Cisco Cisco IPS 4520 Sensor
66
Release Notes for Cisco Intrusion Prevention System 7.1(6)E4
OL-27710-01
Enabling Anomaly Detection
Importing IEV Event Data In to IME
To import event data in to the IME, follow these steps:
Step 1
From the IME, choose File > Import.
Step 2
Select the file exported from IEV 5.x and click Open. The contents of the selected file are imported in
to the IME.
to the IME.
For More Information
For more information about the IME, refer to
Enabling Anomaly Detection
Note
Anomaly detection is disabled by default in IPS 7.1(2)E4 and later. You must enable it to configure or
apply an anomaly detection policy. Enabling anomaly detection results in a decrease in performance.
apply an anomaly detection policy. Enabling anomaly detection results in a decrease in performance.
The following section explains how to enable anomaly detection through the IDM, IME, and the CLI. It
contains the following topics:
contains the following topics:
•
•
Enabling Anomaly Detection Using the IDM or IME
To enable anomaly detection, follow these steps:
Step 1
Log in to the IDM or IME using an account with administrator or operator privileges.
Step 2
Choose Configuration > Policies > IPS Policies.
Step 3
Select the virtual sensor for which you want to turn on anomaly detection, and then click Edit.
Step 4
Under Anomaly Detection, choose an anomaly detection policy from the Anomaly Detection Policy
drop-down list. Unless you want to use the default ad0, you must have already added a anomaly detection
policy by choosing Configuration > Policies > Anomaly Detections > Add.
drop-down list. Unless you want to use the default ad0, you must have already added a anomaly detection
policy by choosing Configuration > Policies > Anomaly Detections > Add.
Step 5
Choose Detect as the anomaly detection mode from the AD Operational Mode drop-down list. The
default is Inactive.
default is Inactive.
Tip
To discard your changes and close the Edit Virtual Sensor dialog box, click Cancel.
Step 6
Click OK.
Tip
To discard your changes, click Reset.