Global correlation / reputation filtering in monitoring mode
We use Cisco appliances primarily in monitoring mode. We'd like to use the IPS reputation filtering / global correlation to alert us when we have connections to "bad" IP addresses (e.g. botnet, etc). Is it even possible to use either of these features for this purpose? According the the following document is appears there may not be alerts for packets denied before signature analysis. Surely that can't be???
"Note This feature only applies to global correlation inspection where the traffic is allowed if no specific signature is matched. It does not apply to reputation filtering where the packet is denied before signature analysis, and no alerts are generated when packets are denied by reputation filtering. "
Re: Global correlation / reputation filtering in monitoring mode
Just listened to the techtalk on global correlation. about 16 minutes in...."we do not send events just to keep the load quiet". Can someone from Cisco please confirm that this completely naive and poorly engineered facet of the solution still works this way? I'm sorry to sound like an arse, but I am so completely frustrated with the value we get out of these appliances. Apparently, the ASA botnet functionality can do what we want, but not the stand alone IPS appliance....come on Cisco.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :