CSPM distributed management .

rzcisco · ‎03-30-2003

hi engineers .

i have configured a CSPM in my local network and it works quite fine .

my problem is that i want to gain a distributed IDS management over a network , not only having several IDS and one CSPM ,but also having one IDS and several CSPM .If it is possible .

shed me light in this issue ,although i'm not sure if it is useful.

thanks in advance .

marcabal · ‎04-01-2003

One CSPM supports configuring and viewing alarms from multiple IDS Sensors.

CSPM boxes can be placed in a heirarchy where the lower level CSPMs configure and view alarms from the IDS sensors, and then pass the alarms up to the 2nd level CSPM machines. The 2nd level CSPM machines can then pass alarms up to the 3rd level etc...

The 2nd level and above can only view the alarms, and can not be used to configure the end sensors. The sensors must be configured from the low level CSPMs.

You can configure a single sensor to report to multiple CSPMs, but only ONE of the CSPMs should be used to configure the sensor. Using multiple CSPMs to configure the same sensor can lead to configuration problems, and lost configuration changes.

jballay · ‎04-01-2003

Is the procedure to set up heirarchies documented in detail? If yes, where can I get my hands on it. Thanks.

marcabal · ‎04-01-2003

Read through this section. It should explain some of it.

I have never done it myself; so can't provide many details.

http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch04.htm#xtocid2665211