Monitoring and Managing Alarms and Alerts
Cisco sensors can identify a wide range of attacks. Being aware that the attacks are happening is a big part of the IPS/IDS solution, and this section examines the options for working with the alarms and alerts generated by the IDS/IPS device.
As the sensor generates alerts, those alerts are fed real time into a monitoring system, which can display the information in beautiful color-coded formats, or you could go to the database of stored alerts, extract them, and analyze them that way, as well. Three main protocols are used in delivering alerts. They are Security Device Event Exchange (SDEE), syslog, and SNMP. You can use one or all of these methods to get the alerts off of the sensor and sent to the ...
Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
