Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

SIMs and 4.x IDS Probes

Has anyone gotten the 4.x probes to work with SIMs other than netforensics...

I have a client who we manage their IDS they just bought "Guardednet"/neusecure and they want the alerts from the probes to also be sent to their SIM. I question whether this is possible to do without giving them configuration level access as all the docs refer to RDEP configuration needing "Administrator" level acounting.

does anyone have any ideas as to whether this is workable ie allowing a SIM to poll the probes (which seems required with this 4.x version of code) while only allowing a read-level of access?

Cisco Employee

Re: SIMs and 4.x IDS Probes

You will need to first ensure that "Guardednet"/neusecure has built an RDEP client to pull the RDEP events from the sensors.

(Many security monitoring systems have already built in RDEP clients, but I am not sure about this one.)

Once you've verified that an RDEP client is supported. Then you can create a userid on the sensor and give it "Viewer" privelages. Configure the RDEP client to use this "Viewer" userid and password. The RDEP client will be able to connect to the sensor and pull events, but will not be able to modify the configuration of the sensor.

SIDE NOTE: The client can also use this "Viewer" account to acccess the sensor through the CLI or IDM and be able to view statistics, but won't be able to modify the configuration of the sensor (except for that user's own password).

New Member

Re: SIMs and 4.x IDS Probes

I have my entire security infrastructure integrated within Network Security Monitor, by Intellitactics.

They have a functioning RDEP listener for the v4.x probes, and of course support most other security products too.

Very expensive, but extremely good :)

CreatePlease to create content