Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

7-13

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 7 Configuring Event Action Rules

Configuring Target Value Ratings

-----------------------------------------------

ipv6-address: ::0-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF default: ::0

FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

-----------------------------------------------

Step 8 Delete an event action rules variable.

sensor(config-eve)# no variables variable-ipv6

Step 9 Verify the event action rules variable you deleted.

sensor(config-eve)# show settings

variables (min: 0, max: 256, current: 1)

-----------------------------------------------

variableName: variableipv4

-----------------------------------------------

address: 192.0.2.3 default: 0.0.0.0-255.255.255.255

-----------------------------------------------

Step 10 Exit event action rules submode.

sensor(config-eve)# exit

Apply Changes:?[yes]:

Step 11 Press Enter to apply your changes or enter no to discard them.

Configuring Target Value Ratings

This section describes what risk rating is and how to use it to configure target value ratings. This section

contains the following topics:

• Calculating the Risk Rating, page 7-13

• Understanding Threat Rating, page 7-15

• Adding, Editing, and Deleting Target Value Ratings, page 7-15

Calculating the Risk Rating

A risk rating (RR) is a value between 0 and 100 that represents a numerical quantification of the risk

associated with a particular event on the network. The calculation takes into account the value of the

network asset being attacked (for example, a particular server), so it is configured on a per-signature

basis using the attack severity rating and the signature fidelity rating, and on a per-server basis using the

target value rating. The risk rating is calculated from several components, some of which are configured,

some collected, and some derived.

Note The risk rating is associated with alerts not signatures.

Risk ratings let you prioritize alerts that need your attention. These risk rating factors take into

consideration the severity of the attack if it succeeds, the fidelity of the signature, the reputation score

of the attacker from the global correlation data, and the overall value of the target host to you. The risk

rating is reported in the evIdsAlert.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual