Cisco Cisco IPS 4255 Sensor
67
Release Notes for Cisco Intrusion Prevention System 7.1(8)E4
OL-30202-01
Enabling Anomaly Detection
Enabling Anomaly Detection Using the IDM or IME
To enable anomaly detection, follow these steps:
Step 1
Log in to the IDM or IME using an account with administrator or operator privileges.
Step 2
Choose Configuration > Policies > IPS Policies.
Step 3
Select the virtual sensor for which you want to turn on anomaly detection, and then click Edit.
Step 4
Under Anomaly Detection, choose an anomaly detection policy from the Anomaly Detection Policy
drop-down list. Unless you want to use the default ad0, you must have already added a anomaly detection
policy by choosing Configuration > Policies > Anomaly Detections > Add.
drop-down list. Unless you want to use the default ad0, you must have already added a anomaly detection
policy by choosing Configuration > Policies > Anomaly Detections > Add.
Step 5
Choose Detect as the anomaly detection mode from the AD Operational Mode drop-down list. The
default is Inactive.
default is Inactive.
Tip
To discard your changes and close the Edit Virtual Sensor dialog box, click Cancel.
Step 6
Click OK.
Tip
To discard your changes, click Reset.
Step 7
Click Apply to apply your changes and save the revised configuration.
For More Information
For more detailed information about anomaly detection, refer to
Enabling Anomaly Detection Using the CLI
To enable anomaly detection, follow these steps:
Step 1
Log in to the CLI using an account with administrator privileges.
Step 2
Enter analysis engine submode.
sensor# configure terminal
sensor(config)# service analysis-engine
sensor(config-ana)#
Step 3
Enter the virtual sensor name that contains the anomaly detection policy you want to enable.
sensor(config-ana)# virtual-sensor vs0
sensor(config-ana-vir)#
Step 4
Enable anomaly detection operational mode.
sensor(config-ana-vir)# anomaly-detection
sensor(config-ana-vir-ano)# operational-mode detect
sensor(config-ana-vir-ano)#