Cisco IPS 7.0: Managing and Analyzing Events

Overview/Description
Cisco IPS Manager Express (IME) is a powerful, integrated intrusion prevention system (IPS) management application that is designed to meet IPS sensor configuration, operation, event monitoring, and event reporting needs of small- and medium-sized businesses. With one application, you can provision, monitor, troubleshoot, and generate reports for as many as 10 Cisco IPS sensors. Cisco IME allows administrators to create long-term reports that are based on the event database, and real-time notifications to quickly alert administrators about critical events, as defined by the notifications policy. In larger enterprise environments, or when features provided by Cisco IPS Device Manager (IDM) or Cisco IME are not adequate for specific purposes, Cisco IPS sensors are often integrated with the Cisco Security Manager for enhanced provisioning, and the Cisco Security Monitoring, Analysis, and Response System (MARS) for enhanced event monitoring and analysis capabilities. This course provides an overview of Cisco IME, enabling you to use most aspects of its user interface, and create custom reports and custom notifications. Additionally, this course provides you with configuration guidance to initially integrate a Cisco IPS Sensor with Cisco Security Manager and Cisco Security MARS, and use the Cisco Security Intelligence Operations (SIO) site, the Cisco IntelliShield database, and the Cisco IntelliShield Alert Manager services to increase your operational capability when evaluating data from Cisco IPS sensors.

Target Audience
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security, Cisco Certified Security Professional CCSP Certification, or Cisco IPS Specialist Certification designation. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality, and availability of data and network devices that Cisco uses in its security infrastructure. Candidates who have completed the Cisco Certified Network Associate Security Certification - Implementing Cisco IOS Network Security (IINS)

Expected Duration (hours)
1.5

Lesson Objectives

Cisco IPS 7.0: Managing and Analyzing Events

evaluate features of Cisco IME

recognize how to install the Cisco IME software

identify features of the Cisco IME user interface

recognize how to configure and verify integration between Cisco IME and Cisco IPS sensors

identify Cisco IPS Manager Express advanced event-monitoring capabilities

recognize how to use Cisco IME tools to investigate event details

recognize the ways you can manage database events in the Cisco IME’s database

identify features of Cisco IME reporting

identify ways to modify e-mail notifications in Cisco IME

identify the benefits of Cisco Security Manager

recognize how to initialize IPS Sensors for Cisco Security Manager

identify how to initialize IPS devices for Cisco Security MARS

recognize the prerequisites to Cisco Security Manager and MARS cross-launch capability

identify Cisco SIO features

describe Cisco IntelliShield Alert Manager features

describe Cisco IntelliShield Alert Manager Service components

recognize how to add IntelliShield Alert Manager product sets

recognize how to create a notification in the Cisco IntelliShield Alert Manager Service