Cisco Cisco IPS 4345 Sensor 릴리즈 노트
55
Release Notes for Cisco Intrusion Prevention System 7.1(4)E4
OL-25389-01
Disabling Anomaly Detection
Step 4
Under Anomaly Detection, from the AD Operational Mode drop-down list, choose Inactive as the
anomaly detection mode.
anomaly detection mode.
Tip
To discard your changes and close the Edit Virtual Sensor dialog box, click Cancel.
Step 5
Click OK.
Tip
To discard your changes, click Reset.
Step 6
Click Apply to apply your changes and save the revised configuration.
For More Information
For more detailed information about anomaly detection, refer to
Disabling Anomaly Detection Using the CLI
If you have anomaly detection enabled and you have your sensor configured to see only one direction of
traffic, you should disable anomaly detection. Otherwise, you will receive many alerts, because anomaly
detection sees asymmetric traffic as having incomplete connections, that is, like worm scanners, and fires
alerts.
traffic, you should disable anomaly detection. Otherwise, you will receive many alerts, because anomaly
detection sees asymmetric traffic as having incomplete connections, that is, like worm scanners, and fires
alerts.
To disable anomaly detection, follow these steps:
Step 1
Log in to the CLI using an account with administrator privileges.
Step 2
Enter analysis engine submode.
sensor# configure terminal
sensor(config)# service analysis-engine
sensor(config-ana)#
Step 3
Enter the virtual sensor name that contains the anomaly detection policy you want to disable.
sensor(config-ana)# virtual-sensor vs0
sensor(config-ana-vir)#
Step 4
Disable anomaly detection operational mode.
sensor(config-ana-vir)# anomaly-detection
sensor(config-ana-vir-ano)# operational-mode inactive
sensor(config-ana-vir-ano)#
Step 5
Exit analysis engine submode.
sensor(config-ana-vir-ano)# exit
sensor(config-ana-vir)# exit
sensor(config-ana-)# exit
Apply Changes:?[yes]:
Step 6
Press Enter to apply your changes or enter
no
to discard them.