Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

9-46

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 9 Configuring Anomaly Detection

Working With KB Files

• illegal—Displays the thresholds for the illegal zone.

• internal—Displays the thresholds for the internal zone.

• protocol—(Optional) Displays the thresholds for the specified protocol. The default displays

information about all protocols.

• tcp—Displays the thresholds for the TCP protocol.

• udp—Displays the thresholds for the UDP protocol.

• other—Displays the thresholds for the other protocols besides TCP or UDP.

• dst-port—(Optional) Displays thresholds for the specified port. The default displays information

about all TCP and/or UDP ports.

• port—Specifies the port number. The valid values are 0 to 65535.

• number—(Optional) Displays thresholds for the specified other protocol number. The default

displays information for all other protocols.

• protocol-number—Specifies the protocol number. The valid values are 0 to 255.

Displaying KB Thresholds

To display the KB thresholds, follow these steps:

Step 1 Log in to the CLI.

Step 2 Locate the file for which you want to display thresholds:

sensor# show ad-knowledge-base vs1 files

Virtual Sensor vs1

Filename Size Created

initial 84 10:24:58 CDT Tue Mar 14 2006

2006-Mar-16-10_00_00 84 10:00:00 CDT Thu Mar 16 2006

2006-Mar-17-10_00_00 84 10:00:00 CDT Fri Mar 17 2006

2006-Mar-18-10_00_00 84 10:00:00 CDT Sat Mar 18 2006

2006-Mar-19-10_00_00 84 10:00:00 CDT Sun Mar 19 2006

2006-Mar-27-10_00_00 84 10:00:00 CDT Mon Mar 27 2006

2006-Apr-24-05_00_00 88 05:00:00 CDT Mon Apr 24 2006

* 2006-Apr-25-05_00_00 88 05:00:00 CDT Tue Apr 25 2006

Step 3 Display thresholds contained in a specific file for the illegal zone.

sensor# show ad-knowledge-base vs0 thresholds file 2006-Nov-11-10_00_00 zone illegal

AD Thresholds

Creation Date = 2006-Nov-11-10_00_00

KB = 2006-Nov-11-10_00_00

Illegal Zone

TCP Services

Default

Scanner Threshold

User Configuration = 200

Threshold Histogram - User Configuration

Low = 10

Medium = 3

High = 1

UDP Services

Default

Scanner Threshold

User Configuration = 200

Threshold Histogram - User Configuration

Low = 10

Medium = 3

previous next