Filter
Top Products
9-9
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 9 Configuring Anomaly Detection
Working With Anomaly Detection Policies
Step 5 Exit analysis engine submode.
sensor(config-ana-vir-ano)# exit
sensor(config-ana-vir)# exit
sensor(config-ana-)# exit
Apply Changes:?[yes]:
Step 6 Press Enter to apply your changes or enter no to discard them.
Working With Anomaly Detection Policies
Use the service anomaly-detection name command in service anomaly detection submode to create an
anomaly detection policy. The values of this anomaly detection policy are the same as the default
anomaly detection policy, ad0, until you edit them. Or you can use the copy anomaly-detection
source_destination command in privileged EXEC mode to make a copy of an existing policy and then
edit the values of the new policy as needed. Use the list anomaly-detection-configurations command
in privileged EXEC mode to list the anomaly detection policies. Use the no service anomaly-detection
name command in global configuration mode to delete an anomaly detection policy. Use the default
service anomaly-detection name command in global configuration mode to reset the anomaly detection
policy to factory settings.
Working With Anomaly Detection Policies
To create, copy, display, edit, and delete anomaly detection policies, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Create an anomaly detection policy.
sensor# configure terminal
sensor(config)# service anomaly-detection MyAnomaly Detection
Editing new instance MyAnomaly Detection.
sensor(config-ano)# exit
Apply Changes?[yes]: yes
sensor(config)# exit
sensor#
Step 3 Or copy an existing anomaly detection policy to a new anomaly detection policy.
sensor# copy anomaly-detection ad0 ad1
sensor#
Note You receive an error if the policy already exists or if there is not enough space available for the
new policy.
Step 4 Accept the default anomaly detection policy values or edit the following parameters:
a. Configure the operational settings.
b. Configure the zones.
c. Configure learning accept mode.
d. Learn how to work with KBs.