Configure an additional SPAN session to a different Cisco IPS appliance interface connected to the same virtual sensor.
Configure an EtherChannel bundle as the SPAN destination port.
Configure VACL capture.
Configure the Cisco IPS appliance to inline mode.
Reset TCP connection
Deny packet, reset TCP connection
Deny connection, reset TCP connection
A new signature engine update package has been loaded to the Cisco IPS appliance.
A new signature/virus update package has been loaded to the Cisco IPS appliance.
Summarizer has been disabled globally.
All the signatures have been set to the default state.
All the signatures have been retired, and then unretired.
From manually configured OS mappings
Imported OS mappings from Management Center for Cisco Security Agent
Imported OS mappings from Cisco Security Manager
Learned OS mappings from passive OS fingerprinting
Learned OS mappings from CiscoSensorBase input
From Cisco IPS signature updates
Produce verbose alert
Request rate limit
Reset TCP connection
Log attacker/victim pair packets
Request block connection
The low risk rating threshold
The low threat rating threshold
The low target value rating threshold
The high risk rating threshold
The high threat rating threshold
The high target value rating threshold
Threat rating adjustment
Event action override that denies high-risk network traffic with a risk rating of 90 to 100
Risk rating adjustment with global correlation
To enable the Cisco IPS appliance as a master blocking sensor
To enable management hosts to access the Cisco IPS appliance
To regenerate the Cisco IPS appliance SSH host key
To regenerate the Cisco IPS appliance SSL RSA key pair
To enable communications with a blocking device
Configure a VLAN interface as a management interface to access the Cisco ASA AIP-SSC.
Using MPF, configure which virtual sensor to use.
Configure a management access rule to allow Cisco ASDM access from the Cisco ASA AIPSSC management interface IP address.
Configure a management access rule to allow SSH access from the Cisco ASA AIP-SSC management interface IP address.
Event action overrides
Risk rating and adjustment based on the prevention actions taken
Threat rating and event action overrides
Event action overrides and event action filters
Risk rating and target value rating
Alert severity and alert actions
From a single source you do not expect to see non stablished connections to more than 120 different destination IP addresses.
From a single source you do not expect to see nonestablished connections to more than 100 different destination IP addresses.
You do not expect to see more than 5 sources generate nonestablished connections to 10 or more different destinations.
You do not expect to see more than 10 sources generate nonestablished connections to 5 or more different destinations.
A scanner threshold of 120 is not a valid value for this histogram.
Scanning attacks will not be triggered, because the scanner threshold is higher than the maximum number of destination IP addresses in the histogram.
Scanning attacks will not be triggered, because the scanner threshold is higher than the maximum number of source IP addresses in the histogram.
Cross-launch Cisco Security Manager to link the Cisco Security MARS event back to the IPS signature and policy within the Cisco Security Manager that triggered it.
Cross-launch Cisco IDM so the signature that triggered it can be examined.
Cross-launch Cisco IDM to show the corresponding IPS alerts.
Cross-launch Cisco Security Manager to show the corresponding IPS alerts.
Cross-launch Cisco IME so the signature that triggered it can be examined.
Only operates in inline modes
Ensures that Layer 4 to Layer 7 traffic conforms to the protocol specifications
Tracks session states and stops packets that do not fully match session state
Modifies ambiguously fragmented IP traffic
Cannot analyze asymmetric traffic flows
The percentage of the signatures to be tuned by the event action filter
The percentage of the Risk Rating value to be tuned by the event action filter
The percentage of packets to be denied for the deny attacker actions
the percentage of the signatures to be tuned by the event action overrides
Place the Cisco IPS appliance behind a firewall.
Disable unneeded signatures.
Enable unidirectional capture.
Have multiple Cisco IPS appliances in the path and configure them to detect different types of events.
Enable selective packet capture using VLAN ACL on the Cisco IPS 4200 Series appliance.
Enable all anti-evasive measures to reduce noise.