Alert Option for AIP-SSM

Hi,
Understand that AIP-SSM doesn't support email alert, may i know what are the alert option that I can configure in order to receive notification when a severity 1 event had been detected?
regards

IME is a free tool. IF it supports email alerts you can download that and use it:
http://www.cisco.com/en/US/products/ps9610/index.html
Regards
Farrukh

Similar Messages

  • How to buy license? for AIP-SSM-10 ?

    Hi all
    how to buy license? for AIP-SSM-10 ?
    1. CON-SU1-AS1A1PK9 this is Cisco SMARTnet Support for AIP-SSM-10
    2. do I need smartnet for ASA ?
    3. what is part number of license ?
    ASA5510test# session 1
    Opening command session with slot 1.
    Connected to slot 1. Escape character sequence is 'CTRL-^X'.
    login: cisco
    Password:
    ***NOTICE***
    This product contains cryptographic features and is subject to United States
    and local country laws governing import, export, transfer and use. Delivery
    of Cisco cryptographic products does not imply third-party authority to import,
    export, distribute or use encryption. Importers, exporters, distributors and
    users are responsible for compliance with U.S. and local country laws. By using
    this product you agree to comply with applicable laws and regulations. If you
    are unable to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    ***LICENSE NOTICE***
    There is no license key installed on the SSM-IPS10.
    The system will continue to operate with the currently installed
    signature set.  A valid license must be obtained in order to apply
    signature updates.  Please go to http://www.cisco.com/go/license
    to obtain a new license or install a license.
    sensor#
    sensor# sh ver
    Application Partition:
    Cisco Intrusion Prevention System, Version 6.0(6)E3
    Host:
        Realm Keys          key1.0
    Signature Definition:
        Signature Update    S399.0                   2009-05-06
        Virus Update        V1.4                     2007-03-02
    OS Version:             2.4.30-IDS-smp-bigphys
    Platform:               ASA-SSM-10
    Serial Number:          ........
    No license present
    Sensor up-time is 21 min.
    Using 655507456 out of 1032499200 bytes of available memory (63% usage)
    application-data is using 39.7M out of 166.8M bytes of available disk space (25%
    usage)
    boot is using 37.6M out of 68.6M bytes of available disk space (58% usage)
    MainApp          N-NUBRA_2009_JUL_15_01_10_6_0_5_57   (Ipsbuild)   2009-07-15T01
    :15:08-0500   Running
    AnalysisEngine   N-NUBRA_2009_JUL_15_01_10_6_0_5_57   (Ipsbuild)   2009-07-15T01
    :15:08-0500   Running
    CLI              N-NUBRA_2009_JUL_15_01_10_6_0_5_57   (Ipsbuild)   2009-07-15T01
    :15:08-0500
    Upgrade History:
      IPS-K9-6.0-6-E3   17:48:06 UTC Wed Jul 15 2009
    Recovery Partition Version 1.1 - 6.0(6)E3
    sensor#

    Hi,
    CON-SU1-AS2A10K9 contract if for ASA+IPS bundle. If AIP-SSM-10 ws purchased as a spare the contract would be CON-SU1-ASIP10K9.
    I am not sure whether or not this Cisco Service for IPS contract can be  used to cover just the AIP-SSM-10 if it was purchased as part of a  Bundle instead of a Spare.
    I would recommend that you check with your Cisco reseller or Cisco  Sales Representative.
    Sourav

  • Signature Updates for AIP-SSM 10

    Hi all how can i obtain Signature Updates for AIP-SSM 10 where i am having 60 day trial license with me

    Here is the main file download page for the IPS sensors.
    Find the section for the version you are running and click on the Latest Signature Updates link to take to you to the download page for signature updates.
    You can then download which ever signature update you want.
    NOTE1: Each Signature Updates contains all signatures from previous Sig levels. So you only need to download the latest one.
    NOTE2: Each signature update has a specific E (Engine) level requirement. You can execute "show ver" on your sensor to determine if it is at an E1 or E2 level. If it is at E1 and you want the latest sigs that require E2 then you will first need to install the E2 upgrade.
    On that main download page look for the "Latest Upgrades" link for your version, and look for the IPS-engine-E2-req-X.X-X.pkg file where the X.X-X matches your sensor version.
    If there is not an X.X-X matching your sensor version, then you may need to upgrade the software version for your sensor as well.
    NOTE3: Many of these links will also require an account on cisco.com. And for some of these files that account may also need to be verified for being from a country where the USA's export restrictions allow downloads for encryption. (Most countries qualify but you do have to go through that qualification step). It has been over 10 years that I have had do this so I am not sure of the latest procedures for getting an account or validating it for encrpytion downloads.

  • How to generate license for AIP-SSM without PAK-number?

    Hello! I’m sorry for my English. I have a problem with generating license for AIP-SSM. My contract with SMARTnet service is activated, but I don’t have a PAK-number. How I can generate a license for updating my module?

    Alternatively you can always write an email to [email protected] with your serial number and they should be able to provide you the license for any cisco device.
    Sachin

  • Obtaining hardware and signature support for AIP SSM-10

    We have a 5510 which we have purchased an AIP SSM-10 card for the ASA which is already under a support contract. We now wish to add hardware maintenance for the new AIP SSM-10 card as well as signature updates. Our Cisco supplier will not confirm that we will receive signature updates with the hardware support though (we have been trying to get an answer from them since June or July now).
    Could someone let us know what the correct part number is so we can ask for the specific option that will provide both hardware cover and signature updates.

    i think this is what you need,
    CON-SU1-AS1A1PK9
    IPS SVC, AR NBD ASA5510-AIP10SP-K9
    cisco smartnet support

  • Password Reset for AIP-SSM 10

    Hi,
    i have an ASA5520 with v 7.2(2) running.
    but the IPS module spftware is 5.1
    when i tried to login to the > session 1
    it prompts me for a login and password.
    i tried cisco and a few other combinations.. but no luck ,,
    how do i reset it ?? also that reset procedure on the docs says its resets password or the user cisco ..
    how can i be sure if the user cisco even exists on it or not ?
    any help please ???

    no man it doesnt ..
    the link u specified says it too..
    hw-module module slot_number password-reset?This command recovers a password on a Cisco ASA 5500 Series Content Security and Control Security Services Module (CSC-SSM) or the AIP-SSM without having to re-image the device.
    Note: This command starts support from IPS 6.0 (ASA 7.2 version) and is used to restore the Cisco CLI account password to the default cisco
    hers my ASA and IPS details..
    ASA# sh version
    Cisco Adaptive Security Appliance Software Version 7.2(2)
    Device Manager Version 5.2(2)
    Compiled on Wed 22-Nov-06 14:16 by builders
    System image file is "disk0:/asa722-k8.bin"
    Config file at boot was "startup-config"
    ASA up 22 days 3 hours
    Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
    ASA# sh module 1
    Mod Card Type Model Serial No.
    1 ASA5500 SSM-10 ASA-SSM-10 B155670DW4
    Mod MAC Add Range Hw Ver. Fw Ver. Sw Ver.
    1 00xx to 001 1.0 1.0(10)0 5.0(2)S152.0
    Mod SSM Apps. Name Status SSM Apps Version
    1 IPS Up 5.0(2)S152.0
    Mod Status Data Plane Status Compatibility
    1 Up Up

  • AAA for AIP-SSM-40

    Hi,
    Can AAA be activated with the IPS module of the ASA (AIP-SSM card). if so, please let me know how?
    Thx in advance
    Ihssan

    Please see the following URL:
    http://www.cisco.com/en/US/docs/security/ips/7.1/configuration/guide/idm/idm_setup.html#wp1245416
    As stated here, Authentication and Authorization are supported, but Accounting messages aren't sent to the RADIUS backend.

  • AIP SSM

    Hello Friends,
    Please see the attached.
    I have 2 AIP-SSM module in 2 ASA boxes, The version of 1 IPS is 7.0(2)E4 and the other is 6.2(1)E3 i want to upgrade the 6.2 to 7.0.2. But on cisco website there is no such download option for 7.0(2) OR 7.0(4)system software.
    I have a valid IPS  contract with cisco but still i can't see any option to download the version 7.0
    Thanks

    You are looking at the wrong download site, that is for IPS SSC-5 on ASA 5505.
    Here is the download site for AIP-SSM module:
    http://www.cisco.com/cisco/software/release.html?mdfid=280302728&flowid=4427&softwareid=282549759&release=7.0%284%29E4&rellifecycle=&relind=AVAILABLE&reltype=latest
    (The latest is 7.0.4(E4))
    Here is the ReadMe on the platform that is supported and AIP module on ASA uses the same file "IPS-K9-7.0-4-E4.pkg":
    http://www.cisco.com/web/software/282549709/35783/IPS-7_0-4-E4_readme.txt
    Hope this helps.

  • AIP-SSM (Not Applicable)

    Hi Experts,
                 We have 2ASA and each one have AIP-SSM,with 2nd ASA AIP-SSM I tried to upload latest image for AIP-SSM 20 but didnt worked and now i see module is dead...pls check the detials below.....pls help me out how to make it up or work properly so that i can config other stuff.Pls its very imp and urgent help me out....
    ASA-A:
    251-DBSi-ASA5540# sh module 1
    Mod Card Type                                    Model              Serial No.
      1 ASA 5500 Series Security Services Module-20  ASA-SSM-20         JAF11370608
    Mod MAC Address Range                 Hw Version   Fw Version   Sw Version
      1 0007.0e11.e13b to 0007.0e11.e13b  1.0          1.0(11)2     5.1(6)E1
    Mod SSM Application Name           Status           SSM Application Version
      1 IPS                            Up               5.1(6)E1
    Mod Status             Data Plane Status     Compatibility
      1 Up                 Up
    ASA-B:
    251-DBSi-ASA5540# sh module 1
    Mod Card Type                                    Model              Serial No.
      1 ASA 5500 Series Security Services Module-20  ASA-SSM-20         JAF1137060C
    Mod MAC Address Range                 Hw Version   Fw Version   Sw Version
    1 001d.4524.a414 to 001d.4524.a414  1.0          1.0(11)2     5.1(6)E1
    Mod SSM Application Name           Status           SSM Application Version
      1 IPS                            Not Applicable   5.1(6)E1
    Mod Status             Data Plane Status     Compatibility
      1 Recover            Not Applicable

    Please try rebooting the module, if it does not work recovery it using the following procedure
    http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/cliimage.html#wpxref68481
    Regards
    Farrukh

  • Resetting password in AIP-SSM-20

    Dear all
    please advice me, how to resetting password in ASA5520-AIP-SSM-20.
    Note:according to cisco PDF, i carried out, but still required username/password.
    Pls. let me know what is the default username/password for AIP-SSM-20
    Thanks & regards

    Cisco Default:
    login: cisco
    password: cisco

  • AIP-SSM configured with event action "produce alert", but it drop packets

    Hi, I configured an AIP-SSM IPS on event action for "Produce Alert", but when fire a signature, it drop the packets. So, what will be the problem?

    Try these links:
    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/cliguide/clievact.htm#wp1034058
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml

  • AIP-SSM How to Verify Traffic is being passed for inspection?

    "show conf" command on my AIP SSM CLI. gigabitEthernet0/1 backplane interface of the SSM has not been assigned to virtual sensor vs0.but
    Through this command show service-policy
    traffic is recevied by IPS Module.why this,
    Kindly guide me

    Thanks,i got it.
    Cinet-IPS1# show statistics virtual-sensor
    Virtual Sensor Statistics
    Statistics for Virtual Sensor vs0
    Name of current Signature-Defintion instance = sig0
    Name of current Event-Action-Rules instance = rules0
    List of interfaces monitored by this virtual sensor = GigabitEthernet0/1 subinterface 0
    General Statistics for this Virtual Sensor
    Number of seconds since a reset of the statistics = 434653
    SensorApp Memory Use Percentage = 33
    Processing Load Percentage = 1
    Total packets processed since reset = 1722
    Total IP packets processed since reset = 1722
    Total IPv4 packets processed since reset = 1722
    Total IPv6 packets processed since reset = 0
    Total IPv6 AH packets processed since reset = 0
    Total IPv6 ESP packets processed since reset = 0
    Total IPv6 Fragment packets processed since reset = 0
    Total IPv6 Routing Header packets processed since reset = 0
    Total IPv6 ICMP packets processed since reset = 0
    Total packets that were not IP processed since reset = 0
    Total TCP packets processed since reset = 1466
    Total UDP packets processed since reset = 0
    Total ICMP packets processed since reset = 256
    Total packets that were not TCP, UDP, or ICMP processed since reset = 0
    Total ARP packets processed since reset = 0

  • Installing signature update for IDSM-2 on AIP-SSM

    Hi every one,im not sure about this question but i think its beter to ask you experts.i want to know that if i have signature update for example for my IDSM-2 can i instal this sig update on my AIP-SSM --> suppose that IPS software on both devices are same and also i have installed valid license key on AIP-SSM.now can i do this or no? and i know that if you have not valid license installed on IDSM-2 you cant instal any sig update on IDSM-2 but what about AIP-SSM?i mean can i instal sig update on AIP-SSM without installed valid license key on AIP-SSM? thanks

    There are 3 main types of Signature Updates.
    1) IPS Sensor Signature Updates
    2) CSM Signature Updates for IPS Sensors
    3) IOS IPS Signature Updates
    The IPS Signature Update filename is in the form: IPS-sig-Sxxx-req-Ey.pkg
    This is most likely what you are referrnig to in your post. This file can be installed on ANY IDS/IPS Appliance or Module.
    The Requirement here is not the platform but rather the Engine Level. The "req-Ey" portion of the filename tells you that the sensor must already be running the "y" Engine level of software.
    So an IPS-sig-S436-req-E3.pkg file can be installed on any IDS/IPS Appliance or Module so long as the software on that sensor is an "E3" version.
    The CSM updates, are signature updates for the Cisco Security Manager. They contain special files that CSM uses to update itself, and then also included within the CSM update is the actual sensor update described above. CSM unpackages the CSM update, updates itself, and then uses that embedded file to upgrade the actual sensor.
    The third type of file is for IOS Routers loaded with special IOS software that has the special IOS IPS features where the Router itself (instead of a separate IDS/IPS module) does the signature monitoring.
    These IOS IPS Signature Updates get installed on the actual router, and are not installed on the IDS/IPS Sensor Appliances or Modules.
    So in answer to your question, yes the same Signature Update for your IDSM-2 is the exact same Signature Update for your SSM modules.
    The exact same file is available through multiple different paths on cisco.com. But it doesn't matter through which cisco.com path you downloaded the file you can still install it on all IDS/IPS Appliances and Modules.
    As for licensing, the license works the same on all IDS/IPS Appliances and Modules. A license must be on the sensor for the Signature Update to be applied.
    NOTE: A Trial License is available from cisco.com for new sensors to allow you time to get everything setup correctly for your sensor to be covered by a service contract, and get the standard license from the service contract.

  • Will the AIP-SSM for the ASA stop this?

    I have a client emailed me today that someone did a script injection attack on one of their web servers. It ran a backdoor Trojan virus on their web server. I know the AIP-SSM will stop the Trojan, but will it stop someone from doing the script injection attack. If so, is it documented and can you point me to the document.
    Thanks.
    Dan

    Hi,
    If you know exactly which of the various script injection attacks was used you can simply look it up here:
    http://tools.cisco.com/security/center/home.x
    If you don't know exactly which one then it's slightly harded to know whether it would have been stopped, but searching on "script injection" or similar should narrow down the candidates and give you an idea on whether it would have been stopped or not.
    Remember that an IPS isn't perfect, but it *will* significantly lower your risk if setup and maintained properly.
    HTH
    Andrew.

  • Syslog support for IPS SSM 10

    Hi,
    I am new to IPS SSM 10. i've few questions:
    1.Do we have any kind of syslogs logs for IPS SSM 10? basically i want to know what kind of attacks, intrusion & DoS has happened.
    2.Can we update the Signature automatically thru Cisco site?

    The AIP-SSM does not support syslog as an alert format.
    The default method to receive alert information from the AIP-SSM is through Security Device Event Exchange (SDEE). Another option is to configure individual signatures in order to generate a SNMP trap as an action to take when they are triggered.

Maybe you are looking for