Support User Manuals

Cisco Systems IPS4510K9 Home Security System User Manual

Open as PDF

of 854

8-19

Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2

OL-29168-01

Chapter 8 Configuring Event Action Rules

Configuring Event Action Overrides

•

Log packets from both the attacker and victim IP addresses.

sensor(config-eve)# overrides log-pair-packets

sensor(config-eve-ove)#

•

Write an alert to Event Store.

sensor(config-eve)# overrides produce-alert

sensor(config-eve-ove)#

•

Write verbose alerts to Event Store.

sensor(config-eve)# overrides produce-verbose-alert

sensor(config-eve-ove)#

•

Write events that request an SNMP trap to the Event Store.

sensor(config-eve)# overrides request-snmp-trap

sensor(config-eve-ove)#

Step 4

Configure the risk rating for this override item. The default risk rating range is 0 to 100. Set it to a

different value, such as 85 to 100.

sensor(config-eve-ove)# risk-rating-range 85-100

Step 5

Enable or disable the use of this override item. The default is enabled.

sensor(config-eve-ove)# override-item-status {enabled | disabled}

Step 6

Verify the settings.

sensor(config-eve-ove)# exit

sensor(config-eve)# show settings

action-to-add: deny-attacker-inline

-----------------------------------------------

override-item-status: Enabled default: Enabled

risk-rating-range: 85-100 default: 0-100

-----------------------------------------------

Step 7

Edit the risk rating of an event action override.

sensor(config-eve)# overrides deny-attacker-inline

sensor(config-eve-ove)# risk-rating 95-100

Step 8

Verify that you edited the event action override.

sensor(config-eve-ove)# exit

sensor(config-eve)# show settings

-----------------------------------------------

overrides (min: 0, max: 14, current: 1)

-----------------------------------------------

override-item-status: Enabled <defaulted>

risk-rating-range: 95-100 default: 0-100

-----------------------------------------------

Step 9

Delete the event action override.

sensor(config-eve)# no overrides deny-attacker-inline

sensor(config-eve-ove)#

Step 10

Verify that you deleted the event action override.

sensor(config-eve-ove)# exit

sensor(config-eve)# show settings

overrides (min: 0, max: 14, current: 1)

-----------------------------------------------

previous next