Glossary
GL-13
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
RSM
Router Switch Module. A router module that is installed in a Catalyst 5000 switch. It functions exactly
like a standalone router.
RTP
Real-Time Transport Protocol. Commonly used with IP networks. RTP is designed to provide
end-to-end network transport functions for applications transmitting real-time data, such as audio,
video, or simulation data, over multicast or unicast network services. RTP provides such services as
payload type identification, sequence numbering, timestamping, and delivery monitoring to real-time
applications.
S
SAP
Signature Analysis Processor. Dispatches packets to the inspectors that are not stream-based and that
are configured for interest in the packet in process.
SCEP
Simple Certificate Enrollment Protocol. The Cisco Systems PKI communication protocol that
leverages existing technology by using PKCS#7 and PKCS#10. SCEP is the evolution of the enrollment
protocol.
SDEE
Security Device Event Exchange. A product-independent standard for communicating security device
events. It is an enhancement to RDEP. It adds extensibility features that are needed for communicating
events generated by various types of security devices.
SDP
Slave Dispatch Processor.
Secure Shell
Protocol
Protocol that provides a secure remote connection to a router through a Transmission Control Protocol
(TCP) application.
SEAF
signature event action filter. Subtracts actions based on the signature event’s signature ID, addresses,
and RR. The input to the SEAF is the signature event with actions possibly added by the SEAO.
SEAH
signature event action handler. Performs the requested actions. The output from SEAH is the actions
being performed and possibly an <evIdsAlert> written to the Event Store.
SEAO
signature event action override. Adds actions based on the RR value. SEAO applies to all signatures
that fall into the range of the configured RR threshold. Each SEAO is independent and has a separate
configuration value for each action type.
SEAP
Signature Event Action Processor. Processes event actions. Event actions can be associated with an
event risk rating (RR) threshold that must be surpassed for the actions to take place.
Security Monitor
Monitoring Center for Security. Provides event collection, viewing, and reporting capability for
network devices. Used with the IDS MC.
sensing interface
The interface on the sensor that monitors the desired network segment. The sensing interface is in
promiscuous mode; it has no IP address and is not visible on the monitored segment.
sensor
The sensor is the intrusion detection engine. It analyzes network traffic searching for signs of
unauthorized activity.