Cisco Cisco IPS 4345 Sensor
52
Release Notes for Cisco Intrusion Prevention System 7.1(3)E4
OL-25881-01
Enabling Anomaly Detection
Migrating IEV Data
To migrate IEV 5.x events to the IME, you must exit the installation and manually export the old events
by using the IEV 5.x export function to move the data to local files. After installing the IME, you can
import these files to the new IME system.
by using the IEV 5.x export function to move the data to local files. After installing the IME, you can
import these files to the new IME system.
Note
The IME does not support import and migration functions for IEV 4.x.
To export event data from IEV 5.x to a local file:
Step 1
From IEV 5.x, choose File > Database Administration > Export Database Tables.
Step 2
Enter the file name and select the table(s).
Step 3
Click OK. The events in the selected table(s) are exported to the specified local file.
Importing IEV Event Data In to IME
To import event data in to the IME, follow these steps:
Step 1
From the IME, choose File > Import.
Step 2
Select the file exported from IEV 5.x and click Open. The contents of the selected file are imported in
to the IME.
to the IME.
For More Information
For more information about the IME, refer to
Enabling Anomaly Detection
The following section explains how to enable anomaly detection through the IDM, IME, and the CLI. It
contains the following topics:
contains the following topics:
•
•
Enabling Anomaly Detection Using the IDM or IME
To enable anomaly detection, follow these steps:
Step 1
Log in to the IDM or IME using an account with administrator or operator privileges.
Step 2
Choose Configuration > Policies > IPS Policies.
Step 3
Select the virtual sensor for which you want to turn on anomaly detection, and then click Edit.