Tuesday, November 25, 2014

Installing a threat profile cisco ASA IPS

In this post we will look at attaching a predefined threat profile for the cisco IPS. 1st let's look a sensor with the default "none" threat profile.

Next here's the list of  threat-profile that are shown via the list threat-profile cmd

The defaults of Data_Center , Edge,  SCADA & Web_Applications exists.

So we will apply the  Edge to our sensor and recheck that the configuration was applied.

NOTE: as you can see, the  virtual sensor vs0 has the defined threat profile  "Edge" attached to the signature definition "sig0"

And lastly, if you have a standby ASA, don't forget to make the same changes  on this unit.

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
   ^      ^
=(  +  - )=
      /  \

No comments:

Post a Comment