Filter
Top Products
9-47
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 9 Configuring Anomaly Detection
Displaying Anomaly Detection Statistics
Default
Scanner Threshold
User Configuration = 200
Threshold Histogram - User Configuration
Low = 10
Medium = 3
High = 1
sensor#
Step 5
Display thresholds contained in the current KB illegal zone, and protocol other.
sensor# show ad-knowledge-base vs0 thresholds current zone illegal protocol other
AD Thresholds
Creation Date = 2006-Nov-14-10_00_00
KB = 2006-Nov-14-10_00_00
Illegal Zone
Other Services
Default
Scanner Threshold
User Configuration = 200
Threshold Histogram - User Configuration
Low = 10
Medium = 3
High = 1
sensor#
Displaying Anomaly Detection Statistics
Use the show statistics anomaly-detection [virtual-sensor-name] command in privileged EXEC mode
to display the statistics for anomaly detection. You can see if an attack is in progress (
Attack in
progress
or
No attack
). You can also see when the next KB will be saved (
Next KB rotation at
10:00:00 UTC Wed Apr 26 2006
).
Note
The clear command is not available for anomaly detection statistics.
To display anomaly detection statistics, follow these steps:
Step 1
Log in to the CLI.
Step 2
Display the anomaly detection statistics for a specific virtual sensor.
sensor# show statistics anomaly-detection vs0
Statistics for Virtual Sensor vs0
No attack
Detection - ON
Learning - ON
Next KB rotation at 10:00:00 UTC Wed Apr 26 2006
Internal Zone
TCP Protocol
UDP Protocol
Other Protocol
External Zone
TCP Protocol
UDP Protocol
Other Protocol
Illegal Zone