Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

7-11

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 7 Configuring Event Action Rules

Event Action Variables

Note You must preface the event variable with a dollar ($) sign to indicate that you are using a variable rather

than a string.

Some variables cannot be deleted because they are necessary to the signature system. If a variable is

protected, you cannot select it to edit it. You receive an error message if you try to delete protected

variables. You can edit only one variable at a time.

IPv4 Addresses

When configuring IPv4 addresses, specify the full IP address or ranges or set of ranges:

• 192.0.2.3-192.0.2.26

• 10.90.1.1

• 192.56.10.1-192.56.10.255

• 10.1.1.1-10.2.255.255, 192.0.2.3-192.0.2.26

IPv6 Addresses

When configuring IPv6 addresses, use the following format:

<XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX>-<XXXX:XXXX:XXXX:XXXX:XX

XX:XXXX:XXXX:XXXX>[,<XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX>-<XXX

X:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX>]

Note IPv6 addresses are 128 bits represented in hexadecimal and divided into eight 16-bit groups

separated by colons. You can skip the leading zeros and you can represent the zeroed groups in

the middle with a double colon (::). You must start the address with the 2001:db8 prefix.

Timesaver If you have an IP address space that applies to your engineering group and there are no Windows systems

in that group, and you are not worried about any Windows-based attacks to that group, you could set up

a variable to be the IP address space of the engineering group. You could then use this variable to

configure a filter that would ignore all Windows-based attacks for this group.

Adding, Editing, and Deleting Event Action Variables

Note Global correlation inspection and the reputation filtering deny features do not support IPv6 addresses.

For global correlation inspection, the sensor does not receive or process reputation data for IPv6

addresses. The risk rating for IPv6 addresses is not modified for global correlation inspection. Similarly,

network participation does not include event data for attacks from IPv6 addresses. And finally, IPv6

addresses do not appear in the deny list.

Note Rate limiting and blocking are not supported for IPv6 traffic. If a signature is configured with a block or

rate limit event action and is triggered by IPv6 traffic, an alert is generated but the action is not carried

out.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual