Cisco Systems IPS4510K9 8-24, Add any comments you want to use to explain this filter., Verify the settings for the filter., Edit an existing filter., Edit the parameters (see Steps 4a through 4l)., Move a filter up or down in the filter list., Verify that you have moved the filters.

8-24

Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2

OL-29168-01

Chapter8 Configuring Event Action Rules

Configuring Event Action Filters

l.

Add any comments you want to use to explain this filter.

sensor(config-eve-fil)# user-comment NEW FILTER

Step 5

Verify the settings for the filter.

sensor(config-eve-fil)# show settings

NAME: name1

-----------------------------------------------

signature-id-range: 1000-10005 default: 900-65535

subsignature-id-range: 1-5 default: 0-255

attacker-address-range: 192.0.2.3-192.0.2.26 default: 0.0.0.0-255.255.255.255

victim-address-range: 192.56.10.1-192.56.10.255 default: 0.0.0.0-255.255.255.255

ipv6-attacker-address-range: 2001:0db8:3c4d:0015:0000:0000:abcd:ef12 default:

::0-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

ipv6-victim-address-range: ::0-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF default:

::0-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

attacker-port-range: 0-65535 <defaulted>

victim-port-range: 1-343 default: 0-65535

risk-rating-range: 85-100 default: 0-100

actions-to-remove: reset-tcp-connection default:

deny-attacker-percentage: 90 default: 100

filter-item-status: Enabled default: Enabled

stop-on-match: True default: False

user-comment: NEW FILTER default:

os-relevance: relevant default: relevant|not-relevant|unknown

------------------------------------------------

senor(config-eve-fil)#

Step 6

Edit an existing filter.

sensor(config-eve)# filters edit name1

Step 7

Edit the parameters (see Steps 4a through 4l).

Step 8

Move a filter up or down in the filter list.

sensor(config-eve-fil)# exit

sensor(config-eve)# filters move name5 before name1

Step 9

Verify that you have moved the filters.

sensor(config-eve-fil)# exit

sensor(config-eve)# show settings

-----------------------------------------------

filters (min: 0, max: 4096, current: 5 - 4 active, 1 inactive)

-----------------------------------------------

ACTIVE list-contents

-----------------------------------------------

NAME: name5

-----------------------------------------------

signature-id-range: 900-65535 <defaulted>

subsignature-id-range: 0-255 <defaulted>

attacker-address-range: 0.0.0.0-255.255.255.255 <defaulted>

victim-address-range: 0.0.0.0-255.255.255.255 <defaulted>

attacker-port-range: 0-65535 <defaulted>

victim-port-range: 0-65535 <defaulted>

risk-rating-range: 0-100 <defaulted>

actions-to-remove: <defaulted>

filter-item-status: Enabled <defaulted>

stop-on-match: False <defaulted>

user-comment: <defaulted>

-----------------------------------------------