Cisco Cisco IPS 4255 Sensor 릴리즈 노트
4
Release Notes for Cisco Intrusion Prevention System Manager Express 7.2.5
OL-30817-01
New and Changed Information
•
The ASA 5500 AIP SSC-5 does not support creating custom signatures, adding signatures, or
cloning signatures. You can tune (edit) existing signatures.
cloning signatures. You can tune (edit) existing signatures.
•
The IPS 4240, IPS 4255, IPS 4260 appliances are supported in IPS 6.2(x), IPS 7.0(x), and
IPS 7.1(5)E4 and later.
IPS 7.1(5)E4 and later.
•
The AIM IPS and NME IPS are supported in IPS 6.2(x) and IPS 7.0(x).
•
The ASA 5500 AIP SSM is supported in IPS 6.2(x), IPS 7.0(x), and IPS 7.1(5)E4 and later.
•
The IDSM2 is supported in IPS 6.2(x) and IPS 7.0(x).
•
Anomaly detection is disabled by default beginning in IPS 7.1(2)E4.
•
AAA RADIUS is supported in IPS 7.0(4)E4 and later, IPS 7.1(3)E4 and later, IPS 7.2(x), and
IPS 7.3(x)
IPS 7.3(x)
•
Global correlation is supported in IPS 7.0 and later.
•
The ASA 5500 AIP SSM, ASA 5500-X IPS SSP and ASA 5585-X IPS SSP do not support bypass
mode.
mode.
•
On the IPS 4510 and IPS 4520, no interface-related configurations are allowed when the SensorApp
is down.
is down.
New and Changed Information
IME 7.2.5 has the following new features:
•
Support for IPS 7.3(1)E4.
•
Threat profile enhancements:
–
You no longer have to manually tune signature sets for deployment.
–
You can create a new signature instance using a threat profile, view a list of signatures contained
in a certain profile, and create a new signature instance without applying a threat profile.
in a certain profile, and create a new signature instance without applying a threat profile.
–
You can apply/remove a threat profile for a signature instance, assign a threat profile to a virtual
sensor, apply a template to a signature instance, and create a new signature instance with a threat
profile applied on the fly.
sensor, apply a template to a signature instance, and create a new signature instance with a threat
profile applied on the fly.
–
You can view the list of signatures that are present in a threat profile.
–
You can remove a threat profile from the virtual sensor or remove the threat profile from the
signature instance assigned to the virtual sensor.
signature instance assigned to the virtual sensor.
–
You can determine if a threat profile has been applied on a sensor.
–
You can preserve user tunings. A message is displayed stating that the tunings are preserved
when the threat profile is applied and your tunings will be preferred in case of a conflict. When
a threat profile is applied on a signature instance, the IME first applies the user tunings (current
configuration) on the default configuration, then it applies the signature template to the
complete configuration. During this process if a tuned signature is found, it will not be changed.
when the threat profile is applied and your tunings will be preferred in case of a conflict. When
a threat profile is applied on a signature instance, the IME first applies the user tunings (current
configuration) on the default configuration, then it applies the signature template to the
complete configuration. During this process if a tuned signature is found, it will not be changed.
–
Configuration > sensor_name > Signature Configuration > Add Policy/Clone Policy
You can add a threat profile here.
–
Configuration > sensor_name > Policies > Signature Definitions
You can manage signature instances and threat profiles here.