cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1567
Views
4
Helpful
3
Replies

Cisco IOS IPS - How to manage signatures?

donglejack83
Level 1
Level 1

Hello everyone,

I'd like to efficiently tune signatures in IOS IPS on one router, a 1941. Available options I found are:

  • CLI: not efficient to tune a group of signatures (example: Windows OS)
  • CCP 2.7 (Windows GUI): best tool I know, but not efficient, since:
    • a bit bugged (sometimes won't work on some computers)
    • needs IE9 to work fine, thus excluding its use on W8/W8.1
    • turnaround to use onIE10/IE11 won't always work (one computer refuses to keep compatibility view settings, for example)
    • not able to efficiently sort signatures, using several criteria (main drawback)
    • not able to exclude sets of signatures - like compile failed signatures
  • CCP 2.8: only available in express version. I installed it, but did not see a tab about signature tuning ...
  • Cisco Security Manager is complete overkill, since it needs a license and a server. Not simple to tune IPS on only one router ;-)
  • IPS Manager Express: seems a nice tool, but mainly designed for IPS sensors and firewalls, and not able to tune signatures for a router.

So, if one of you has an idea about a tool, whether Cisco or 3rd party, running preferably on Windows, it is very velcome!

Thanks!

3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Will,

I have only played with the CLI and with that I was able to selective enable the signatures I wanted (even using the sub-id intentifier), changed the action,compile the ones required, etc.

If this is what you are looking for when refering to tune signatures CLI will be fine, if more than that is needed well you have all of the software that you could use.

No other software available

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi, many thanks for your follow-up!

So, you manage the almost 6000 signatures (S761) that way then? You handle them one by one? Or you have a script?

Thanks alot!

Ravi Singh
Level 7
Level 7

I would suggest you to go through the attached documnet. It describes GUI as well as CLI method to mange IOS IPS Signature.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: