9-45
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 9 Configuring Anomaly Detection
Working With KB Files
None
Thresholds differ more than 10%
External Zone
None
Illegal Zone
TCP Services
Service = 31
Service = 22
UDP Services
None
Other Protocols
Protocol = 3
Internal Zone
None
sensor#
Displaying the Thresholds for a KB
Use the show ad-knowledge-base virtual-sensor thresholds {current | initial | file name} [zone
{external | illegal | internal]} {[protocol {tcp | udp}] [dst-port port] | [protocol other] [number
protocol-number]} command in privileged EXEC mode to display the thresholds in a KB.
The following options apply:
•
virtual-sensor—Specifies the name of the virtual sensor that contains the KB files you want to
compare.
•
name—Specifies the name of the existing KB file.
•
current—Specifies the currently loaded KB.
•
initial—Specifies the initial KB.
•
file—Specifies the name of an existing KB file.
•
zone—(Optional) Displays the thresholds for the specified zone. The default displays information
for all zones.
•
external—Displays the thresholds for the external zone.
•
illegal—Displays the thresholds for the illegal zone.
•
internal—Displays the thresholds for the internal zone.
•
protocol—(Optional) Displays the thresholds for the specified protocol. The default displays
information about all protocols.
•
tcp—Displays the thresholds for the TCP protocol.
•
udp—Displays the thresholds for the UDP protocol.
•
other—Displays the thresholds for the other protocols besides TCP or UDP.
•
dst-port—(Optional) Displays thresholds for the specified port. The default displays information
about all TCP and/or UDP ports.
•
port—Specifies the port number. The valid values are 0 to 65535.
•
number—(Optional) Displays thresholds for the specified other protocol number. The default
displays information for all other protocols.
•
protocol-number—Specifies the protocol number. The valid values are 0 to 255.