I am evaluating VMS. I am curious about where VMS gets the information for the reports. Does it pull it directly from the IDS? Reason I am asking is because I recently cleared events from the IDS, "clear events", and when I run a report from Security Monitor I am still seeing alerts that happened before I cleared events.
Also before I cleared the events I was only able to pull alerts from that day, even though the report was set to pull alerts from the "end of time".
When you create and IDS sensor and indicate that you want to configure and/or monitor that IDS, all messages from the IDS pertaining to reactions to enabled signatures will be writen to the database on the cisco works/VMS server.
When you are in the VMS VPN/Security Managment Solution application and select a report or monitor action, those events come from the events stored in the local database on the ciscoworks/VMS server and could include "live" events from the active sensor and/or sensors as those events are being written to the local ciscoworks/VMS database.
Well, let me correct one minor item in your question above. As long as the IDS service is running on the VMS server, Security Monitor will retrieve the events from the sensor. Remember that in IDS 4.X, we have gone to a new protocol called RDEP. RDEP works in a pull method rather than the push method that Postoffice protocol used (IDS 3.X).
As for clearing the events in the database on the VMS server, take a look at the following documentation:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :