Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Default time for IDM to block hosts

In IDS 4.0 what is the default time for IDM to block hosts(in access-list for a router)?And this time is configurable?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Default time for IDM to block hosts

From the sensor CLI:

config term

service virtual-sensor-configuration virtualSensor

tune

shunEvent

ShunTime (minutes to block hosts)

From IDM:

Click Configuration

Click Blocking

Click Blocking properties

Update the Block Time input control.

Note: This was recently added to IDM, so you may need

to upgrade to the latest IDS software.

3 REPLIES
New Member

Re: Default time for IDM to block hosts

I have learnt that it is 30 minutes...

How can i change it?

Cisco Employee

Re: Default time for IDM to block hosts

From the sensor CLI:

config term

service virtual-sensor-configuration virtualSensor

tune

shunEvent

ShunTime (minutes to block hosts)

From IDM:

Click Configuration

Click Blocking

Click Blocking properties

Update the Block Time input control.

Note: This was recently added to IDM, so you may need

to upgrade to the latest IDS software.

Cisco Employee

Re: Default time for IDM to block hosts

note that this affects ALL signatures. When you apply it, your sensor will have to generate new cache files..so it will act just like if you tuned a sig.

140
Views
0
Helpful
3
Replies
CreatePlease login to create content