5-9
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 5 Configuring Virtual Sensors
Adding, Editing, and Deleting Virtual Sensors
Editing and Deleting Virtual Sensors
You can edit the following parameters of a virtual sensor:
•
Signature definition policy
•
Event action rules policy
•
Anomaly detection policy
Note
Anomaly detection is disabled by default. You must enable it to configure or apply an
anomaly detection policy. Enabling anomaly detection results in a decrease in performance.
•
Anomaly detection operational mode
•
Inline TCP session tracking mode
Note
The ASA IPS modules (ASA 5500-X IPS SSP and ASA 5585-X IPS SSP) do not support
the inline TCP session tracking mode.
•
Description
•
Interfaces assigned
Editing or Deleting a Virtual Sensor
To edit or delete a virtual sensor, follow these steps:
Step 1
Log in to the CLI using an account with administrator privileges.
Step 2
Enter analysis engine mode.
sensor# configure terminal
sensor(config)# service analysis-engine
sensor(config-ana)#
Step 3
Edit the virtual sensor, vs1.
sensor(config-ana)# virtual-sensor vs1
sensor(config-ana-vir)#
Step 4
Edit the description of this virtual sensor.
sensor(config-ana-vir)# description virtual sensor A
Step 5
Change the anomaly detection policy and operational mode assigned to this virtual sensor.
sensor(config-ana-vir)# anomaly-detection
sensor(config-ana-vir-ano)# anomaly-detection-name ad0
sensor(config-ana-vir-ano)# operational-mode learn
Step 6
Change the event action rules policy assigned to this virtual sensor.
sensor(config-ana-vir-ano)# exit
sensor(config-ana-vir)# event-action-rules rules0
Step 7
Change the signature definition policy assigned to this virtual sensor.
sensor(config-ana-vir)# signature-definition sig0