Description

This course describes the engine architecture found in the Cisco Intrusion Prevention System (IPS) sensors. It introduces each engine category and briefly describes each engine. You can use the information in this course to better understand individual signatures when tuning them, and when creating custom signatures.
Anomaly detection is also introduced in this course. The anomaly detection component of the Cisco Intrusion Prevention System (IPS) Sensor Software detects known and yet-unknown network treats and can take appropriate preventive actions to prevent their spreading in the network. Anomaly detection enables the sensor to be less dependent on signature updates by letting the Cisco IPS sensor learn normal activity, send alerts, and take dynamic response actions for behavior that deviates from what it has learned as normal behavior. In this course, you will learn to deploy and troubleshoot the anomaly detection functionality of the Cisco IPS sensor.