I have 3 Cisco IDS Sensors which i want to manage centrally .How will i accomplish that ?Can i download Cisco Security manager from Cisco site if i have CCO Login and install it on windows machine ? Also i would like to generate reports of sensors (like Top 10 Attackers , Top 10 Signatures ).Please help me in this
Well, you'll be able to download CSM from the site. But, you'll need to ensure you have the appropriate license. I would suggest CSM, as its the forward direction of Cisco with regards to managing these devices.
Now reports are tricky. We actually use Ciscoworks VMS. I know its not the future, but it works. It provides us the use of Security Monitor as well as report generation. If this is not the direction you wish to take, MARS is your other option. I honestly have no experience with this system. You will be able to do several things with this solution, but it comes at a price.
BTW, you can generate various IPS reports through VMS. The downside is that it does not get granular enough to generate the reports you're requesting. You can generate a general IPS report and see this information readily available, but you'll get additional information as well.
So, you can use CSM and purchase MARS for your management and reporting or the older alternative.
IME is the next generation of IEV. It is designed for small deployments of up to 5 sensors. It can do event monitoring and reporting (it can do the Top 10 Attacker, and Top 10 Signature reports you asked about).
But new in IME it can also do configuration when managing IPS version 6.1 sensors.
IME and IPS version 6.1 are not yet available. Both are in the final stages of testing.
Both should be available in the next month or 2.
IME (just like IEV) is available at no additional cost for users with active Cisco Service for IPS contracts for their sensors.
NOTE: The same contract also includes entitlement to the IPS 6.1 version, as well as the Signature Update License. If your signature license is up to date, then your contract is up to date and you are entitled to both IME and IPS 6.1.
For small deployments of 5 sensors or less we currently recommend using IEV 5.2 for monitoring and IDM for configuration.
With the release of IME we would recommend IME for both monitoring and configuration.
NOTE: IME can be used to monitor the new IPS 6.1 sensors, but can also be used for monitoring the older 6.0 and 5.1 sensors as well. When using IPS 6.1 you could choose between IME or IDM for configuration. But if using IPS 6.0 or 5.1, then configuration would still be done through IDM.
For larger sensor deployments of 6 or more sensors, then CSM is recommended for configuraiton, and CS MARS is recommended for monitoring.
Very good to know for users with up to 5 IPS devices.
I still want to see if they'll figure something besides MARS for real-time reporting for users with 100+ IPS devices. I see they repackaged Security Monitor for the IME. Possible they make a module for CSM or something of that nature. Will be interesting to see how it progresses.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :