Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDS Event Monitoring

Are there any third party products that can be used to monitor Cisco IDS sensor events? We have VMS, but would like to investigate other solutions.

1 REPLY
Cisco Employee

Re: IDS Event Monitoring

Yes, there are other monitoring products. Cisco itself has IEV (Intrusion Detection Event Viewer) and CTR (Cisco Threat Response) which are both available to Cisco IDS users (with service contracts) at no additional charge.

In addition Cisco sells the CiscoWorks SIMS product which is an OEM of the NetForensics product for security event monitoring of not only Cisco IDS events but also security messages from other Cisco products as well as other vendor products.

There are also a few other security monitor vendors that have incorporated an RDEP client into their products. The RDEP client is used to pull the IDS alarms from the Cisco IDS Sensors.

You should just be able to query the web looking for security monitoring products and check the documentation to see if they have incorporated an RDEP client for pulling events from Cisco IDS Sensors.

Hopefully users who have used some of these other 3rp party products for security monitoring will reply letting you know the products they are using and how things are working out for them.

------------

Side Note: VMS serves 2 main purposes: Event Viewing and Configuration Management.

For Event Viewing VMS has the Security Monitor. Other vendors products can also be used for Event Viewing as mentioned above with the incorporation of an RDEP client.

For Configuration Management VMS has IDS Management Center. I don't know of any 3rd party products that will do configuration of the Cisco IDS sensors. So for configuration you will either need to continue using the IDS MC portion of VMS, or switch to using IDM (Intrusion Detection Device Manager) which runs on the sensor's own web browser. Be aware that you can use the IDS MC portion of VMS for configuration management, and still use another 3rd party product for Event Viewing, but the 2 products may have to be installed on separate boxes depending on OS, patch level, and JRE dependancies.

260
Views
0
Helpful
1
Replies
CreatePlease login to create content