Re: IDS CSPM Replacement - Any info available?

hschupp · ‎02-27-2002

I am curious about the replacement product for the CSPM. I have heard mention of it several times but have not seen anything that describes it's features as yet. Is there an eval version out there?

Another department here is building a report generator based off the data set for the event viewer in CSPM ... They're wanting to know if there is a difference in the new Front-end. Nice to see someone thinking ahead so... any info available?

Thanks in advance!

Henry Schupp

Network Engineer II

Integrated Data Systems, Inc.

bwalchez · ‎03-06-2002

I haven’t seen anything on CCO yet but your sales office might be able to get you some info. Generally Cisco doesn’t talk much about its new products until they release. I’m sure that’s for competitive reasons.

travis-dennis_2 · ‎03-06-2002

CSPM V3 is now a bundled package with CiscoWorks VMS 2.0 if that is what you are referring to. If there is going to be a stand-alone product with similar funtionality I have not heard and my local Cisco reps say "no dice"

pbobby · ‎03-06-2002

I'm personally not too concerned with v3 unless there is new functionality for the IDS systems.

Does CSPM v3 have new features specifically for the IDS set?

robert.mcclain · ‎03-07-2002

The new CSPM suppose to be out 3rd qtr (not sure exactly) will incorporate the VMS system and the IDS sensors management in one central location. You can manage network sensors just like you do now, but you can then get the Host IDS system installed on say webservers and manage them from the same CSPM.

Entercept is the company behing the Host IDS software.

travis-dennis_2 · ‎03-07-2002

Well Crapola....So this is definetly going to be a stand-alone version?

girpatel · ‎03-07-2002

Cisco will evolve CSPM for IDS to have new functionality such as:

1. Higher scalability, supporting more sensors for configurations and higher event volumes

2. Event correlation to identify attacks mounted across sensors, across time, and from different addresses

3. Flexible notification scheme and automated responses to critical events.

4. Support for multiple event types

5. Signature tuning to reduce false positives

6. Web based interface

If customers buy VMS 2.0 (which includes CSPM today), with a SAS service update contract, they will the new software at no additional cost. The new software will be released as an update to VMS 2.0.

VMS 2.x also includes the Cisco IDS Host Sensor Console. The network and host IDS consoles will be two separate software products but they can coexist on the same server. The Host console can pass events to the new Network IDS event viewer for an integrated view of events.

hschupp · ‎03-13-2002

Sounds great. Though I would wish that you could create a single CSPM/HOST IDS Console integration for less administrative overhead... The CSPM for IDS is a much needed update and will be appreciated.

Can I suggest one more added feature...

In the Reports section where we can select HTML or Text view ... Add a "Save As" function with a "Tab Delimited" option. This would add much to the administrator's analysis and reporting capabilities.

So once you select (for example) the Summmary in Text --- when the options screen appears to select dates, sensors, etc --- you also have the option to save the report in a tab delimited format.

I would be able to then take the resulting summary table and port it into any of a 1/2 dozen different applications for analysis/custom reporting.

Oh yes -- Event Viewer: Add capability to view events BY sensor. i.e.; show me only the Inside PIX events. (If the capability is already there I haven't found it.

Thanks for the info!