Cisco Cisco IPS 4520 Sensor
67
Release Notes for Cisco Intrusion Prevention System 7.1(7)E4
OL-27710-01
Disabling Anomaly Detection
Enabling Anomaly Detection Using the CLI
To enable anomaly detection, follow these steps:
Step 1
Log in to the CLI using an account with administrator privileges.
Step 2
Enter analysis engine submode.
sensor# configure terminal
sensor(config)# service analysis-engine
sensor(config-ana)#
Step 3
Enter the virtual sensor name that contains the anomaly detection policy you want to enable.
sensor(config-ana)# virtual-sensor vs0
sensor(config-ana-vir)#
Step 4
Enable anomaly detection operational mode.
sensor(config-ana-vir)# anomaly-detection
sensor(config-ana-vir-ano)# operational-mode detect
sensor(config-ana-vir-ano)#
Step 5
Exit analysis engine submode.
sensor(config-ana-vir-ano)# exit
sensor(config-ana-vir)# exit
sensor(config-ana-)# exit
Apply Changes:?[yes]:
Step 6
Press Enter to apply your changes or enter
no
to discard them.
For More Information
For more detailed information about anomaly detection, refer to
.
Disabling Anomaly Detection
The following section explains how to disable anomaly detection through the IDM, IME, or the CLI. It
contains the following topics:
contains the following topics:
•
•
Disabling Anomaly Detection Using the IDM or IME
To disable anomaly detection, follow these steps:
Step 1
Log in to IDM or IME using an account with administrator or operator privileges.
Step 2
Choose Configuration > Policies > IPS Policies.
Step 3
Select the virtual sensor for which you want to turn off anomaly detection, and then click Edit.