35-10
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 35 Getting Started with IPS Configuration
Configuring SNMP
Step 4 If you configure trap destinations, you must also ensure that the desired alerts include the Request
SNMP Trap action. You have the following options for adding this action:
(Easy way.) Create an event action override to add the Request SNMP Trap action to all alerts of a
specified risk rating (IPS > Event Actions > Event Action Overrides policy). For example, you
could generate traps for all alerts with a risk rating between 85-100. Event action overrides let you
add an action without individually editing each signature. For more information, see Configuring
Event Action Overrides, page 39-13.
(Precise way.) Edit the Signatures policy (IPS > Signatures > Signatures) to add the Request
SNMP Trap action to the signatures for which you want to send trap notifications. Traps are sent
only for signatures that you configure to send traps.
Note If the signature has Default for the source, you have to change the source to the Local
source before you can change the action. However, if you right-click the Action cell in
the signatures table and select Edit Actions, then select Request SNMP Trap (along
with any other desired action) and click OK, the source is automatically changed to
Local.
Step 5 Add the SNMP management stations to the Allowed Hosts policy. The management stations must be
allowed hosts to access the sensor. See Identifying Allowed Hosts, page35-7.
General SNMP Configuration Options
Use the General Configuration tab on the SNMP page to configure general SNMP parameters and apply
them to IPS sensors. For the procedure, see Configuring SNMP, page35-8.
Navigation Path
(Device view) Select Platform > Device Admin > Device Access > SNMP from the Policy selector.
Select the General Configuration tab.
(Policy view) Select IPS > Platform > Device Admin > Device Access > SNMP, then select an
existing policy or create a new one. Select the General Configuration tab.
Field Reference
Table35-1 General Configuration Tab, SNMP Policy for IPS Sensors
Element Description
Enable SNMP Gets/Sets Whether to enable the SNMP management workstation to obtain (get)
information, and modify (set) values on the IPS sensor. If you do not
enable this option, the management workstation cannot manage this
sensor; the sensor will not respond to SNMP requests.
Read-Only Community
String
The community string required for read-only access to the sensor.
SNMP get requests from the management station must supply this
string to get responses from the sensor. This string gives access to all
SNMP get requests. Use the string to help identify the sensor.