Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 386

Communications
Each application registers to the IDAPI to send and receive events and control transactions. IDAPI
provides the following services:
•
•
IDAPI provides the necessary synchronization mechanisms to guarantee atomic data accesses.
RDEP2
External communications use RDEP2. RDEP2 is an application-level communications protocol used to
exchange IPS event, IP log, configuration, and control messages between IPS clients and IPS servers.
RDEP2 communications consist of request and response messages. RDEP2 clients initiate request
messages to RDEP2 servers. RDEP2 servers respond to request messages with response messages.
RDEP2 defines three classes of request/response messages: event, IP log, and transaction messages.
Event messages include IPS alert, status, and error messages. Clients use IP log requests to retrieve IP
log data from servers. Transaction messages are used to configure and control IPS servers.
RDEP2 uses the industry standards HTTP, TLS and SSL and XML to provide a standardized interface
between RDEP2 agents. The RDEP2 protocol is a subset of the HTTP 1.1 protocol. All RDEP2 messages
are legal HTTP 1.1 messages. RDEP2 uses HTTP's message formats and message exchange protocol to
exchange messages between RDEP2 agents.
You use the IPS manager to specify which hosts are allowed to access the sensor through the network.
Sensors accept connections from 1 to 10 RDEP2 clients simultaneously. Clients selectively retrieve data
by time range, type of event (alert, error, or status message) and level (alert = high, medium, low, or
informational; error = high, medium, low). Events are retrieved by a query (a single bulk get) or
subscription (a real-time persistent connection) or both. Communications are secured by TLS or SSL.
For retrieving events, the sensor is backwards-compatible to RDEP even though the new standard for
Note
retrieval is RDEP2. We recommend you use RDEP2 to retrieve events and send configuration changes
for IPS 5.0.
Remote applications retrieve events from the sensor through RDEP2. The remote client sends an RDEP2
event request to the sensor's Web Server, which passes it to the Event Server. The Event Server queries
the Event Store through IDAPI and then returns the result.
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
A-32
Control transactions
Initiates the control transaction.
–
Waits for the inbound control transaction.
–
Responds to the control transaction.
–
IPS events
Subscribes to remote IPS events, which are stored in the Event Store when received.
–
Reads IPS events from the Event Store.
–
Writes IPS events to the Event Store.
–
Appendix A System Architecture
78-16527-01