Course Details

Previous Page

Cisco SITCS 1.0: Cisco Intrusion Prevention Systems II

Target Audience
Expected Duration
Lesson Objectives
Course Number

The Cisco SensorBase correlates real-time data from more than 1.5 million devices around the world to create network reputation scores that enable Cisco IPS devices to block threats from known malicious hosts before they pass through the IPS inspection process. In this course, you'll learn how to describe some methodologies for tuning a Cisco IPS sensor to properly manage false positive and negative events, including the methods and configuration procedures to create custom signatures on a Cisco IPS sensor. In addition, you'll learn how to enable the anomaly detection functionality and the reputation-based feature on the Cisco IPS sensor. This course is one of a series in the SkillSoft learning path that covers the objectives for the Implementing Cisco Threat Control Solutions (SITCS) 1.0 (300-207 SITCS) exam.

Target Audience
This path is designed to prepare security engineers with the knowledge covering advanced firewall architecture and configuration with the Cisco next-generation firewall, utilizing access, and identity policies. It is also suitable for students interested in pursuing their Cisco Certified Network Professional Security (CCNP Security) certification.


Expected Duration (hours)

Lesson Objectives

Cisco SITCS 1.0: Cisco Intrusion Prevention Systems II

  • start the course
  • describe false negative and false positive events
  • describe Cisco IPS tuning approaches
  • tune Cisco IPS to reduce false positives
  • reduce false positives by narrowing the search context and the header values, limiting the number of matched patterns, decreasing the attention span, and increasing the number of events
  • tune Cisco IPS to reduce false negatives
  • reduce false negatives by using IP reassembly, TCP reassembly, and deobfuscation
  • provide an overview of custom signatures
  • describe the configuration and procedure options in the Custom Signature wizard
  • describe the principles behind anomaly detection
  • describe scanners and histograms
  • describe anomaly detection and actions
  • describe an anomaly detection scenario
  • describe the anomaly detection configuration procedure
  • describe how to verify the operational mode and statistics of anomaly detection
  • describe the traffic processing flow in the IPS sensor Global Correlation and Reputation Filter active
  • describe global correlation operations
  • describe how the IPS sensors send information to Cisco SensorBase using network participation
  • describe the global correlation inspection configurations
  • verify Global Correlation and Reputation Filter operations
  • understanding Cisco Intrusion Prevention Systems
  • Course Number: