Cisco IPS 7.0: Managing and Analyzing Events

Target Audience
Expected Duration
Lesson Objectives
Course Number

Cisco IPS Manager Express (IME) is a powerful, integrated intrusion prevention system (IPS) management application that is designed to meet IPS sensor configuration, operation, event monitoring, and event reporting needs of small- and medium-sized businesses. With one application, you can provision, monitor, troubleshoot, and generate reports for as many as 10 Cisco IPS sensors. Cisco IME allows administrators to create long-term reports that are based on the event database, and real-time notifications to quickly alert administrators about critical events, as defined by the notifications policy. In larger enterprise environments, or when features provided by Cisco IPS Device Manager (IDM) or Cisco IME are not adequate for specific purposes, Cisco IPS sensors are often integrated with the Cisco Security Manager for enhanced provisioning, and the Cisco Security Monitoring, Analysis, and Response System (MARS) for enhanced event monitoring and analysis capabilities. This course provides an overview of Cisco IME, enabling you to use most aspects of its user interface, and create custom reports and custom notifications. Additionally, this course provides you with configuration guidance to initially integrate a Cisco IPS Sensor with Cisco Security Manager and Cisco Security MARS, and use the Cisco Security Intelligence Operations (SIO) site, the Cisco IntelliShield database, and the Cisco IntelliShield Alert Manager services to increase your operational capability when evaluating data from Cisco IPS sensors.

Target Audience
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security, Cisco Certified Security Professional CCSP Certification, or Cisco IPS Specialist Certification designation. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality, and availability of data and network devices that Cisco uses in its security infrastructure. Candidates who have completed the Cisco Certified Network Associate Security Certification - Implementing Cisco IOS Network Security (IINS)

Expected Duration (hours)

Lesson Objectives

Cisco IPS 7.0: Managing and Analyzing Events

  • evaluate features of Cisco IME
  • recognize how to install the Cisco IME software
  • identify features of the Cisco IME user interface
  • recognize how to configure and verify integration between Cisco IME and Cisco IPS sensors
  • identify Cisco IPS Manager Express advanced event-monitoring capabilities
  • recognize how to use Cisco IME tools to investigate event details
  • recognize the ways you can manage database events in the Cisco IME’s database
  • identify features of Cisco IME reporting
  • identify ways to modify e-mail notifications in Cisco IME
  • identify the benefits of Cisco Security Manager
  • recognize how to initialize IPS Sensors for Cisco Security Manager
  • identify how to initialize IPS devices for Cisco Security MARS
  • recognize the prerequisites to Cisco Security Manager and MARS cross-launch capability
  • identify Cisco SIO features
  • describe Cisco IntelliShield Alert Manager features
  • describe Cisco IntelliShield Alert Manager Service components
  • recognize how to add IntelliShield Alert Manager product sets
  • recognize how to create a notification in the Cisco IntelliShield Alert Manager Service
  • Course Number: