Resolution
How does real time monitoring work in VigilEnt Security Agent for Cisco Secure IDS?
fact
VigilEnt Security Agent for Cisco Secure IDS 1.0
fact
VigilEnt Security Agent for Cisco Secure IDS 1.0 SP2
fix
The VigilEnt Security Agent for Cisco Secure IDS (VSA for Cisco Secure IDS) monitors alerts generated by Cisco devices. All of these events are listed in the Event Viewer in the VSA for Cisco Secure IDS console and sent to the database. These events can then be pushed to the VSA for Cisco Secure IDS console, filtered through a rule set and sent to the VigilEnt Security Manager console, or stored.
Secure IDS performs real-time monitoring of network packets by capturing the packets and analyzing them against Cisco?s set of rules that indicate intrusion activity. Once Secure IDS has checked the packets against its set of rules, VSA for Cisco Secure IDS checks the packet against its own set of rules, which you can configure in the Cisco Secure IDS Rules Editor.
The rules that you create through the Cisco Secure IDS Rules Editor are based on certain conditions, or building blocks. You can combine as many building blocks as you like to form a rule. You can also specify whether all conditions in the rule must be satisfied to generate an alert, or whether any one of the conditions must be satisfied.