Sitemap

Amicuk Programming Answers

New to IPS 4240 - What else can I use to manage it?

-0001-11-30   Views:0

Advertisement

I have just purchased a Cisco IPS 4240 and have it up and running. Have been using the IEV to view IPS information and that works ok. The VMS 2.2 that came included with the IPS will not work with the current Cisco works (LMS 2.5) installation that w

I have just purchased a Cisco IPS 4240 and have it up and running. Have been using the IEV to view IPS information and that works ok. The VMS 2.2 that came included with the IPS will not work with the current Cisco works (LMS 2.5) installation that we have.
My question is, is there any other tool besides the IEV and the VMS 2.2 that I can use to mange/monitor my IPS? the IEV seems so limited.
I have downloaded the newer VMS from the Cisco site and am planning to test that this comming week, but wanted to know ahead of time if I needed to waste my time with this tool or not.
Thanks!

The replay answer
Advertisement
The latest CSMARS release is promising and honestly the netforensics solution offered by Cisco probably wouldn't be a good fit for the op, but I think Cisco needs to rething pushing the MARS in leui of everything else. As a previous customer of netforensics, and now a user of CSMARS...there are definitely many things that netforensics does better than CSMARS.
My biggest beef with CSMARS is the seemingly casual way in which it treats time and "raw messages". IMHO, these should be sacred to any SIM. I can elaborate, but for the sake of brevity I'll just give a couple examples:
The signature name reported in the "raw message" that MARS makes available is not always correct. Also, custom signature events report as "unknown" in the "raw message". Clearly this is not a "raw message" by any reasonable interpretation...MARS is writing bits that never existed in the original message.
the event contextual information is very often truncated. If you rely on this a great deal, the MARS probably isn't for you. There's also no interface for decoding it, requiring a cut-and-paste into your favorite decoder.
Believe me, I could go on. On the bright side, the MARS is showing promise...I was able to cross off my list quite a few issues after the latest upgrade.
Matt

Go to See the other 8 answers

New to IPS 4240 - What else can I use to manage it?

Category:DefaultRelease time:-0001-11-30Views:130

I have just purchased a Cisco IPS 4240 and have it up and running. Have been using the IEV to view IPS information and that works ok. The VMS 2.2 that came included with the IPS will not work with the current Cisco works (LMS 2.5) installation that w[More]

TCP RESET - CISCO IPS 4240 in IDS Mode - Block Teamviewer

Category:DefaultRelease time:2015-10-11Views:130

I would like to block teamviewer in my network. we are using CISCO IPS 4240 in IDS Mode. I found that there are signatures for teamviewer in latest Signatures. We have only configured promiscuous interface, I read that we can issue TCP resets thru pr[More]

IPS 4240 software 6.2(3)E4

Category:DefaultRelease time:2015-10-11Views:130

Hello! I have a sensor IPS-4240 which holds IPS software 6.2(3)E4. Right now we havn't got a license. With the device wh have almost 100% cpu usage all the time: show statistics host General Statistics    Last Change To Host Config (UTC) = 27-Dec-201[More]

Cisco IPS 4240 stops file downloads at 90%

Category:DefaultRelease time:-0001-11-30Views:130

Hi everybody. I have a Cisco IPS 4240 with version 7.0.4 installed and upgraded to the last signature. But since it was installed i have the issue with some file downloads because the IPS stops the file at 90-99% of download percentage (in some cases[More]

Need Information about IPS 4240

Category:DefaultRelease time:-0001-11-30Views:130

Hello, Could you please give me information about IPS 4240: Number of sessions Number of signature Number of protocol Thank you very muchRefer to the following urls for moreinfo on using IPS 4240: http://www.cisco.com/en/US/docs/security/ips/6.0/conf[More]

IPS-4240 Password Recovery

Category:DefaultRelease time:-0001-11-30Views:130

Hi, I have a problem with IPS-4240. Nobody of my workmates knows the password and I read that the only way is to reinstall the version of IOS. Is there any other way to recover the password than reinstalling? thanks. GNU GRUB  version 1.0(11)2  (631K[More]

How to configure IPS 4240 - K9 to send log file to syslog server

Category:DefaultRelease time:-0001-11-30Views:130

I am looking for the commands in how to configure IPS 4240-k9 to send log file to SYSLOG server. If anybody has or came across similer issue please advice. Thanks in advanced.Ali - I am sorry to tell you, but the Cisco IPS Sensors do not send Syslog[More]

Upgrading IPS-4240-K9

Category:DefaultRelease time:-0001-11-30Views:130

Hi,      I have an IPS-4240-K9 with system Version 5.1(8)E2 and I need to upgrade to the last version Release 7.1(7)E4, I need to know if there is some way to do this without jumping from all the old versions (6.0 E2, 6.0 E3, 6.0E4, etc) do i need to[More]

Unable to load IPS 4240 IOS from Rom Mode

Category:DefaultRelease time:-0001-11-30Views:130

Hi Experts, Kindl asist me in load the IPS IOS on the IPS 4240 from rommon mode. Note: I can only access the IPS via rommon only becuase the existing ios is cuppted and formatted. The rommon output is give bellow: rommon #2> set ROMMON Variable Setti[More]

IPS 4240 Design Question

Category:DefaultRelease time:-0001-11-30Views:130

I have two IPS 4240s that may be placed between our internal network and our extranet firewall. The firewall set is your standard ASA-5520 active/failover pair connected to two switches. Q1 - If I am not worried about atomic attacks, is there any oth[More]

IPS 4240 fail open

Category:DefaultRelease time:-0001-11-30Views:130

Hi All, I have a single unit of IPS 4240. I want to know if my sensor or the unit itself fails/shutdowns, is there any option where in my traffic will be passed so that there is no downtime. Thanks PratikYou can configure the sensor when it's inline[More]

Hot
We made a successfully installation of AS 9.0.4 on AIX 5.3, but we cannot do the same installation on AIX 5.3-01. We are looking for some experience. The installation crash during OID wizard (MR+IM). Tx, Diego.Tx Martin. It already makes the search i [More]
Hi! I was going to install Windows in BootCamp, but in some way i managed to formate my whole OS X disk. Now when I try to boot up my MacBook, it only shows a folder sign with a question mark inside of it. I've tried to boot it up from a USB stick by [More]
Hi Friends, I have developed a m employee application in SAP MI 7.1 through Netweaver Developer Studio running succesfully on mobile simulater. I have also successfuly Installed SAP MI Client 7.1 on my mobile device. Now I am struggling with how to d [More]
Hi. I have a VERY simple report that all I want it to do is display the numbers from a table EXACTLY as formatted and be able to export them to Excel, as NUMBER (not STRINGS). Example: My fields may contains the following values in a single column: 4 [More]
Hi All, I have two different plugins - In one, I am writing the persistent data and in the other I want to read this data. By making the dependency on the first plugin, I am able to read the data from the second one. But how can we read the data from [More]
How do I turn on an old computer so it is a "dumb" terminal?  It is connected to the new one with firewire, but I have forgotten what keys to hold down on the startup of the old one.You want it in Target Disk Mode? Start it up with the T key hel [More]
Hi, I need to know the steps for creating the following.            1. Purchase Requisition            2. Puchase Order            3. Internal Order Thanks Will assign pointsT codes are Purchase requisiton ME51N Used when you raise a requistion for p [More]
trying to sync iphone 4 and itunes keeps coming up with "itunes cannot sync apps to the iphone because the apps installed on the iphone could not be determined"?Same issue. Is this a new bug with iTunes 10.5.1?? Anyone know of a solution? I repo [More]
Hi, For email campaigns we need to store the survey responses of each customer in the target list. The business scenario is that on receiving an email campaign, the prospect/customer clicks on the survey link URL, submits his responses to the survey [More]
hi, I've somes url like : http://www.server01/mydoc1.pdf, http://www.server01/mydoc2.pdf from another server (server02),what is the solution to merge a new pdf document on server02 from theses urls from server01? I try with cfdocument but it doesn't [More]