cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
414
Views
0
Helpful
5
Replies

IPS Sensor Reports

supinoc
Level 1
Level 1

Hi all,

I have a customer that is looking to create reports based on his IPS sensor logs. Can IDM or CiscoWorks VMS do this for him or will he need something more such as MARS? Any input would be appreciated.

Thanks,

Chris

5 Replies 5

andrew.burns
Level 7
Level 7

Hi,

I guess it depends on a lot of factors, something like IEV (IPS event viewer) is free and can generate simple reports like top 10 alerts, top 10 attackers, etc, but it has to be running all the time. IDM isn't much good as although you can view the events I don't think you can generate any reports.

MARS is probably at the top end, and will certainly give you reports, but does loads more besides. (we get over a million raw events a day - without something like MARS you couldn't possibly do anything meaningful with that volume of events)

I'd start with IEV and then look at alternatives if it doesn't meet the requirements.

HTH

Andrew.

Hi,

I'm trying to download IEV but it says no files found. Is there anyother place I can download IEV?

Thx in advance,

Regards,

Janakan Rajendran

The Security Monitor (SecMon) part of VMS 2.3 will generate IPS reports, but you have limited controll of their contents. You can load it on a W2K platform and run it for 60 or 90 days with the default trial license to see if it fits your needs:

http://www.cisco.com/en/US/products/sw/cscowork/ps2330/index.html

I'm running sensor software version 5. I don't believe that IEV is an option under 5.x, correct?

It is available for 5.x.

http://www.cisco.com/cgi-bin/tablebuild.pl/ids-ev

There is a problem with the current readme link for the latest version though (missing a space). This link should work:

http://ftp-sj.cisco.com/cisco/crypto/3DES/ciscosecure/ids/event-viewer/IEV-5.2-1%20readme.txt

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: