Hi Marco,

For any IDS system, there requires a management software to manage it. The 42xx comes with in-built management piece which is called IDM/IEV. This should work out for your requirements just fine. Please go through the url below for further info on this.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/index.htm

Hope this helps,

yatin

Question: The ISD 4200 series can be sold as a standalone products, or it MUST be sold with Cisco Works?

Answer: The IDS-4200 series sensors come loaded with IDM for configuration and IEV can be downloaded free of charge for alarm viewing.

There are 2 basic management pieces that you need for managing the IDS sensors. You need a management utility for configuring the sensor, and you need a management utility for viewing alarms generated by the sensor.

IDM (Intrusion Detection Manager) is a web based utility for configuring the sensors. IDM is included as part of the sensor software and can be accessed through the sensor's web server. IDM can only be used to configure the sensor on which it is running. Configuring multiple sensors requires the user to connect to the IDM on each sensor, and so is generally suitable for small deployments.

IEV (Intrusion Detection Event Viewer) is a Windows program that you download from CCO and install on your own desktop. You then configure it to connect to the sensor and pull alarms from the sensor.

IEV can be downloaded from CCO at no additional charge. IEV is limited to pulling events from 5 sensors so is only suitable for small installations.

For larger deployments (more than 5 sensors) it is generally recommended to purchase VMS 2.2 (VPN and Security Management Solution). VMS contains 2 utilities used for managing IDS sensors. IDS MC (IDS Management Center) is a web based configuration tool designed for configuration of multiple sensors. SecMon (Security Monitor) is a web based alarm viewing tool used for monitoring large numbers of sensors. VMS is avialable for an extra charge and is geared towards the enterprise customer.

Question:

The web interface of the IDS can handle basic events and, in particular, basic intruder alert notifications?

Answer: The IDM interface can be used to view the alerts in a basic text format similar to a log file. This is OK for debugging and troubleshooting, but is not usable to daily monitoring for the sensor. For daily monitoring you need either IEV or SecMon (part of VMS). IDM does not provide the ability to send emails when alerts are seen.

IEV can be used for viewing alarms of up to 5 sensors. IEV is not web based, but is instead a windows application. IEV also does not have the ability to send emails when alerts are seen.

SecMon (part of VMS) is a web based event viewer (installed on a separate server and not installed on the sensor). It can be used to view events from several sensors. SecMon DOES include the ability to send email notifications when certain events are seen.

So if email notifications is a requirement for your deployment then you should look into purchasing VMS rather than using IDM/IEV.