Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Configure threshold alarm trigger for ids signatures

How can i configure a threshold alarm trigger for a ids signatures? It's not possible with cspm. I can modify the threshold for all the signatures by editing the event.conf in dir /usr/nr/etc but i can't change the threshold for only one signatures.

1 REPLY
Community Member

Re: Configure threshold alarm trigger for ids signatures

You are correct by stating that CSPM does not allow you to configure alarm thresholds. You do have alternatives. If your sensor is at version 3.1 or greater, you can use IDM (Intrusion Detection Manager), which allows you to use a ssl connection into the sensor. IDM has features which allows you to edit thresholds on signatures. You can also use the command line utility on the sensor called SigWizMenu (Signature Wizard). All of this documented on CCO.

218
Views
0
Helpful
1
Replies
CreatePlease to create content