Skip Links

How Cisco's SensorBase works

By , Network World
August 10, 2009 12:08 AM ET

Network World - Understanding exactly how SensorBase will affect an event's Risk Rating when Global Correlation Inspection is turned on is somewhat complicated. You have to pick a system-wide level, ranging from "permissive" to "standard" to "aggressive." Then, every time an event occurs where the IP address involved has a bad reputation, the Risk Rating will be bumped up by some amount.

Cisco engineers showed us an "internal use only" table that spells out how different reputations (which are on a scale from 0 to -10, with -10 being the worst possible reputation) and different levels selected will affect the Risk Rating, but told us that they don't plan to put this into the documentation quite yet. Their reason is that they wanted the ability to adjust the way the table operates as they gain more experience with combining reputation services and IPS signatures, and as they figure out the "right" increase in Risk Rating for each scenario.

Return to test.

Read more about security in Network World's Security section.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News