Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IDS CISCO alarm

from [Phil Hollows] Network Security [Permanent Link]
Subject: RE: IDS CISCO alarm
Date: Tue, 11 Jan 2005 09:53:07 -0500 
RDEP is the protocol used in 4.x sensors.  There's a PERL library on
CPAN that OpenService (another SIM vendor www.open.com ) has released
that allows you to analyze RDEP data.

Thanks,

Phil



-----Original Message-----
From: Gary Halleen (ghalleen) [mailto:ghalleen@cisco.com] 
Sent: Thursday, January 06, 2005 9:06 PM
To: 'Julio Crespo'; focus-ids@securityfocus.com
Subject: RE: IDS CISCO alarm

Julio,

With IDS 4.1 code, the Cisco IDS only communicates directly with the
monitoring console (either Cisco's IDS Event Viewer, or Security
Monitor, or
to any of a variety of third-party vendor products, like Arcsight,
Protego,
netForensics, etc).  The monitoring consoles have the ability of either
forwarding events or executing a script based on the events.

With IPS 5.0 code (currently in beta), the sensor can send SNMP traps in
addition to the above.

Gary
 

-----Original Message-----
From: Julio Crespo [mailto:jcrespo@sigfe.cl] 
Sent: Wednesday, January 05, 2005 1:41 PM
To: focus-ids@securityfocus.com
Subject: IDS CISCO alarm

Hi, someone knows if is configurable for send alarms the IDS CISCO ?

I have looked for by all the site of Cisco without obtaining no
reference

 

As it is possible that a IDS does not have form to alarm? it is
necessary 

to be patch to log that it gives product IDS Event Viewer?

 

Thanks a lot.

------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
--

------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: newbie quetsions, avi chesla
Next by Date:  RE: newbie quetsions, Julius Detritus
Previous by Thread:  RE: IDS CISCO alarm, Arndt . WA
Next by Thread:  User defined signatures, Gary Flynn
Indexes:  [Date] [Thread] [Top] [All Lists]