Cisco Cisco IPS 4255 Sensor
69
Release Notes for Cisco Intrusion Prevention System 7.1(8)E4
OL-30202-01
Cisco Security Intelligence Operations
Disabling Anomaly Detection Using the CLI
If you have anomaly detection enabled and you have your sensor configured to see only one direction of
traffic, you should disable anomaly detection. Otherwise, you will receive many alerts, because anomaly
detection sees asymmetric traffic as having incomplete connections, that is, like worm scanners, and fires
alerts.
traffic, you should disable anomaly detection. Otherwise, you will receive many alerts, because anomaly
detection sees asymmetric traffic as having incomplete connections, that is, like worm scanners, and fires
alerts.
To disable anomaly detection, follow these steps:
Step 1
Log in to the CLI using an account with administrator privileges.
Step 2
Enter analysis engine submode.
sensor# configure terminal
sensor(config)# service analysis-engine
sensor(config-ana)#
Step 3
Enter the virtual sensor name that contains the anomaly detection policy you want to disable.
sensor(config-ana)# virtual-sensor vs0
sensor(config-ana-vir)#
Step 4
Disable anomaly detection operational mode.
sensor(config-ana-vir)# anomaly-detection
sensor(config-ana-vir-ano)# operational-mode inactive
sensor(config-ana-vir-ano)#
Step 5
Exit analysis engine submode.
sensor(config-ana-vir-ano)# exit
sensor(config-ana-vir)# exit
sensor(config-ana-)# exit
Apply Changes:?[yes]:
Step 6
Press Enter to apply your changes or enter
no
to discard them.
For More Information
For more detailed information about anomaly detection, refer to
Cisco Security Intelligence Operations
The Cisco Security Intelligence Operations site on Cisco.com provides intelligence reports about current
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
You should be aware of the most recent security threats so that you can most effectively secure and
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
Cisco Security Intelligence Operations contains a Security News section that lists security articles of
interest. There are related security tools and links.
interest. There are related security tools and links.
You can access Cisco Security Intelligence Operations at this URL: