Cisco IDS sensors have inherant 'access control lists' (if you will) that can control who can and cannot attempt to remotely manage them. My question is, with configured access parameters, is there any IDS alarm that will trigger an event (to which, notification in the form of logging to the event console, sending an email, etc.) that notifies the sensor administrator that someone is attempting to access the sensor?
I would find it beneficial to know if any internal employees are "knocking on the door" of the sensor's command and control interface. If there is going to be access control, there should also be some sort of accounting. I'd like to be able to view both a LOG of attempted (failed) accesses to my sensors and/or have an event triggered.
Does the feature exist?