Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
8-8
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 8 Defining Signatures
Configuring Signatures
specify-global-summary-threshold {yes | no}—(Optional) Enables global summary threshold
mode:
global-summary-threshold—Specifies the threshold number of events to take alert in to global
summary. The value is 1 to 65535.
Configuring Alert Frequency
To configure the alert frequency parameters of a signature, follow these steps:
Step 1 Log in to the CLI using an account with administrator or operator privileges.
Step 2 Enter signature definition submode.
sensor# configure terminal
sensor(config)# service signature-definition sig1
Step 3 Specify the signature you want to configure.
sensor(config-sig)# signatures 9000 0
Step 4 Enter alert frequency submode.
sensor(config-sig-sig)# alert-frequency
Step 5 Specify the alert frequency of this signature:
a. Configure the summary mode to, for example, fire once.
sensor(config-sig-sig-ale)# summary-mode fire-once
sensor(config-sig-sig-ale-fir)# specify-global-summary-threshold yes
sensor(config-sig-sig-ale-fir-yes)# global-summary-threshold 3000
sensor(config-sig-sig-ale-fir-yes)# summary-interval 5000
b. Specify the summary key.
sensor(config-sig-sig-ale-fir-yes)# exit
sensor(config-sig-sig-ale-fir)# summary-key AxBx
c. Verify the settings.
sensor(config-sig-sig-ale-fir)# show settings
fire-once
-----------------------------------------------
summary-key: AxBx default: Axxx
specify-global-summary-threshold
-----------------------------------------------
yes
-----------------------------------------------
global-summary-threshold: 3000 default: 120
summary-interval: 5000 default: 15
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
sensor(config-sig-sig-ale-fir)#
Step 6 Exit alert-frequency submode.
sensor(config-sig-sig-ale-fir)# exit
sensor(config-sig-sig-ale)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:
 previous next