Cisco IPS 7.0: Managing and Analyzing Events

This course is included in our On-demand training solution.


Cisco IPS Manager Express (IME) is a powerful, integrated intrusion prevention system (IPS) management application that is designed to meet IPS sensor configuration, operation, event monitoring, and event reporting needs of small- and medium-sized businesses. With one application, you can provision, monitor, troubleshoot, and generate reports for as many as 10 Cisco IPS sensors. Cisco IME allows administrators to create long-term reports that are based on the event database, and real-time notifications to quickly alert administrators about critical events, as defined by the notifications policy.
In larger enterprise environments, or when features provided by Cisco IPS Device Manager (IDM) or Cisco IME are not adequate for specific purposes, Cisco IPS sensors are often integrated with the Cisco Security Manager for enhanced provisioning, and the Cisco Security Monitoring, Analysis, and Response System (MARS) for enhanced event monitoring and analysis capabilities.
This course provides an overview of Cisco IME, enabling you to use most aspects of its user interface, and create custom reports and custom notifications. Additionally, this course provides you with configuration guidance to initially integrate a Cisco IPS Sensor with Cisco Security Manager and Cisco Security MARS, and use the Cisco Security Intelligence Operations (SIO) site, the Cisco IntelliShield database, and the Cisco IntelliShield Alert Manager services to increase your operational capability when evaluating data from Cisco IPS sensors.

Target Audience

Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security, Cisco Certified Security Professional CCSP Certification, or Cisco IPS Specialist Certification designation. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality, and availability of data and network devices that Cisco uses in its security infrastructure. Candidates who have completed the Cisco Certified Network Associate Security Certification – Implementing Cisco IOS Network Security (IINS)


Expected Duration

90 min.

Course Objectives

Evaluate and Install Cisco IME

  • evaluate features of Cisco IME
  • recognize how to install the Cisco IME software
  • Using Cisco IPS Manager Express User Interface

  • identify features of the Cisco IME user interface
  • Integrating Cisco IME with IPS Sensors

  • recognize how to configure and verify integration between Cisco IME and Cisco IPS sensors
  • Managing IPS Events Using Cisco IPS Manager Express

  • identify Cisco IPS Manager Express advanced event-monitoring capabilities
  • Investigating and Archiving IPS Events Using Cisco IME

  • recognize how to use Cisco IME tools to investigate event details
  • recognize the ways you can manage database events in the Cisco IME’s database
  • IME Reporting and Cisco Security Management Suite

  • identify features of Cisco IME reporting
  • identify ways to modify e-mail notifications in Cisco IME
  • identify the benefits of Cisco Security Manager
  • recognize how to initialize IPS Sensors for Cisco Security Manager
  • Configuring Integration with Cisco Security MARS

  • identify how to initialize IPS devices for Cisco Security MARS
  • recognize the prerequisites to Cisco Security Manager and MARS cross-launch capability
  • Using Cisco Security Intelligence Operations

  • identify Cisco SIO features
  • Using the Cisco IntelliShield Alert Manager Service I

  • describe Cisco IntelliShield Alert Manager features
  • describe Cisco IntelliShield Alert Manager Service components
  • Using the Cisco IntelliShield Alert Manager Service II

  • recognize how to add IntelliShield Alert Manager product sets
  • recognize how to create a notification in the Cisco IntelliShield Alert Manager Service