Alert Option for AIP-SSM
Hi,
Understand that AIP-SSM doesn't support email alert, may i know what are the alert option that I can configure in order to receive notification when a severity 1 event had been detected?
regards
IME is a free tool. IF it supports email alerts you can download that and use it:
http://www.cisco.com/en/US/products/ps9610/index.html
Regards
Farrukh
Similar Messages
-
How to buy license? for AIP-SSM-10 ?
Hi all
how to buy license? for AIP-SSM-10 ?
1. CON-SU1-AS1A1PK9 this is Cisco SMARTnet Support for AIP-SSM-10
2. do I need smartnet for ASA ?
3. what is part number of license ?
ASA5510test# session 1
Opening command session with slot 1.
Connected to slot 1. Escape character sequence is 'CTRL-^X'.
login: cisco
Password:
***NOTICE***
This product contains cryptographic features and is subject to United States
and local country laws governing import, export, transfer and use. Delivery
of Cisco cryptographic products does not imply third-party authority to import,
export, distribute or use encryption. Importers, exporters, distributors and
users are responsible for compliance with U.S. and local country laws. By using
this product you agree to comply with applicable laws and regulations. If you
are unable to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
***LICENSE NOTICE***
There is no license key installed on the SSM-IPS10.
The system will continue to operate with the currently installed
signature set. A valid license must be obtained in order to apply
signature updates. Please go to http://www.cisco.com/go/license
to obtain a new license or install a license.
sensor#
sensor# sh ver
Application Partition:
Cisco Intrusion Prevention System, Version 6.0(6)E3
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S399.0 2009-05-06
Virus Update V1.4 2007-03-02
OS Version: 2.4.30-IDS-smp-bigphys
Platform: ASA-SSM-10
Serial Number: ........
No license present
Sensor up-time is 21 min.
Using 655507456 out of 1032499200 bytes of available memory (63% usage)
application-data is using 39.7M out of 166.8M bytes of available disk space (25%
usage)
boot is using 37.6M out of 68.6M bytes of available disk space (58% usage)
MainApp N-NUBRA_2009_JUL_15_01_10_6_0_5_57 (Ipsbuild) 2009-07-15T01
:15:08-0500 Running
AnalysisEngine N-NUBRA_2009_JUL_15_01_10_6_0_5_57 (Ipsbuild) 2009-07-15T01
:15:08-0500 Running
CLI N-NUBRA_2009_JUL_15_01_10_6_0_5_57 (Ipsbuild) 2009-07-15T01
:15:08-0500
Upgrade History:
IPS-K9-6.0-6-E3 17:48:06 UTC Wed Jul 15 2009
Recovery Partition Version 1.1 - 6.0(6)E3
sensor#Hi,
CON-SU1-AS2A10K9 contract if for ASA+IPS bundle. If AIP-SSM-10 ws purchased as a spare the contract would be CON-SU1-ASIP10K9.
I am not sure whether or not this Cisco Service for IPS contract can be used to cover just the AIP-SSM-10 if it was purchased as part of a Bundle instead of a Spare.
I would recommend that you check with your Cisco reseller or Cisco Sales Representative.
Sourav -
Signature Updates for AIP-SSM 10
Hi all how can i obtain Signature Updates for AIP-SSM 10 where i am having 60 day trial license with me
Here is the main file download page for the IPS sensors.
Find the section for the version you are running and click on the Latest Signature Updates link to take to you to the download page for signature updates.
You can then download which ever signature update you want.
NOTE1: Each Signature Updates contains all signatures from previous Sig levels. So you only need to download the latest one.
NOTE2: Each signature update has a specific E (Engine) level requirement. You can execute "show ver" on your sensor to determine if it is at an E1 or E2 level. If it is at E1 and you want the latest sigs that require E2 then you will first need to install the E2 upgrade.
On that main download page look for the "Latest Upgrades" link for your version, and look for the IPS-engine-E2-req-X.X-X.pkg file where the X.X-X matches your sensor version.
If there is not an X.X-X matching your sensor version, then you may need to upgrade the software version for your sensor as well.
NOTE3: Many of these links will also require an account on cisco.com. And for some of these files that account may also need to be verified for being from a country where the USA's export restrictions allow downloads for encryption. (Most countries qualify but you do have to go through that qualification step). It has been over 10 years that I have had do this so I am not sure of the latest procedures for getting an account or validating it for encrpytion downloads. -
How to generate license for AIP-SSM without PAK-number?
Hello! I’m sorry for my English. I have a problem with generating license for AIP-SSM. My contract with SMARTnet service is activated, but I don’t have a PAK-number. How I can generate a license for updating my module?
Alternatively you can always write an email to [email protected] with your serial number and they should be able to provide you the license for any cisco device.
Sachin -
Obtaining hardware and signature support for AIP SSM-10
We have a 5510 which we have purchased an AIP SSM-10 card for the ASA which is already under a support contract. We now wish to add hardware maintenance for the new AIP SSM-10 card as well as signature updates. Our Cisco supplier will not confirm that we will receive signature updates with the hardware support though (we have been trying to get an answer from them since June or July now).
Could someone let us know what the correct part number is so we can ask for the specific option that will provide both hardware cover and signature updates.i think this is what you need,
CON-SU1-AS1A1PK9
IPS SVC, AR NBD ASA5510-AIP10SP-K9
cisco smartnet support -
Hi,
i have an ASA5520 with v 7.2(2) running.
but the IPS module spftware is 5.1
when i tried to login to the > session 1
it prompts me for a login and password.
i tried cisco and a few other combinations.. but no luck ,,
how do i reset it ?? also that reset procedure on the docs says its resets password or the user cisco ..
how can i be sure if the user cisco even exists on it or not ?
any help please ???no man it doesnt ..
the link u specified says it too..
hw-module module slot_number password-reset?This command recovers a password on a Cisco ASA 5500 Series Content Security and Control Security Services Module (CSC-SSM) or the AIP-SSM without having to re-image the device.
Note: This command starts support from IPS 6.0 (ASA 7.2 version) and is used to restore the Cisco CLI account password to the default cisco
hers my ASA and IPS details..
ASA# sh version
Cisco Adaptive Security Appliance Software Version 7.2(2)
Device Manager Version 5.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is "disk0:/asa722-k8.bin"
Config file at boot was "startup-config"
ASA up 22 days 3 hours
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
ASA# sh module 1
Mod Card Type Model Serial No.
1 ASA5500 SSM-10 ASA-SSM-10 B155670DW4
Mod MAC Add Range Hw Ver. Fw Ver. Sw Ver.
1 00xx to 001 1.0 1.0(10)0 5.0(2)S152.0
Mod SSM Apps. Name Status SSM Apps Version
1 IPS Up 5.0(2)S152.0
Mod Status Data Plane Status Compatibility
1 Up Up -
Hi,
Can AAA be activated with the IPS module of the ASA (AIP-SSM card). if so, please let me know how?
Thx in advance
IhssanPlease see the following URL:
http://www.cisco.com/en/US/docs/security/ips/7.1/configuration/guide/idm/idm_setup.html#wp1245416
As stated here, Authentication and Authorization are supported, but Accounting messages aren't sent to the RADIUS backend. -
Hello Friends,
Please see the attached.
I have 2 AIP-SSM module in 2 ASA boxes, The version of 1 IPS is 7.0(2)E4 and the other is 6.2(1)E3 i want to upgrade the 6.2 to 7.0.2. But on cisco website there is no such download option for 7.0(2) OR 7.0(4)system software.
I have a valid IPS contract with cisco but still i can't see any option to download the version 7.0
ThanksYou are looking at the wrong download site, that is for IPS SSC-5 on ASA 5505.
Here is the download site for AIP-SSM module:
http://www.cisco.com/cisco/software/release.html?mdfid=280302728&flowid=4427&softwareid=282549759&release=7.0%284%29E4&rellifecycle=&relind=AVAILABLE&reltype=latest
(The latest is 7.0.4(E4))
Here is the ReadMe on the platform that is supported and AIP module on ASA uses the same file "IPS-K9-7.0-4-E4.pkg":
http://www.cisco.com/web/software/282549709/35783/IPS-7_0-4-E4_readme.txt
Hope this helps. -
AIP-SSM (Not Applicable)
Hi Experts,
We have 2ASA and each one have AIP-SSM,with 2nd ASA AIP-SSM I tried to upload latest image for AIP-SSM 20 but didnt worked and now i see module is dead...pls check the detials below.....pls help me out how to make it up or work properly so that i can config other stuff.Pls its very imp and urgent help me out....
ASA-A:
251-DBSi-ASA5540# sh module 1
Mod Card Type Model Serial No.
1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 JAF11370608
Mod MAC Address Range Hw Version Fw Version Sw Version
1 0007.0e11.e13b to 0007.0e11.e13b 1.0 1.0(11)2 5.1(6)E1
Mod SSM Application Name Status SSM Application Version
1 IPS Up 5.1(6)E1
Mod Status Data Plane Status Compatibility
1 Up Up
ASA-B:
251-DBSi-ASA5540# sh module 1
Mod Card Type Model Serial No.
1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 JAF1137060C
Mod MAC Address Range Hw Version Fw Version Sw Version
1 001d.4524.a414 to 001d.4524.a414 1.0 1.0(11)2 5.1(6)E1
Mod SSM Application Name Status SSM Application Version
1 IPS Not Applicable 5.1(6)E1
Mod Status Data Plane Status Compatibility
1 Recover Not ApplicablePlease try rebooting the module, if it does not work recovery it using the following procedure
http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/cliimage.html#wpxref68481
Regards
Farrukh -
Resetting password in AIP-SSM-20
Dear all
please advice me, how to resetting password in ASA5520-AIP-SSM-20.
Note:according to cisco PDF, i carried out, but still required username/password.
Pls. let me know what is the default username/password for AIP-SSM-20
Thanks & regardsCisco Default:
login: cisco
password: cisco -
AIP-SSM configured with event action "produce alert", but it drop packets
Hi, I configured an AIP-SSM IPS on event action for "Produce Alert", but when fire a signature, it drop the packets. So, what will be the problem?
Try these links:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/cliguide/clievact.htm#wp1034058
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml -
AIP-SSM How to Verify Traffic is being passed for inspection?
"show conf" command on my AIP SSM CLI. gigabitEthernet0/1 backplane interface of the SSM has not been assigned to virtual sensor vs0.but
Through this command show service-policy
traffic is recevied by IPS Module.why this,
Kindly guide meThanks,i got it.
Cinet-IPS1# show statistics virtual-sensor
Virtual Sensor Statistics
Statistics for Virtual Sensor vs0
Name of current Signature-Defintion instance = sig0
Name of current Event-Action-Rules instance = rules0
List of interfaces monitored by this virtual sensor = GigabitEthernet0/1 subinterface 0
General Statistics for this Virtual Sensor
Number of seconds since a reset of the statistics = 434653
SensorApp Memory Use Percentage = 33
Processing Load Percentage = 1
Total packets processed since reset = 1722
Total IP packets processed since reset = 1722
Total IPv4 packets processed since reset = 1722
Total IPv6 packets processed since reset = 0
Total IPv6 AH packets processed since reset = 0
Total IPv6 ESP packets processed since reset = 0
Total IPv6 Fragment packets processed since reset = 0
Total IPv6 Routing Header packets processed since reset = 0
Total IPv6 ICMP packets processed since reset = 0
Total packets that were not IP processed since reset = 0
Total TCP packets processed since reset = 1466
Total UDP packets processed since reset = 0
Total ICMP packets processed since reset = 256
Total packets that were not TCP, UDP, or ICMP processed since reset = 0
Total ARP packets processed since reset = 0 -
Installing signature update for IDSM-2 on AIP-SSM
Hi every one,im not sure about this question but i think its beter to ask you experts.i want to know that if i have signature update for example for my IDSM-2 can i instal this sig update on my AIP-SSM --> suppose that IPS software on both devices are same and also i have installed valid license key on AIP-SSM.now can i do this or no? and i know that if you have not valid license installed on IDSM-2 you cant instal any sig update on IDSM-2 but what about AIP-SSM?i mean can i instal sig update on AIP-SSM without installed valid license key on AIP-SSM? thanks
There are 3 main types of Signature Updates.
1) IPS Sensor Signature Updates
2) CSM Signature Updates for IPS Sensors
3) IOS IPS Signature Updates
The IPS Signature Update filename is in the form: IPS-sig-Sxxx-req-Ey.pkg
This is most likely what you are referrnig to in your post. This file can be installed on ANY IDS/IPS Appliance or Module.
The Requirement here is not the platform but rather the Engine Level. The "req-Ey" portion of the filename tells you that the sensor must already be running the "y" Engine level of software.
So an IPS-sig-S436-req-E3.pkg file can be installed on any IDS/IPS Appliance or Module so long as the software on that sensor is an "E3" version.
The CSM updates, are signature updates for the Cisco Security Manager. They contain special files that CSM uses to update itself, and then also included within the CSM update is the actual sensor update described above. CSM unpackages the CSM update, updates itself, and then uses that embedded file to upgrade the actual sensor.
The third type of file is for IOS Routers loaded with special IOS software that has the special IOS IPS features where the Router itself (instead of a separate IDS/IPS module) does the signature monitoring.
These IOS IPS Signature Updates get installed on the actual router, and are not installed on the IDS/IPS Sensor Appliances or Modules.
So in answer to your question, yes the same Signature Update for your IDSM-2 is the exact same Signature Update for your SSM modules.
The exact same file is available through multiple different paths on cisco.com. But it doesn't matter through which cisco.com path you downloaded the file you can still install it on all IDS/IPS Appliances and Modules.
As for licensing, the license works the same on all IDS/IPS Appliances and Modules. A license must be on the sensor for the Signature Update to be applied.
NOTE: A Trial License is available from cisco.com for new sensors to allow you time to get everything setup correctly for your sensor to be covered by a service contract, and get the standard license from the service contract. -
Will the AIP-SSM for the ASA stop this?
I have a client emailed me today that someone did a script injection attack on one of their web servers. It ran a backdoor Trojan virus on their web server. I know the AIP-SSM will stop the Trojan, but will it stop someone from doing the script injection attack. If so, is it documented and can you point me to the document.
Thanks.
DanHi,
If you know exactly which of the various script injection attacks was used you can simply look it up here:
http://tools.cisco.com/security/center/home.x
If you don't know exactly which one then it's slightly harded to know whether it would have been stopped, but searching on "script injection" or similar should narrow down the candidates and give you an idea on whether it would have been stopped or not.
Remember that an IPS isn't perfect, but it *will* significantly lower your risk if setup and maintained properly.
HTH
Andrew. -
Hi,
I am new to IPS SSM 10. i've few questions:
1.Do we have any kind of syslogs logs for IPS SSM 10? basically i want to know what kind of attacks, intrusion & DoS has happened.
2.Can we update the Signature automatically thru Cisco site?The AIP-SSM does not support syslog as an alert format.
The default method to receive alert information from the AIP-SSM is through Security Device Event Exchange (SDEE). Another option is to configure individual signatures in order to generate a SNMP trap as an action to take when they are triggered.
Maybe you are looking for
-
I tried to update my ipad with IOS7, it crashed!!!!!! now my ipad will not work, have tried to restore the ipad, will not restore, help please??
-
Reg:Error in Test Configure
Hi Guys, My sce is File to Rfc while testing in Test Configure in ID it giving error as Interface Determination and Operation Mapping not found but when i was trigger from RWB it Processed sucess,can anyone give me solution for this Error
-
Text Fadein/Fadeou in DW CS3
Hi, I was watching a DW CS3 video on youtube about the Fade In and Fade Out behavior. Is that behavior available as a plug-in for DW8? My best regards.
-
ITunes cannot run because...
...some of it's required files are missing. Please reinstall iTunes. That's the error message I get when I try to open iTunes. Usually I always keep iTunes opne. But yesterday I plugged my ipid in to try and update it,and nothing was happening except
-
Document Splitting Function in 6.0 dectvt & reactvt
Dear All, At our client site, some user with access to customisation, deactivated the Document Splitting by checking the Inactive Tick for the Company Code. This came to light after some days. This directly affected out Business area balance sheet. N