Cisco Cisco IPS 4520 Sensor

To import event data in to the IME, follow these steps:

From the IME, choose File > Import.

Select the file exported from IEV 5.x and click Open. The contents of the selected file are imported in 
to the IME.

For more information about the IME, refer to 

Anomaly detection is disabled by default in IPS 7.1(2)E4 and later. You must enable it to configure or 
apply an anomaly detection policy. Enabling anomaly detection results in a decrease in performance. 

The following section explains how to enable anomaly detection through the IDM, IME, and the CLI. It 
contains the following topics:

To enable anomaly detection, follow these steps:

Log in to the IDM or IME using an account with administrator or operator privileges.

Choose Configuration > Policies  > IPS Policies.

Select the virtual sensor for which you want to turn on anomaly detection, and then click Edit.

Under Anomaly Detection, choose an anomaly detection policy from the Anomaly Detection Policy 
drop-down list. Unless you want to use the default ad0, you must have already added a anomaly detection 
policy by choosing Configuration > Policies > Anomaly Detections > Add. 

Choose Detect as the anomaly detection mode from the AD Operational Mode drop-down list. The 
default is Inactive.

To discard your changes and close the Edit Virtual Sensor dialog box, click Cancel.

Click OK.

To discard your changes, click Reset.