Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Configuration>Sensing Engine>Data Sources

What's the purpose of this feature?

I would like to know the way to limit the ip address that may trigger an alarm. My IDS is scanning a network where there are a lot of hosts and I only want to detect certain attacks (let's say those ones belonging to 192.168.1.0/24 but not 192.168.2.0/24)

3 REPLIES
New Member

Re: Configuration>Sensing Engine>Data Sources

From what you've written I'm guessing you want to use: Configuration>Sensing Engine>Filtered Signatures

As an example you could enter in the destination of 192.168.1.0/24 and put in asterisks for every other field (source, sig, sub-sig).

Is this what you're after?

Cisco Employee

Re: Configuration>Sensing Engine>Data Sources

Just so you know the Data Sources, are the ip addresses of Cisco Routers that are sending syslog messages to the sensor. The sensor can then generate alarms from the syslog messages when ACL denials ocurr. The alarm generated is the 10000 Policy Violation alarm.

Most users do not use this feature, and it will not help in what you are trying to accomplish. The method described by seba is the method to use.

New Member

Re: Configuration>Sensing Engine>Data Sources

That's right

Thank you very much

98
Views
0
Helpful
3
Replies
CreatePlease to create content