06/12/2010 - 00:29

IDM is just a single device manager.

While IME can manage multiple devices, collects logs, browses through them has SDEE etc etc

Correct Answer
Scott Fringer Mon, 06/14/2010 - 03:58

As Marcin indicated, IDM is for single device management and IME supports up to 10 IPS sensors.

To expand:

IPS Device Manager (IDM) is built-in to all current sensor software releases.  It supports device configuration and manual event monitoring.

IPS Manager Express (IME) is a stand-alone Windows application that can manage up to 10 IPS devices in the current release (7.0.3).  IME can provide real-time event monitoring for most IPS releases (5.1, 6.0, 6.1, 6.2 and 7.0).  It is not necessary to run the IME GUI full time as the event collection process runs as a Windows service which collects the events via SDEE from the managed sensors and stores them in a local MySQL database.  As the events are stored in the local MySQL database, historical reporting and auditing may be performed against that data.  IME will cross-link to supporting signature event details from the Cisco IntelliShield site.  IME can also handle IPS configuration for IPS recent IPS releases (6.1, 6.2, 7.0).

IME is not replacing IDM, it provides the ability to manage multiple IPS sensors through one application.

Scott

mikecrowe4ICS_2 Sun, 03/13/2011 - 23:11

scfringe wrote:

(for IME Client) ... the event collection process runs as a Windows service which collects the events via SDEE from the managed sensors and stores them in a local MySQL database ...

I think this is an important point that needs to be pointed out more directly and more visibly in the documentation for IME.  This feature has an impact beyond just your local workstation.  This is especially important if you are running IME, and you enable AAA on your sensors.

After you enable AAA/RADIUS, your IME client (via the IPS sensor) is going to start HAMMERING your AAA server.  I'm talking a minimum of one log entry per second, per monitored device.  And that's for one client.  I considered disabling just on that alone.

Actions

This Discussion