Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

7-25

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 7 Configuring Event Action Rules

Configuring Event Action Filters

sensor(config-eve-fil)# exit

sensor(config-eve)# show settings

-----------------------------------------------

filters (min: 0, max: 4096, current: 5 - 4 active, 1 inactive)

-----------------------------------------------

ACTIVE list-contents

-----------------------------------------------

NAME: name5

-----------------------------------------------

signature-id-range: 900-65535 <defaulted>

subsignature-id-range: 0-255 <defaulted>

attacker-address-range: 0.0.0.0-255.255.255.255 <defaulted>

victim-address-range: 0.0.0.0-255.255.255.255 <defaulted>

attacker-port-range: 0-65535 <defaulted>

victim-port-range: 0-65535 <defaulted>

risk-rating-range: 0-100 <defaulted>

actions-to-remove: <defaulted>

filter-item-status: Enabled <defaulted>

stop-on-match: False <defaulted>

user-comment: <defaulted>

-----------------------------------------------

-----------------------------------------------

NAME: name1

-----------------------------------------------

signature-id-range: 900-65535 <defaulted>

subsignature-id-range: 0-255 <defaulted>

attacker-address-range: 0.0.0.0-255.255.255.255 <defaulted>

victim-address-range: 0.0.0.0-255.255.255.255 <defaulted>

attacker-port-range: 0-65535 <defaulted>

victim-port-range: 0-65535 <defaulted>

risk-rating-range: 0-100 <defaulted>

actions-to-remove: <defaulted>

filter-item-status: Enabled <defaulted>

stop-on-match: False <defaulted>

user-comment: <defaulted>

-----------------------------------------------

-----------------------------------------------

NAME: name2

-----------------------------------------------

signature-id-range: 900-65535 <defaulted>

subsignature-id-range: 0-255 <defaulted>

attacker-address-range: 0.0.0.0-255.255.255.255 <defaulted>

victim-address-range: 0.0.0.0-255.255.255.255 <defaulted>

attacker-port-range: 0-65535 <defaulted>

victim-port-range: 0-65535 <defaulted>

risk-rating-range: 0-100 <defaulted>

actions-to-remove: <defaulted>

filter-item-status: Enabled <defaulted>

stop-on-match: False <defaulted>

user-comment: <defaulted>

-----------------------------------------------

-----------------------------------------------

-----------------------------------------------

INACTIVE list-contents

-----------------------------------------------

-----------------------------------------------

sensor(config-eve)#

Step 10 Move a filter to the inactive list.

sensor(config-eve)# filters move name1 inactive

previous next