06-27-2003 08:36 AM - edited 03-09-2019 03:50 AM
I am testing VMS 2.1. Event Viewer under Security Monitor just told me that blocking was only supported in 3.0 sensors. So is there no shun support with a 4.0 sensor?
06-27-2003 10:01 AM
As far as I'm aware, shunning based on a signature match response is supported under version 4.0. Manually creating a shun through the SecMon is not supported for 4.0 sensors.
06-27-2003 10:19 AM
Thanks for the reply. Does anyone know if there is a way to do manual shunning through VMS on a 4.0 sensor?
06-27-2003 02:08 PM
Hi Chad,
Currently this is not available, but most likely it will make it to the IDSMC/SecMon 1.2 release.
Thanks,
yatin
06-28-2003 01:02 PM
All,
By mistake I said IDSMC/Secmon 1.2 release will have the manual shun,
It should have been IDSMC/Secmon 1.3 instead.
1.2 does not have the manual shun feature.
Yatin
06-30-2003 11:18 AM
Until manual shun support is added to IDSMC/SecMon, the workaround would be to login to the IDM of the sensor itself and execute the manual shun.
06-28-2003 09:28 AM
You may want to do your testing with VMS 2.2:
http://www.cisco.com/kobayashi/sw-center/sw-cw2000.shtml
You can download the VMS 2.2 with a 90 day eval from the location above.
This should include SecMon 1.2 which was to include this manual shun feature.
As a work around, you could always telnet or ssh into your Pix and use the shun command available there if you see an interesting event in the SecMon Event Viewer if you continue to test with VMS 2.1.
peter
07-01-2003 08:05 AM
Besides SecMon based Manual Shun, are there any plans to allow Event Rules to issue shuns?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide