Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

9-39

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 9 Configuring Anomaly Detection

Configuring Learning Accept Mode

–

periodic-schedule {interval} {start-time}—Starts learning accept mode at specific periodic

intervals.

Configuring Learning Accept Mode

The first saving begins after a full interval between configuration time and start time. For example, if the

time is now 16:00 and you configure start time at 16:30 with an interval of one hour, the first KB is saved

at 17:30, because there was no one-hour interval between 16:00 and 16:30.

To configure learning accept mode, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 Enter anomaly detection submode.

sensor# configure terminal

sensor(config)# service anomaly-detection ad1

Step 3 Specify how the KB is saved and loaded:

a. Specify that the KB is automatically saved and loaded. Go to Step 4.

sensor(config-ano)# learning-accept-mode auto

sensor(config-ano-aut)#

b. Specify that the KB is going to be manually saved and loaded. Go to Step 6.

sensor(config-ano)# learning-accept-mode manual

sensor(config-ano-man)#

Step 4 Specify how you want the KB automatically accepted:

a. Save the KB so that you can inspect it and decide whether to load it. Go to Step 6.

sensor(config-ano-aut)# action save-only

b. Have the KB saved and loaded as the current KB according to the schedule you define. Continue

with Step 5.

sensor(config-ano-aut)# action rotate

Step 5 Schedule the automatic KB saves and loads:

• Calendar schedule—With this schedule the KB is saved and loaded every Monday at midnight.

sensor(config-ano-aut)# schedule calendar-schedule

sensor(config-ano-aut-cal)# days-of-week monday

sensor(config-ano-aut-cal)# times-of-day time 24:00:00

• Periodic schedule—With this schedule the KB is saved and loaded every 24 hours at midnight.

sensor(config-ano-aut)# schedule periodic-schedule

sensor(config-ano-aut-per)# start-time 24:00:00

sensor(config-ano-aut-per)# interval 24

Step 6 Verify the settings.

sensor(config-ano-aut-per)# exit

sensor(config-ano-aut)# show settings

auto

-----------------------------------------------

action: rotate default: rotate

schedule

-----------------------------------------------

periodic-schedule

-----------------------------------------------

previous next