Cisco IPS 7.0: Configuring Cisco IPS Signature Engines and Anomaly Detection

Target Audience
Expected Duration
Lesson Objectives
Course Number

This course describes the engine architecture found in the Cisco Intrusion Prevention System (IPS) sensors. It introduces each engine category and briefly describes each engine. You can use the information in this course to better understand individual signatures when tuning them, and when creating custom signatures. Anomaly detection is also introduced in this course. The anomaly detection component of the Cisco Intrusion Prevention System (IPS) Sensor Software detects known and yet-unknown network treats and can take appropriate preventive actions to prevent their spreading in the network. Anomaly detection enables the sensor to be less dependent on signature updates by letting the Cisco IPS sensor learn normal activity, send alerts, and take dynamic response actions for behavior that deviates from what it has learned as normal behavior. In this course, you will learn to deploy and troubleshoot the anomaly detection functionality of the Cisco IPS sensor.

Target Audience
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security, Cisco Certified Security Professional CCSP Certification or Cisco IPS Specialist Certification designation. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure. Candidates who have completed the Cisco Certified Network Associate Security Certification - Implementing Cisco IOS Network Security (IINS)

Expected Duration (hours)

Lesson Objectives

Cisco IPS 7.0: Configuring Cisco IPS Signature Engines and Anomaly Detection

  • describe Cisco IPS signature engine configuration
  • recognize the characteristics of alarm summarization
  • match the ATOMIC signature engine to its function
  • describe the characteristics of STRING signature engines
  • describe the characteristics of SERVICE signature engines
  • describe the characteristics of FLOOD signature engines
  • describe the characteristics of SWEEP signature engines
  • sequence the steps to configure META signatures
  • describe the NORMALIZER signature engine
  • identify the tasks to enable the AIC engines
  • identify the characteristics of anomaly detection
  • match the components used by anomaly detection to their characteristics
  • describe the process of configuring anomaly detection of a Cisco IPS sensor
  • sequence the steps to configuring anomaly detection
  • recognize basic anomaly detection troubleshooting steps
  • Course Number: