Filter
Top Products
9-8
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 9 Configuring Anomaly Detection
Enabling Anomaly Detection
For More Information
For the procedure for assigning actions to signatures, see Assigning Actions to Signatures, page 8-15.
Enabling Anomaly Detection
To enable anomaly detection, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter analysis engine submode.
sensor# configure terminal
sensor(config)# service analysis-engine
sensor(config-ana)#
Step 3 Enter the virtual sensor name that contains the anomaly detection policy you want to enable.
sensor(config-ana)# virtual-sensor vs0
sensor(config-ana-vir)#
Step 4 Enable anomaly detection operational mode.
sensor(config-ana-vir)# anomaly-detection
sensor(config-ana-vir-ano)# operational-mode detect
sensor(config-ana-vir-ano)#
13006 0 Illegal TCP Scanner Identified a single scanner over a TCP
protocol in the illegal zone.
13006 1 Illegal TCP Scanner Identified a worm attack over a TCP
protocol in the illegal zone; the TCP
histogram threshold was crossed and a
scanner over a TCP protocol was
identified.
13007 0 Illegal UDP Scanner Identified a single scanner over a UDP
protocol in the illegal zone.
13007 1 Illegal UDP Scanner Identified a worm attack over a UDP
protocol in the illegal zone; the UDP
histogram threshold was crossed and a
scanner over a UDP protocol was
identified.
13008 0 Illegal Other Scanner Identified a single scanner over an Other
protocol in the illegal zone.
13008 1 Illegal Other Scanner Identified a worm attack over an Other
protocol in the illegal zone; the Other
histogram threshold was crossed and a
scanner over an Other protocol was
identified.
Table 9-1 Anomaly Detection Worm Signatures (continued)
Signature ID Subsignature ID Name Description