CHAPTER
9-1
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
9
Configuring Anomaly Detection
This chapter describes anomaly detection (AD) and its features and how to configure them. This chapter
contains the following topics:
• Anomaly Detection Notes and Caveats, page 9-2
• Understanding Security Policies, page 9-2
• Understanding Anomaly Detection, page 9-2
• Understanding Worms, page 9-2
• Anomaly Detection Modes, page 9-3
• Anomaly Detection Zones, page 9-4
• Anomaly Detection Configuration Sequence, page 9-5
• Anomaly Detection Signatures, page 9-6
• Enabling Anomaly Detection, page 9-8
• Working With Anomaly Detection Policies, page 9-9
• Configuring Anomaly Detection Operational Settings, page 9-10
• Configuring the Internal Zone, page 9-12
• Configuring the Illegal Zone, page 9-20
• Configuring the External Zone, page 9-29
• Configuring Learning Accept Mode, page 9-37
• Working With KB Files, page 9-40
• Displaying Anomaly Detection Statistics, page 9-47
• Disabling Anomaly Detection, page 9-49