Cisco IPS-4240-K9 - Intrusion Protection Sys 4240 Installation Manual page 181

Real-Time Transport Protocol. Commonly used with IP networks. RTP is designed to provide
RTP
end-to-end network transport functions for applications transmitting real-time data, such as audio,
video, or simulation data, over multicast or unicast network services. RTP provides such services as
payload type identification, sequence numbering, timestamping, and delivery monitoring to real-time
applications.
rack unit. A rack is measured in rack units. An RU is equal to 44 mm or 1.75 inches.
RU
S
Signature Analysis Processor. Dispatches packets to the inspectors that are not stream-based and that
SAP
are configured for interest in the packet in process.
Simple Certificate Enrollment Protocol. The Cisco Systems PKI communication protocol that
SCEP
leverages existing technology by using PKCS#7 and PKCS#10. SCEP is the evolution of the enrollment
protocol.
Security Device Event Exchange. A product-independent standard for communicating security device
SDEE
events. It is an enhancement to RDEP. It adds extensibility features that are needed for communicating
events generated by various types of security devices.
Slave Dispatch Processor.
SDP
Protocol that provides a secure remote connection to a router through a Transmission Control Protocol
Secure Shell
(TCP) application.
Protocol
signature event action filter. Subtracts actions based on the signature event's signature ID, addresses,
SEAF
and RR. The input to the SEAF is the signature event with actions possibly added by the SEAO.
signature event action handler. Performs the requested actions. The output from SEAH is the actions
SEAH
being performed and possibly an <evIdsAlert> written to the Event Store.
signature event action override. Adds actions based on the RR value. SEAO applies to all signatures
SEAO
that fall into the range of the configured RR threshold. Each SEAO is independent and has a separate
configuration value for each action type.
Signature Event Action Processor. Processes event actions. Event actions can be associated with an
SEAP
event risk rating (RR) threshold that must be surpassed for the actions to take place.
Monitoring Center for Security. Provides event collection, viewing, and reporting capability for
Security Monitor
network devices. Used with the IDS MC.
The interface on the sensor that monitors the desired network segment. The sensing interface is in
sensing interface
promiscuous mode; it has no IP address and is not visible on the monitored segment.
The sensor is the intrusion detection engine. It analyzes network traffic searching for signs of
sensor
unauthorized activity.
A component of the IPS. Performs packet capture and analysis. SensorApp analyzes network traffic for
SensorApp
malicious content. Packets flow through a pipeline of processors fed by a producer designed to collect
packets from the network interfaces on the sensor. Sensorapp is the standalone executable that runs
Analysis Engine.
78-16124-01
Installing Cisco Intrusion Prevention System Appliances and Modules 5.0
Glossary
GL-13