Filter
Top Products
9-18
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 9 Configuring Anomaly Detection
Configuring the Internal Zone
-----------------------------------------------
no
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
enabled: true <defaulted>
-----------------------------------------------
-----------------------------------------------
default-thresholds
-----------------------------------------------
scanner-threshold: 120 default: 200
threshold-histogram (min: 0, max: 3, current: 3)
-----------------------------------------------
<protected entry>
dest-ip-bin: low <defaulted>
num-source-ips: 10 <defaulted>
<protected entry>
dest-ip-bin: medium
num-source-ips: 120 default: 1
<protected entry>
dest-ip-bin: high <defaulted>
num-source-ips: 1 <defaulted>
-----------------------------------------------
-----------------------------------------------
enabled: true <defaulted>
-----------------------------------------------
sensor(config-ano-int-udp)#
Configuring Other Protocols for the Internal Zone
Use the other {enabled | protocol number | default-thresholds} command in service anomaly detection
internal zone submode to enable and configure the other services. The following options apply:
• enabled {false | true}—Enables/disables other protocols.
• default-thresholds—Defines thresholds to be used for all ports not specified in the destination port
map:
–
threshold-histogram {low | medium | high} num-source-ips number—Sets values in the
threshold histogram.
–
scanner-threshold—Sets the scanner threshold. The default is 200.
• protocol-number number—Defines thresholds for specific protocols. The valid values are 0 to 255.
• enabled {true | false}—Enables/disables the service.
• override-scanner-settings {yes | no}—Lets you override the scanner values:
–
threshold-histogram {low | medium | high} num-source-ips number—Sets values in the
threshold histogram.
–
scanner-threshold—Sets the scanner threshold. The default is 200.