Sitemap

Amicuk Programming Answers

New to IPS 4240 - What else can I use to manage it?

-0001-11-30   Views:0

Advertisement

I have just purchased a Cisco IPS 4240 and have it up and running. Have been using the IEV to view IPS information and that works ok. The VMS 2.2 that came included with the IPS will not work with the current Cisco works (LMS 2.5) installation that w

I have just purchased a Cisco IPS 4240 and have it up and running. Have been using the IEV to view IPS information and that works ok. The VMS 2.2 that came included with the IPS will not work with the current Cisco works (LMS 2.5) installation that we have.
My question is, is there any other tool besides the IEV and the VMS 2.2 that I can use to mange/monitor my IPS? the IEV seems so limited.
I have downloaded the newer VMS from the Cisco site and am planning to test that this comming week, but wanted to know ahead of time if I needed to waste my time with this tool or not.
Thanks!

The replay answer
Advertisement
The latest CSMARS release is promising and honestly the netforensics solution offered by Cisco probably wouldn't be a good fit for the op, but I think Cisco needs to rething pushing the MARS in leui of everything else. As a previous customer of netforensics, and now a user of CSMARS...there are definitely many things that netforensics does better than CSMARS.
My biggest beef with CSMARS is the seemingly casual way in which it treats time and "raw messages". IMHO, these should be sacred to any SIM. I can elaborate, but for the sake of brevity I'll just give a couple examples:
The signature name reported in the "raw message" that MARS makes available is not always correct. Also, custom signature events report as "unknown" in the "raw message". Clearly this is not a "raw message" by any reasonable interpretation...MARS is writing bits that never existed in the original message.
the event contextual information is very often truncated. If you rely on this a great deal, the MARS probably isn't for you. There's also no interface for decoding it, requiring a cut-and-paste into your favorite decoder.
Believe me, I could go on. On the bright side, the MARS is showing promise...I was able to cross off my list quite a few issues after the latest upgrade.
Matt

Go to See the other 8 answers

New to IPS 4240 - What else can I use to manage it?

Category:DefaultRelease time:-0001-11-30Views:130

I have just purchased a Cisco IPS 4240 and have it up and running. Have been using the IEV to view IPS information and that works ok. The VMS 2.2 that came included with the IPS will not work with the current Cisco works (LMS 2.5) installation that w[More]

TCP RESET - CISCO IPS 4240 in IDS Mode - Block Teamviewer

Category:DefaultRelease time:2015-10-11Views:130

I would like to block teamviewer in my network. we are using CISCO IPS 4240 in IDS Mode. I found that there are signatures for teamviewer in latest Signatures. We have only configured promiscuous interface, I read that we can issue TCP resets thru pr[More]

IPS 4240 software 6.2(3)E4

Category:DefaultRelease time:2015-10-11Views:130

Hello! I have a sensor IPS-4240 which holds IPS software 6.2(3)E4. Right now we havn't got a license. With the device wh have almost 100% cpu usage all the time: show statistics host General Statistics    Last Change To Host Config (UTC) = 27-Dec-201[More]

Cisco IPS 4240 stops file downloads at 90%

Category:DefaultRelease time:-0001-11-30Views:130

Hi everybody. I have a Cisco IPS 4240 with version 7.0.4 installed and upgraded to the last signature. But since it was installed i have the issue with some file downloads because the IPS stops the file at 90-99% of download percentage (in some cases[More]

Need Information about IPS 4240

Category:DefaultRelease time:-0001-11-30Views:130

Hello, Could you please give me information about IPS 4240: Number of sessions Number of signature Number of protocol Thank you very muchRefer to the following urls for moreinfo on using IPS 4240: http://www.cisco.com/en/US/docs/security/ips/6.0/conf[More]

IPS-4240 Password Recovery

Category:DefaultRelease time:-0001-11-30Views:130

Hi, I have a problem with IPS-4240. Nobody of my workmates knows the password and I read that the only way is to reinstall the version of IOS. Is there any other way to recover the password than reinstalling? thanks. GNU GRUB  version 1.0(11)2  (631K[More]

How to configure IPS 4240 - K9 to send log file to syslog server

Category:DefaultRelease time:-0001-11-30Views:130

I am looking for the commands in how to configure IPS 4240-k9 to send log file to SYSLOG server. If anybody has or came across similer issue please advice. Thanks in advanced.Ali - I am sorry to tell you, but the Cisco IPS Sensors do not send Syslog[More]

Upgrading IPS-4240-K9

Category:DefaultRelease time:-0001-11-30Views:130

Hi,      I have an IPS-4240-K9 with system Version 5.1(8)E2 and I need to upgrade to the last version Release 7.1(7)E4, I need to know if there is some way to do this without jumping from all the old versions (6.0 E2, 6.0 E3, 6.0E4, etc) do i need to[More]

Unable to load IPS 4240 IOS from Rom Mode

Category:DefaultRelease time:-0001-11-30Views:130

Hi Experts, Kindl asist me in load the IPS IOS on the IPS 4240 from rommon mode. Note: I can only access the IPS via rommon only becuase the existing ios is cuppted and formatted. The rommon output is give bellow: rommon #2> set ROMMON Variable Setti[More]

IPS 4240 Design Question

Category:DefaultRelease time:-0001-11-30Views:130

I have two IPS 4240s that may be placed between our internal network and our extranet firewall. The firewall set is your standard ASA-5520 active/failover pair connected to two switches. Q1 - If I am not worried about atomic attacks, is there any oth[More]

IPS 4240 fail open

Category:DefaultRelease time:-0001-11-30Views:130

Hi All, I have a single unit of IPS 4240. I want to know if my sensor or the unit itself fails/shutdowns, is there any option where in my traffic will be passed so that there is no downtime. Thanks PratikYou can configure the sensor when it's inline[More]

Hot
Hi all, as above. Ran into problems enabling C&Q after flashing BIOS to the latest even with same settings as previous. Was previously using version 1.5. Not sure anyone else had this prob? I am using a Phenom 2 965BE and Team Xtreem 1600 4GB. The pr [More]
I have just freed some space, as I was unable to add any new files or Apps. How can i store my movies elsewhere? i am not bothered about a back up copy, just another storage area. I use them and play via PS3. I think i have used about 250gb on my Int [More]
I am trying to play a recording live that is 5 years in the making. Obviously, Logic has progressed in this time. Anyway, there are tempo tracks for the songs and I can't get MainStage2 to recognize them so I have been forced to add a click track and [More]
When I get to the custom installation screen while installing Windows 7 there are no drives to be found and I cannot find a driver to load that would allow it to work.  Any Ideas? This question was solved. View Solution.Hi: Try this... Download the d [More]
Hi, The effects pallet is just not showing up for users with network homes. Is there any way to get thsi working, with MCX redirector perhaps ?? This is urgent, tried calling Adobe but lines are constantly engaged.Can you please elaborate a little on [More]
There are three html buttons, each of them takes the user to a particular page once selected. I know an onClick method as follows but what comes after this??: out.println("<P ALIGN=CENTER ><INPUT TYPE=submit value=ENTER onClick.............. [More]
Hi, Does anyone know how to display designer module version no. on the form? Thanks in advanceWith Headstart, we suggest you create a module argument P_REVISION and manually populate this item with the current revision of your module. You can then se [More]
Everytime I add an adjustment layer to CS5 layers palette, the adjustment layer comes in as a clipping mask and is clipped to the layer below.  I must have accidently invoked something that is causing this.  It is very frustrating and time consuming [More]
Please help I have almost pulled what little hair I have left out. The desktop is XP and has just been reconfigured. It is connected to the internet via the wireless adapter with good signal. i just cannot view anything and the **bleep** things tells [More]
Hi all. Does anyone have any advice on this strange problem..??? On the Logic Pro 8 Manual it says that : +"When you open a MIDI file in Logic Pro 8, software instrument tracks are automatically created for each MIDI track"+ My problem is that w [More]