11-25-2006 11:58 PM - edited 03-10-2019 03:20 AM
I knew that we can use ciscowork 2000 to monitor IDS.
1- But can I use Cisco security agent to monitor IDS as well ?
2- Are there any other software for monitoring IDS beside ciscowork 2000 ?
3- Does IDS 4125 itself have web interface for monitoring ?
4- We have got IDS 4125 at work (production line), I tried to access it through web interfaces, I tried all of these without any success:
https(with s)://192.168.x.x,and https(with s)://192.168.x.x:443, http(without s)://192.168.x.x, I could not, then I tried to access it through console without any success.
I can telent to it.
Regards
Regards
11-27-2006 04:18 AM
Any help or comment ?
Thanks
11-27-2006 05:58 AM
1) No. CSA is a host based IDS. Do you mean Cisco Security Manager? I'm not positive, but I don't think the CSM supports event monitoring like the old CiscoWorks/VMS did.
http://www.cisco.com/en/US/customer/products/ps6498/products_data_sheet0900aecd803ffd5c.html
2)Here are the Cisco tools:
IDS Event Viewer (free): http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ev
CSMARS: http://www.cisco.com/en/US/products/ps6241/index.html
CiscoWorks SIM(netforensics): http://www.cisco.com/en/US/products/sw/cscowork/ps5209/index.html
Otherwise, just do a google search for "Security Event Management" or similar. The Cisco IDS/IPS has enough market share that most vendors support them.
3) I'm not familiar with that model. Do you mean 4215? The 5.x version has an event monitoring web interface. I don't remember if the 4.x code does.
4) By default, the 5.x sensor will be listening on tcp port 443 for https connections and tcp port 22 for ssh connections. telnet is disabled by default. These can all be modified though.
11-27-2006 06:28 AM
[cut]
CSA is a host based IDS
[/cut]
I see
[cut]
Do you mean Cisco Security Manager
[/cut]
i menat Cisco Security Agent (CSA) not Manager
[cut]
IDS Event Viewer (free)
[/cut]
no it is not free unfortunatly
[cut]
I'm not familiar with that model. Do you mean 4215?
[/cut]
yes, my mistake, sorry.
[cut]
I don't remember if the 4.x code does.
[/cut]
Yes we have got 4.1(1)S47 not 5
11-27-2006 06:41 AM
[cut]
IDS Event Viewer (free)
[/cut]
no it is not free unfortunatly
How is it "not free"? You probably have to have a valid contract for an IPS device, but otherwise isn't it free? I know I've downloaded it and used it without giving anyone money;-)
11-27-2006 07:22 AM
11-27-2006 08:55 AM
IEV is available for "no additional charge" for users with an Cisco Services for IPS maintenance contract on their sensors.
So it is not technically free; it is already included in the base costs of the sensor and maintenance contracts.
Latest IEV for 5.x sensors is version 5.2(1):
http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ev
Latest IEV for 4.x sensors is version 4.1(1):
http://www.cisco.com/cgi-bin/tablebuild.pl/ids-ev
(Note: the 4.1(1) IEV is no longer being updated as signature support for version 4.x sensors has ended.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide