The Cisco IDS Device Manager and IDS Event Viewer are targeted for small deployments.
The IDS Device Manager is run on the sensor itself and can only be used to configure that one sensor. (Similar to the Pix Device Manager)
For small sensor deployments the IDS Device Manager will work well, but for larger sensor deployments the existing CSPM or Unix Director products will still be the management products of choice.
The IDS Event Viwer is run on a Wiindows NT or Windows 2000 box and can receive alarms from up to 3 sensors. The IDS Event Viewer does not have the ability to configure sensors (the IDS Device Manager would be used for configuration).
It has a 3 sensor limitation so is geared toward the small sensor deplyments.
For larger deployments the CSPM Event Viewer or HP OpenView with the Unix Director would still be needed.
If you are currently using CSPM or the Unix Director with a small sensor deployment you could switch to using the IDS Device Manager for managing the sensors and continue using the CSPM Event Viewer or HP OpenView to view the alerts. Or you can also convert to using the IDS Event Viewer.
The IDS Device Manager can also be used when troubleshooting or tuning a single sensor.
But be aware that CSPM will not pull in the configuration changes made by the IDS Device Manager for configuration areas that are configurable in CSPM. So when a new configuration is pushed from CSPM it will over write those changes.
(NOTE: The IDS Device Manager can be used to "tune" signatures with out worry of CSPM over writes, just like SigWizMenu could in version 3.0 since the "tunings" are not configurable in CSPM)
nrConfigure in the Unix Director can pull across the changes made by the IDS Device Manager by double clicking on the sensor and selecting yes to download the changes to nrConfigure.
To expand on the original question, is it possible that a new version of VMS will replace the functionality of the CSPM product? Would there be an upgrade path from CSPM to some future version of VMS, say v3.0?
here you can find some information:
I've some question to post about the new GUI of the sensor:
1) - the communication between sensor and device manager is secure (https) but with the Event Viewer is in clear text (classic postoffice)?
2) - can I schedule the backup of the events database on the new version of the event viewer?
3) - can I run the event viewer over a MSDE Sql database?
thanks in advance!
Answer to your questions:
1) Yes. The communication between Event Viewer and sensor is using postoffice.
2) Yes. There is an archive feature in the Event Viewer. You can schedule a time to backup the real-time event table, meanwhile the application will always backup the table when the total records in the table exceeds limit (which is user configurable).
3). No. You cannot.
SigWizMenu has disappeared ????
I've made the upgrade this morning and i cannot find the SigWizMenu ??? How can i do the fine tuning if i don't want to turned on the IDS device manager ???
SigWizMenu has been renamed to .SigWizMenu.
so you can execute /usr/nr/bin/.SigWizMenu to use the old SigWizMenu functionality.
SigWizMenu was renamed because we want to encourage people to use IDM for tuning rather than SigWizMenu, but it is still available for those who would prefer it.