A-32
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix A System Architecture
Communications
Communications
This section describes the communications protocols used by the Cisco IPS. It contains the following
topics:
• IDAPI, page A-32
• IDIOM, page A-33
• IDCONF, page A-33
• SDEE, page A-34
• CIDEE, page A-34
IDAPI
IPS applications use an interprocess communication API called the IDAPI to handle internal
communications. The IDAPI reads and writes event data and provides a mechanism for control
transactions. The IDAPI is the interface through which all the applications communicate.
The SensorApp captures and analyzes the network traffic on its interfaces. When a signature is matched,
the SensorApp generates an alert, which is stored in the Event Store. If the signature is configured to
perform the blocking response action, the SensorApp generates a block event, which is also stored in the
Event Store.
Figure A-6 illustrates the IDAPI interface.
Figure A-6 IDAPI
Each application registers to the IDAPI to send and receive events and control transactions. The IDAPI
provides the following services:
• Control transactions
–
Initiates the control transaction.
–
Waits for the inbound control transaction.
–
Responds to the control transaction.
• IPS events
–
Subscribes to remote IPS events, which are stored in the Event Store when received.
–
Reads IPS events from the Event Store.
–
Writes IPS events to the Event Store.
The IDAPI provides the necessary synchronization mechanisms to guarantee atomic data accesses.
119096
Alert
Block
request
Alert
Block
request
IDAPI
SensorApp
Event Store