Cisco IPS 7.0: Configuring Cisco IPS Signature Engines and Anomaly Detection

This course is included in our On-demand training solution.


This course describes the engine architecture found in the Cisco Intrusion Prevention System (IPS) sensors. It introduces each engine category and briefly describes each engine. You can use the information in this course to better understand individual signatures when tuning them, and when creating custom signatures.
Anomaly detection is also introduced in this course. The anomaly detection component of the Cisco Intrusion Prevention System (IPS) Sensor Software detects known and yet-unknown network treats and can take appropriate preventive actions to prevent their spreading in the network. Anomaly detection enables the sensor to be less dependent on signature updates by letting the Cisco IPS sensor learn normal activity, send alerts, and take dynamic response actions for behavior that deviates from what it has learned as normal behavior. In this course, you will learn to deploy and troubleshoot the anomaly detection functionality of the Cisco IPS sensor.

Target Audience

Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security, Cisco Certified Security Professional CCSP Certification or Cisco IPS Specialist Certification designation. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure. Candidates who have completed the Cisco Certified Network Associate Security Certification – Implementing Cisco IOS Network Security (IINS)


Expected Duration

90 min.

Course Objectives

Cisco IPS Signature Engines and Common Parameters

  • describe Cisco IPS signature engine configuration
  • recognize the characteristics of alarm summarization
  • Deploying ATOMIC Signature Engines

  • match the ATOMIC signature engine to its function
  • Deploying STRING and SERVICE Signature Engines

  • describe the characteristics of STRING signature engines
  • describe the characteristics of SERVICE signature engines
  • Deploying FLOOD and SWEEP Signature Engines

  • describe the characteristics of FLOOD signature engines
  • describe the characteristics of SWEEP signature engines
  • Deploying the META and the NORMALIZER Signature Engines

  • sequence the steps to configure META signatures
  • describe the NORMALIZER signature engine
  • Deploying Other Engines

  • identify the tasks to enable the AIC engines
  • Anomaly Detection

  • identify the characteristics of anomaly detection
  • match the components used by |w anomaly detection to their characteristics
  • Configuring Anomaly Detection

  • describe the process of configuring anomaly detection of a Cisco IPS sensor
  • sequence the steps to configuring anomaly detection
  • Verifying and Troubleshooting Anomaly Detection

  • recognize basic anomaly detection troubleshooting steps