Filter
Top Products
9-36
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 9 Configuring Anomaly Detection
Configuring Learning Accept Mode
-----------------------------------------------
dest-ip-bin: high
num-source-ips: 75
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
enabled: true default: true
-----------------------------------------------
-----------------------------------------------
default-thresholds
-----------------------------------------------
scanner-threshold: 200 <defaulted>
threshold-histogram (min: 0, max: 3, current: 3)
-----------------------------------------------
<protected entry>
dest-ip-bin: low <defaulted>
num-source-ips: 10 <defaulted>
<protected entry>
dest-ip-bin: medium <defaulted>
num-source-ips: 1 <defaulted>
<protected entry>
dest-ip-bin: high <defaulted>
num-source-ips: 1 <defaulted>
-----------------------------------------------
-----------------------------------------------
enabled: true default: true
-----------------------------------------------
sensor(config-ano-ext-oth)#
Configuring Learning Accept Mode
This section describes KBs and histograms and how to configure learning accept mode. It contains the
following topics:
•
The KB and Histograms, page 9-36
•
Configuring Learning Accept Mode, page 9-38
The KB and Histograms
The KB has a tree structure, and contains the following information:
•
KB name
•
Zone name
•
Protocol
•
Service
The KB holds a scanner threshold and a histogram for each service. If you have learning accept mode
set to auto and the action set to rotate, a new KB is created every 24 hours and used in the next 24 hours.
If you have learning accept mode set to auto and the action is set to save only, a new KB is created, but
the current KB is used. If you do not have learning accept mode set to auto, no KB is created.