Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 507

Router Switch Module. A router module that is installed in a Catalyst 5000 switch. It functions exactly
RSM
like a standalone router.
Real-Time Transport Protocol. Commonly used with IP networks. RTP is designed to provide
RTP
end-to-end network transport functions for applications transmitting real-time data, such as audio,
video, or simulation data, over multicast or unicast network services. RTP provides such services as
payload type identification, sequence numbering, timestamping, and delivery monitoring to real-time
applications.
S
Signature Analysis Processor. Dispatches packets to the inspectors that are not stream-based and that
SAP
are configured for interest in the packet in process.
Simple Certificate Enrollment Protocol. The Cisco Systems PKI communication protocol that
SCEP
leverages existing technology by using PKCS#7 and PKCS#10. SCEP is the evolution of the enrollment
protocol.
Security Device Event Exchange. A product-independent standard for communicating security device
SDEE
events. It is an enhancement to RDEP. It adds extensibility features that are needed for communicating
events generated by various types of security devices.
Slave Dispatch Processor.
SDP
Protocol that provides a secure remote connection to a router through a Transmission Control Protocol
Secure Shell
(TCP) application.
Protocol
signature event action filter. Subtracts actions based on the signature event's signature ID, addresses,
SEAF
and RR. The input to the SEAF is the signature event with actions possibly added by the SEAO.
signature event action handler. Performs the requested actions. The output from SEAH is the actions
SEAH
being performed and possibly an <evIdsAlert> written to the Event Store.
signature event action override. Adds actions based on the RR value. SEAO applies to all signatures
SEAO
that fall into the range of the configured RR threshold. Each SEAO is independent and has a separate
configuration value for each action type.
Signature Event Action Processor. Processes event actions. Event actions can be associated with an
SEAP
event risk rating (RR) threshold that must be surpassed for the actions to take place.
Monitoring Center for Security. Provides event collection, viewing, and reporting capability for
Security Monitor
network devices. Used with the IDS MC.
The interface on the sensor that monitors the desired network segment. The sensing interface is in
sensing interface
promiscuous mode; it has no IP address and is not visible on the monitored segment.
The sensor is the intrusion detection engine. It analyzes network traffic searching for signs of
sensor
unauthorized activity.
78-16527-01
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Glossary
GL-13