Questions about IDS 4.0 and 4.0 VEI

I played with IDS/IDM/VEI 4.0 and so far, I am really impressed with the upgrade!

A few questions/suggestions:

(1) with IDM, to detect the signature configuration, is there a quick way to edit a particular number of signature? For example I mean tune signature 3041 - the only way I can find to do if I don't know the category is to collect all the signatures, then try to guess which page it's. I think that the previous version had a pop-up that listed the range of signatures on each page.

(2) a Suggestion: in VEI, looking at a view, the first column is a group, and the second column contains the number of elements contained in this group. However, a double click on the first column does not give detail, only double clicking on column 2. It would be nice if the first column is also. (For example, for the severity level group, it would be nice to double-click on the word 'High' to see all the signatures of high status.)

(3) is there a simple way to VEI or IDM to see connections have been blocked? It would be nice to have a summary paper when connections have been blocked and which IP addresses have been affected. It would also be groovy if it was shown in the VEI in the individual events (IE. Add a column 'Action' showing what decisions have been taken, as appropriate for each shot of signature)

(4) is it possible to export the settings I changed default value? So far I've just kept a Notepad file that lists the signatures I've set in case I have to re - install. (And from the looks of it, upgrade to the latest signatures wiped out my block settings)

(5) what is the difference between ShunHost & ShunConnection? The documentation does not really. And it is designed to work with IOS vs Pix fleeing?

(6) the Docs for IDM imply that system variables can be used in the event filters, but when I try to apply the system IN variable for a filter, it won't let me so I have to type in logical addresses.

That's all for now!

I am pleased to hear that you like the new versions. My answers to some of these questions/comments I hope to improve your experience.

ANSWER: not at the moment. We have heard this feature of multiple users request. A future version 4.0 is already planned to bring back the feature 3.1 (announcement of the signature by page range). Cannot comment on when this version will be released.

An alternative until then would be to select the option to view all transmissions on the page (it will take a while to load), then use the search button in your browser to take you to the line for the signature.

ANSWER: I'll pass it on the developers.

ANSWER: IDM manual locking tab will provide you with the current block list as allow you to add blocks or remove existing blocks.

It's called 'Manual blocking' but it will also show you the current 'automatic blocking' (you may switch to another screen IDM, and then return to be refreshed with the latest red list)

http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids9/idmiev/swchap5.htm#195940

Also, you can run the line "view events" to show you what the blocks have been tried. If I remember correctly, the events to see the line you would be: "view the events of the NAC" where the time and date is the entrance earlier you want to display. (NOTE: NAC = Network Access Controller - replacement for managed in the new sensor V4.0).

I recommend playing with the different possibilities to show events to see the different information that the sensor can bring in the new CLI.

In addition, the attempted action is now included in the alarm itself and IEV should have a column IPLOG, SHUN and TCP Reset show what action was attempted. You check the settings, and then make sure that you have these selected columns is displayed in your view. (The actions attempts are visible when looking at individual alarms and not all summary windows)

CLI the commmands to check:

more current-config - gives a style CLI listing the configuraiton, under the area of virtualSensor, it shows you just changes to the signatures rather than see the definition of default full signature.

Copy current-config config backup - backups your current config in a storage space on the sensor itself

Copy current-config - allows you to save your configuration to the location. The location could be an ftp server, or scp.

Example:

copy @10.1.1.1/config-backups/sensor1-config ftp://usercurrent config

(5) what is the difference between ShunHost & ShunConnection? The documentation does not really. And it is designed to work with IOS vs Pix fleeing?

Shun host creates the following ACL entry:

refuse any ip

SO it blocks all packets from the source.

Shun connection on the otherhand creates the following ACL entry

(NOTE: I am doing this out of memory so I'm not entirely because of my response below, you may need to test to know for sure):

refuse eq

SO it blocks only the packets from the source to the ip of the victim who go to the same port where the attack occurred.

NOTE: Multiple connections to the same srcip Shun may cause the glines being combined into a single host Shun to prevent that IP to fill your ACL list.

Regarding IOS vs PIX. The above commands are for IOS. Similar entries can be seen with the command "run away" from the Pix, but no matter what you enter with the command "run away" from the Pix, he will always shun the entire source ip address. So if you Shun connections with a Pix command "escape" has other information, but the Pix will always shun the sourceip together.

(6) the Docs for IDM imply that system variables can be used in the event filters, but when I try to apply the system IN variable for a filter, it won't let me so I have to type in logical addresses.

Looks like maybe it's a bug.

Tags: Cisco Security

Similar Questions

Questions about syncing wireless keyboard and mouse 5000?

How can I sync my old 5000 for a new mouse 5000 keyboard and the receiver?

Hello Eamon,

Welcome to the Microsoft Community Forum.

According to the description, I understand that you are facing problem when connecting the new Microsoft mouse USB dongle receiver with the old keyboard Microsoft Wireless 5000.

I suggest you to contact the Microsoft Hardware support for assistance.

How to contact Microsoft if you have questions about your hardware device.

Hope the helps of information. Let us know if you need help with Windows related issues. We will be happy to help you.

Thank you

Question about the composition settings and make

I looked for an answer to my question, but had to ask at resort, sorry, it's pretty basic, but a direct response is needed I think.
I imported a project in Premiere pro with two layers of still images with movement and applied effects. I work for a few weeks now, with variations on these pictures and had many number of exports of EI through the render queue.
After you import the compositions of first CC my starting point; composition and other settings of composition parameters are all resolved HDTV 1080 25 but the set resolution in which I unfortunately now has, is defined as 'Half' (960 * 540)... New compositions also sets the default resolution somehow half...
My question is about my previous exports and subsequently. Together of the composition to "Half" resolution affect the quality of my compositions exported using the render module? So far, all my renders are 1080 p by default and no 960 * 540. These have been uprezed to 1080 of 960? ... - I have not changed any setting on the resolution in the rendering module - they all came out 1080 after.
Thank you

Together of the composition to "Half" resolution affect the quality of my compositions exported using the render module?

N ° except if you change the settings of default rendering, which is "Best settings" in "current Configuration".

A few questions about integration between POET and EBS
Hi you
I am a new bie BIEE. In those days, have a look at the POET architecture and BIEE components. In the next project, there is some work on the development of POET based on request of the EBS. I have a few questions about integration:

(1) generally, the POET application and database server is decentralized with application and database EBS? Both BIEE 10g and 11g version can be integrated with EBS R12?

(2) in the POET administration tool, the first step is to create arrays of physics. If the source application is EBS, is it still necessary to create the physical tables?

(3) if the physical creation of tables is needed, how to transfer data from the source of BSE BIEE physical tables tables? What ETL tool is preferred for most of developers? generator for warehouse or Oracle data integration?

(4) during the data transfer phase, there are many many large data to transfer, how to keep the entire? for example, it must transfer 1 million lines of source to physical tables BIEE database, when 50% is completed, users try to open the POET report, they can see the new data of 50% on the reports? is there some transaction in phase control ETL?

could someone give some pointers for me? I am very appreciated if you can also provide any other information.

Thanks in advance.
(1) generally, the POET application and database server is decentralized with application and database EBS? Both BIEE 10g and 11g version can be integrated with EBS R12?

You shud look at OBI request here that uses OBIEE as a tool for reporting with pre-built modules. 10g & 11g comes with different versions of the applications of BI that supports sources such as Siebel CRM, EBS, Peoplesoft, JD Edwards, etc...

(2) in the POET administration tool, the first step is to create arrays of physics. If the source application is EBS, is it still necessary to create the physical tables?

His independent of any source. It comes to OBIEE modeling to create the RPD with all the layers. If you build from scratch, then you will need to create all layers else if BI Apps is used so you can get pre-built RPD and other pre-designed components.

(3) if the physical creation of tables is needed, how to transfer data from the source of BSE BIEE physical tables tables? What ETL tool is preferred for most of developers? generator for warehouse or Oracle data integration?

BI apps comes with ETL pre-built mapping to use with the tools majorly with Informatica. Only applications BI 7.9.5.2 comes with ODI, but oracle has the intention of having only ODI for any other versions.

(4) during the data transfer phase, there are many many large data to transfer, how to keep the entire? for example, it must transfer 1 million lines of source to physical tables BIEE database, when 50% is completed, users try to open the POET report, they can see the new data of 50% on the reports? is there some transaction in phase control ETL?

User will see still old data because its good enable Cache and serving it after each load.

See http://www.oracle.com/us/solutions/ent-performance-bi/bi-applications-066544.html...
and a lot more docs on google

Hope this helps

Questions about close cache events and the defeat strategy "ALL".
I use near cache, and try to determine what defeat strategy would be better for me. My cards before being highly volatile, I'm considering strongly using the strategy of "EVERYTHING" for at least some of my caches.

This brings me some questions about the event cache stream closely when the strategy using ALL:

(1) should I expect an event to be published from the back cover when an element is added? (i.e. putAll() called cache before)
(2) should I expect an event to be published from the back cover when an item is deleted? (i.e. remove() called cache before)
(3) should I expect an event to be published from the back cover when an element is expelled from the rear because of size constraints?
(4) should I expect an event to appear from the back cover when an element is expelled from the rear due to the expiry?
Hi Tom,

near cache before cards do not store the entries inserted in the back cover, so if you have saved a listener on the front plane, you will get the notification to the listener on the plan before all the inserts in the back cover of other nodes.

It's a little different for entries that have been asked by the local node through the near cache (not directly on the distributed back cache). If the cache almost didn't get call so far, then they will not go into the front plane, so it's the same as if inserted directly into the back cover. It is the starting of the near cache behavior. After the first EEG puts will be cached in the front plane. Once that puts is cached in the front plane, then the listener before card will see put through the cache close to the same node, but not of other nodes.

Also, the cache near registers a listener lite, so it becomes not the input values changed, as the keys.

A listener that you entered on the back cover will see each insertion, if you do not save a MapEventFilter or a MapEventTransformer custom with the listener. A MapEventFilter can filter inserts away (I think, the cache similar to that, too).

Best regards

Robert

Qosmio G20: Question about networking & monitor in and Xbox

Just bought a G20 last week and I'm in love. First laptop I've ever owned and its worth every penny.

A few scarecrows.

I never received an antenna adapter to connect my in arial, but I'm sure I sohuld of fact. In the quick start manual of what it listed everything that I should received in the pack, and who was listed. Was not enough one - if anyone knows a number to contact Toshiba and get one of these sent to me? Can't seem to find one anywhere.

Second... I'm going to my brother's computer network. Novice course of network, it does not work that well. I'm not sure whether if we need a router? I just want to connect to his computer and use the internet through that. As you would with a network cable. So he bought himself a wireless network card... but we'll be buggered if we can get it too work. Any advice or a definitive guide... or do we this router after all?

And thirdly, sorry for the long post, but I'm playing my Xbox by the G20, but I'm having no luck what so ever. I plugged the monitor using the three composite cards (white, yellow and red) but nothing that passes through. The only way I've seen a photo is when you set up a decoder and it happens in a small box when its analyses for channels... but I can't select to see and it seems s delay 1 second.

Sorry for the post long-term... just try to make it all sorted.

Thanks in advance for any help.

Hello

You are right that the Qosmio is a very nice unit.
But I'm not sure about the antenna adapter. I found the information in the user manual that the antenna adapter is optional. In this case the adapter will not always come with the laptop, but you can ask that the Toshiba service partner.

Well well, on the network connection: If you want to connect two computer, you need a crossover network cable if you don t use the router. In addition, two laptop computers must be in the same workgroup. In addition, you must manually set the IP address, the default gateway and the subnet mask in the internet protocol TCP/IP properties.

On the Xbox:
If you want to know more on the connection of MCE and Xbox, see this Microsoft Web site.
http://www.Microsoft.com/windowsxp/mediacenter/Extender/mcefaq.mspx

Check also questions other messages of the forum on the Xbox:
http://forums.computers.Toshiba-Europe.com/forums/thread.jspa?threadID=9575&MessageID=33794#33794

http://forums.computers.Toshiba-Europe.com/forums/thread.jspa?threadID=9756&MessageID=34462#34462

Good luck

Question about the memory consumed and active

I have esx4.1 on three dl585 running. I have about 100 active vm running, and I have a small question.
My vm is all 2008 r2 datacenter and I gave them 1 cpu and 4 GB of ram. When I recover a single virtual machine and look at the summary page, I see the bones of memory consumed host 4075 mb and the active guest memory 81 MB operating system. My question is can I reduce the host cunsumed memory to 2 GB without noticing a difference within the virtual machine?

It looks like you can. To be absolutely sure that you'd need monitor assets long enough to have a good idea of what the average is and what are the tops.

Designjet Z2600: Questions about head of ink and printer maintenance

We have recently acquired a printer, Designjet Z2600 24 "large format. A few questions so we can know what to expect:
- Dry ink: A colleague suggested that dried ink can be a problem if the printer is not used frequently. We plan on it using every two weeks, but there may be times when a month or two will pass between uses. Is this a problem?
- Print heads: will be the printer alert us when they need to be replaced or should we look for quality defects?
- Management of ink: before printing, the printer will be well estimate ink necessary for work and alert us if we need to insert the new cartridges before employment passes by?
Thank you!

Hello

The recommendation is to keep it at any time.

If you use the printer turns off completely the power button.

When not in use, it will go in standby mode, wake up maintenance and sleep.

Question about batteries for laptops and a station (HP Elitebook 840)

Hello

I have a question for plagging the laptop to the docking station and battery, basically my main concern is not to connect to the laptop to run a/c, while it is fully charged and I'm always load only up to 100% and then when it reaches the minmum load then I connect it comes back to a/c, so my question here

So do you think that that plug the laptop into the docking station will not decrease the duration of battery life because it will always be in charge mode?

Thank you.

After this announcement, I made a simple google image search with different keywords before 'docking and battery' and I found the following thread that answers my question

Docking station ruin the battery?

http://h30434.www3.HP.com/T5/notebook-hardware/is-docking-station-ruining-the-battery/TD-p/3249345

Thank you rcspencer

Thank you.

Portege R700-1hd: Questions about HARD drive replacement and passwords

I have a 1hd R700 with 320 GB HARD drive in stock. I want to upgrade it to 500 GB. This update should be pretty simple, cloning from the old to the new.

However, I was wondering about the HARD drive password / finger.
My HARD drive it configured to use a fingerprint/password on boot - I guess that it is involved in the BIOS and the drive itself, but I'm not exactly sure how.
I think the HARD drive itself is locked, it is not a Windows or BIOS password.

If I change the HARD drive will still be able to use startup disk HARD password/fingerprint? Are there requirements for material of HARD drive I need to consider before buying new HARD drive? As should be a specific type of HARD drive to work with password disk HARD/fingerprint digital?

Thank you

Hi bullerd,

The HARD drive password is stored on the HARD drive so when you replace the HARD drive you must set a new password of HDD in BIOS. The password is not stored in the BIOS. In addition fingerprints can also be stored on the HARD drive or let s say fingerprint digital software but all of the operating system must be installed after Exchange HARD drive so it s new problem.

So the two passwords you mentioned are stored on the HARD drive so it s no problem to swap the HARD drive. :)

Satellite 230cx: Question about HARD drive, memory and CD recovery.

Can someone tell me if I can get a recovery for a 230cx disk? And what is the max hard drive that I have and RAM.

Thank you...

Hello

Well, it is a very old unit. I think that it s about 8 or 9 years.
However, I found the information that this unit has an internal memory of 16 MB and it of possible to upgrade the memory for max 144 MB (16 + 128MB)
Also, this unit has been delivered with a 1.37 GB HDD part Nr.: P000229560
I don t think you will be able to use a big HDD like 10 GB. The BIOS couldn't t recognize the HARD drive. Sorry but there is no information on the maximum size of HARD drive.

The recovery CD, you must order the Toshiba service partner.

Question about fast display drivers and fixes

Hello. I own a Toshiba Satellite A50-111 and I have two questions:

1. the current version of the display on the site Web of Toshiba driver is 6.14.10.3722. However, on Intel version site Web 6.14.10.4277 is available (for Intel® 82852/82855 Graphics Controller). It is recommended to install the latest version of the manufacturer or of the most recent Toshiba Web site. I ask this because I believe some problems I'm coming with my laptop since the display driver (I currently installed the Toshiba one)

2. in the drivers section, there are a number of quick fixes from Microsoft. My system is up to date in terms of patches from Microsoft. Should I install all these miracles?

Thank you.

Hello

It is recommended to use the Toshiba driver because the drivers you can download from the Toshiba site are tested. You can install the driver provided by the producer of the graphics card, but there is no guarantee that it will work properly. You can try it. You may be lucky and it will work without any problem.

If your system is up to date there is no need to install all the miraculous solution to all.

Question about the Apple Watch and tattoos

I think buy a Apple Watch very soon.

I have a full sleeve (which is where I would like to wear the watch) and I wonder if it will cause problems with readings with the heart monitor since I want to use the Apple Watch for fitness training, mainly.

I read on the page of the heart rate for the saying of Apple Watch:

"Permanent or temporary changes to your skin, such as some tattoos, can also impact performance heart rate sensor. Ink, model and the saturation of some tattoos can block light from the sensor, making it difficult to get reliable readings. »

There are other problems in addition to playback of heart rate on the Apple Watch for inked people that may know you?

Thanks for your comments just to decide if this watch will really be for me before making this purchase, because I missed one for some time.

If you are looking for, there was a very long discussion about this in the past, only shortly after the release of the Apple Watch. What I've read, it seems that the heart rate monitor is the only victim when it comes to the watch, since this is the only thing that requires the sensors to work through ink. Not all inks makes a difference, but most don't. The activity of exercise/app also uses the heart rate monitor to determine the rate for the year. You can take the time to go to the nearest Apple Store and try on the Apple Watch and see if the monitor works with your sleeve.

Tecra M3 - questions about the RAM maximum and graphics driver update

Hi people,

I have a Tecra M3 (Variant FBCF with the Geforce 6600 w / 128 MB) and I have two questions that I hope someone here can help me with:

(1) what is the maximum amount of RAM that I can install here? The manual says 2 GB (2 x 1 GB), but I do not see why the laptop would be paralyzed this necessary way, cause as far as I know the 915G chipset can handle 4 GB of RAM. If anyone knows definitively what?

(2) the latest drivers from nvidia for XP are 2005. As most of you probably know, nvidia systematically more than past performance with versions driver and adds compatibility with some games that end up in trouble. The real driver from the nvidia site does not install because it says that it cannot find any compatible hardware. Can't Toshiba even a pilot updated annually? There is a driver of 2007 for Vista, I can't believe that if they did, they decide refresh the XP one while they were to him. Any chance of their audience on this here? I could force the nvidia.com driver to install, but I don't think that it's necessarily a great idea.

Thank you!

Hello

the maximum amount specified for this machine memory is 2 GB and 4 GB not but you can try it with 2x2gb modules.

With regard to your graphics: Don t use the nvidia driver since it is not suitable for mobile graphics chipsets and has no timing in the driver that is needed to run flawlessly.

I'd rather you to view laptopvideo2go and download some drivers here. :)

Welcome them

Question about updating the BIOS and drivers

Hello

First time user. How will I know if I need to update bios and drivers? I don't want to go crashing my system, just because Toshiba say these items are available for my laptop! They were probably in the updates of windows?

Help, please.

Hi Andy

Welcome to our small community
First a little advice you should always write the name of your laptop.

OK now, to you in general I have a question would not recommend to update anything if you laptop and operating system is stable and you don t have problems.
Of course the update of the driver is not risky, but I would only run updates some compatibility problems with 3rd party software or hardware appears.

The update of the BIOS is risky. Wrong or bad BIOS update procedure could damage the ROM module on the map. So be careful.

Questions about IDS 4.0 and 4.0 VEI

Similar Questions

Maybe you are looking for