Cisco IPS 7.0: False Positives, Negatives and Response Improvement

Target Audience
Expected Duration
Lesson Objectives
Course Number

Network intrusion prevention technologies are much more effective when they are customized for the environment in which they operate, which increases the quality of produced alarms and responses. This course examines some methodologies to tune a Cisco Intrusion Prevention System (IPS) sensor to properly manage false positive and negative events. This course also provides configuration guidance for integrating the Cisco Intrusion Prevention System (IPS) sensor with your network and system environment and discusses several Cisco IPS sensor features can be enabled to increase the quality of the alarms and responses that are produced.

Target Audience
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security, Cisco Certified Security Professional CCSP Certification or Cisco IPS Specialist Certification designation. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure. Candidates who have completed the Cisco Certified Network Associate Security Certification - Implementing Cisco IOS Network Security (IINS)

Expected Duration (hours)

Lesson Objectives

Cisco IPS 7.0: False Positives, Negatives and Response Improvement

  • describe the process of tuning false positives
  • match false positives and false negatives to their descriptions
  • recognize the process of tuning the IPS sensor to reduce false positives
  • describe the process of counting signatures to reduce false positives
  • describe the process of selectively disabling signatures for specific traffic
  • tune signatures to eliminate false positives
  • order the phases of the false-negative tuning process
  • describe the solutions for false negative reduction
  • match the operating system identification method to its description
  • recognize operating system identification guidelines
  • describe how to adjust signature fidelity ratings to influence event risk rating values
  • recognize how to use the Management Center for Cisco Security Agent attacker information to influence risk rating
  • sequence the steps to deploy and configure the Cisco IPS sensor Global Correlation feature
  • Course Number: