Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Default action by severity?

Is it possible to define a default action by severity such as "log" all high severity signatures?

Is there any way of having e-mail notifications without purchasing Ciscoworks?

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Default action by severity?

Hi Nicholas,

There is no default action as such for any signature besides the fact that all medium and high severity signatures will trigger an event to be logged into the event viewer.

If you are referring to the "IP Log" action, then this has to be manually setup for the signatures that you want it for.

IP Log is used for forensic purposes and it is very very chatty, it can easily overwhelm the event viewer if not tuned properly.

Using IDSMC, you could select all the High Severity signatures and in one stroke configure all these for any action you want. Don't have to go into each signature and do it.

Email notification is a feature that only comes with IDSMC/Security Monitor.

Thanks,

yatin

1 REPLY
Cisco Employee

Re: Default action by severity?

Hi Nicholas,

There is no default action as such for any signature besides the fact that all medium and high severity signatures will trigger an event to be logged into the event viewer.

If you are referring to the "IP Log" action, then this has to be manually setup for the signatures that you want it for.

IP Log is used for forensic purposes and it is very very chatty, it can easily overwhelm the event viewer if not tuned properly.

Using IDSMC, you could select all the High Severity signatures and in one stroke configure all these for any action you want. Don't have to go into each signature and do it.

Email notification is a feature that only comes with IDSMC/Security Monitor.

Thanks,

yatin

93
Views
0
Helpful
1
Replies
CreatePlease to create content