Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
428
Views
2
Helpful
3
Replies

Configuration examples for AIP SSM10

aoshea
Level 1
Level 1

‎02-22-2006 01:50 AM - edited ‎03-10-2019 01:54 AM

Dear Support,

Seems like I'm trying to learn another language reading the IPS command line interface guide! (I’m a traditional routing/switching person)

Does anyone know if there are any useful configuration examples for the AIP-SSM10 ?

I don't believe what I'm doing is rocket science, I just need to monitor two front end web servers and a back end SQL box for weird activity.

I have two asa5520's configured in a failover pair each contains an AIP-SSM10.

I have uploaded the latest signatures to the AIP, but just need to configure them. I haven't turned on the policy to route the traffic to the AIPs from the ASA yet as want to tune the configs on the AIPs first.

Any links / advice would be gratefully received.

I can post the current configs if that helps?

Thank you in advance for your assistance.

Regards, Adrian.

Labels:
0 Helpful
3 Replies 3

Jeffrey Bollinger
Cisco Employee
Cisco Employee

‎02-22-2006 08:15 AM

Tuning the IPS signatures is going to be customized for every network, depending on what exactly you're looking for. The signatures are grouped into various categories and you can selectively enable/disable these categories, or just accept the default signatures. There's not a lot of configuration that needs to be done on the signatures. You just need to make sure to tune out your false positives by watching your events as they come in and seeing what events are actual attacks and which could be deemed permissible.

So to answer your question, there isn't really a config example for the IPS component. The quickest way to get up and running is to connect to the network port on the front of the module and load the SDM (HTTPS interface) of the IPS and review your signature settings there.

aoshea
Level 1
Level 1
In response to Jeffrey Bollinger

‎02-23-2006 02:17 AM

Many thanks for your assistance, I've already configured the SDM access, however it doesn't seem user friendly ... is there a guide for the SDM ?

regards, Adrian.

0 Helpful

Jeffrey Bollinger
Cisco Employee
Cisco Employee
In response to aoshea

‎02-23-2006 06:39 AM

I think the GUI is pretty intuitive, but its basically the same GUI as the IPS Sensors themselves use. Here's the guide for that:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/idmguide/index.htm

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card