Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 5.1) - Index [Cisco Services Modules]

Table Of Contents

Symbols - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X - Z

Index

Symbols

# (number sign) 11-5

* (wildcard) 3-9, 5-8, 11-5

A

AAA

accounting 4-17

authentication 4-7

authorization 4-14

configuring 4-4

aaa accounting command 4-17

aaa authentication command 4-7

aaa authorization command 4-14

accounting, configuring 4-17

action command 7-28

action flow 11-9

add-service command 7-14

admin privilege level 3-2

always-accept 7-29

always-ignore 7-30

analysis detection level 7-16

anomaly

detected 11-3

flow 11-5

anomaly detection engine memory usage 12-34, 12-36

AP

booting to 2-13

clearing configuration 13-23

clearing passwords 13-23, 13-24

upgrading 13-14

upgrading, inline 13-19

application partition

See AP

arp command 12-37

attack report

copying 11-10

detected anomalies 11-3

exporting 11-9, 11-10

exporting automatically 11-10

layout 11-2

notify 11-5

statistics 11-3

timing 11-2

viewing 11-6

attack reports

exporting 13-9

attack type

detected attack 11-7

authentication, configuring 4-7

authorization

disabling zone command completion 4-16, 5-10

authorization, configuring 4-11, 4-12

auth packet types 7-16

automatic detect mode 1-5, 9-3

automatic protection mode 9-3

B

banner

configuring login 4-44

Berkley Packet filter 6-12

boot command 2-13

burn flash 13-22

bypass filter

command 6-17

configuring 6-16

definition 1-6, 6-2

deleting 6-19

displaying 6-18

C

capture, packets 12-17

caution

symbol overview xxvii

CFE 13-15, 13-21, 13-22

clear ap config command 13-23

clear ap password command 13-23, 13-24

clear counters command 3-12, 12-6

clear log command 12-13

CLI

changing prompt 4-36

command shortcuts 3-9

error messages 3-7

getting help 3-8

issuing commands 3-5

TAB completion 3-8

using 3-2

command completion 4-16

command line interface

See CLI 3-2

command shortcuts 3-9

config privilege level 3-2

configuration

file

copying 13-3

exporting 13-4

importing 13-6

viewing 12-2

importing 13-6

saving supervisor engine 2-1

configuration, accessing command mode 4-15

configuration mode 3-3

configure command 3-10

constructing policies 8-5

copy command

packet-dump 12-21

copy commands

ftp running-config 13-6

log 12-9, 12-11

reports 11-10

running-config 5-23, 13-4

zone log 12-11

copy-from-this 5-8

copy guard-running-config command 5-22, 5-25

copy login-banner command 4-45

copy-policies command 8-25

copy wbm-logo command 4-47

counters

clearing 3-12, 12-6

history 12-4

counters, viewing 12-4

cpu utilization 12-34

D

DDoS

overview 1-2

deactivate command 8-9, 9-5

deactivating commands

commands, dedactivating 3-6

default configuration, returning to 13-23

default-gateway command 3-12

description command 5-10

detect

automatic mode 1-5, 9-3

interactive mode 1-5, 9-3

detect command 9-5

detected

anomalies 11-3

flow 11-9

detected attack 11-7

detection level

analysis 7-16

detect learning command 8-9

DETECTOR_DEFAULT 5-3

DETECTOR_WORM 5-3

diff command 8-21, 8-22

disable command 7-11

disabling

automatic export 13-10

distributed denial of service

See DDoS

DNS

detected anomalies 11-3

TCP policy templates 7-5

tcp protocol flow 11-7

dst-ip-by-ip activation form 9-4, 9-8

dst-ip-by-name activation form 9-3

dst traffic characteristics 7-18

Dynamic filter

command 9-12

dynamic filter

1000 and more 6-21

command 6-24, 6-25

definition 1-7

deleting 6-25

displaying 6-20

displaying events 12-10

overview 6-2, 6-20

preventing production of 6-25

sorting 6-20

worm 7-33

dynamic privilege level 3-2

E

enable

command 4-13, 7-11

password command 4-12

enabling services 4-3

entire-zone activation form 9-3

even log

deactivating 12-8

event log

activating 12-8

event monitor command 12-8

export

disabling automatic 13-10

export command 13-9

packet-dump 12-20

reports 11-10

exporting

configuration file 13-4

log file 12-11

reports automatically 11-10

exporting GUARD configuration 5-22, 5-25

export sync-config command 5-24

extracting signatures 12-27

F

facility 12-9

file server

configuring 13-2

file-server

command 5-24, 13-2

configuring 13-2

deleting 13-3

displaying 13-3, 13-11

displaying sync-config 5-25, 13-10

file server, displaying sync-config 13-11

filters

bypass 1-6, 6-16

dynamic 1-7, 6-2, 6-20

flex-content 1-6, 6-3

overview 6-2

first-hit 4-21

fixed-threshold 7-23

flash-burn command 13-22

flex-content filter

configuring 6-4

definition 1-6, 6-2

displaying 6-14

filtering criteria 6-4

renumbering 6-5

fragments 11-7

detected anomalies 11-3

policy template 7-5

G

generating signatures 12-27

global mode 3-3

global traffic characteristics 7-18

Guard

configuration mode 3-4

exporting configuration 13-9

GUARD_DEFAULT 5-4

GUARD_LINK 5-4, 5-5

GUARD_TCP_NO_PROXY 5-5

GUARD_ zone template

policy templates included with zone templates 7-6

guard-conf command 5-14

GUARD configuration, exporting 5-22, 5-25

GUARD configuration, importing 5-23

Guard-protection activation methods 9-3

H

histogram command 7-32

host, logging 12-10

host keys

deleting 4-27, 4-28

hostname

changing 4-36

command 4-36

HTTP

detected anomalies 11-3

policy template 7-5

hw-module command 13-14, 13-15, 13-17, 13-20, 13-24

hw-module commands 2-12

hybrid 11-7

I

idle session, configuring timeout 4-49

idle session, displaying timeout 4-49

importing

configuration 13-6

importing GUARD configuration 5-23

inline upgrade 13-19

in packet types 7-17

installation

verifying 2-2

interactive

operation mode 10-5

policy status 7-30

interactive detect mode 1-5, 9-3

interactive protection mode 9-3

interactive-status command 7-29

interface

activating 3-10, 3-11

clearing couters 3-12

command 3-11

configuration mode 3-3

configuring IP address 3-11

ip address

modifying, zone 5-12

IP address command

excluding 5-11

ip address command

deleting 5-12

interface 3-11

zone 5-11

ip route command 3-13

IP scan 11-7

detected anomalies 11-3

policy template 7-5

IP threshold configuration 7-26

K

key command

add 4-29, 4-32

generate 4-29, 4-35

remove 4-33

key publish command 4-29, 4-30

L

learning

command 8-7, 8-11

constructing policies 8-5

overview 8-2

policy-construction command 8-6

synchronizing results 8-4

terminating process 8-7, 8-11

threshold-tuning command 8-9

tuning thresholds 8-8

learning accept command 8-7, 8-10

learning parameters, displaying 8-13

learning params

threshold-selection command 8-15

learning-params

deactivating periodic action 8-10

deactivating periodic-action command 8-7

periodic-action command 5-17, 8-7, 8-10, 8-13

threshold-multiplier command 7-24

threshold-selection command 8-10

threshold-tuned command 5-12, 8-16

learning-params command 5-16, 5-24

learning-params fixed-threshold command 7-23

LINK templates 8-6

log file

clearing 12-13

exporting 12-8, 12-11

viewing 12-11

logging, viewing configuration 12-10

logging command 12-9

login banner

configuring 4-44

deleting 4-46

importing 4-45

login-banner command 4-44

logo, adding WBM 4-47

logo, deleting WBM 4-49

M

maintenance partition

See MP

management

overview 3-14

port 2-3, 3-10, 3-11

SSH 3-16

VLAN 2-3

WBM 3-15

max-services command 7-9

memory consumption 12-33

memory usage, anomaly detection engine 12-34, 12-36

MIB, supported 4-2

min-threshold command 7-10

monitoring

network traffic 12-20, 12-21

MP

booting to 2-13

upgrading 13-16

upgrading, inline 13-19

mtu command 3-11

N

netstat command 12-40

network server

configuring 13-2

deleting 13-3

displaying 13-3, 13-11

displaying sync-config 5-25, 13-10

network server, displaying sync-config 13-11

no learning command 8-7, 8-11

non_estb_conns packet type 7-17

no proxy policy templates 7-7

note

symbol overview xxvii

notify 11-5

notify policy action 7-28

ns policy templates 7-7

O

other protocols

detected anomalies 11-3

policy template 7-5

out_pkts packet types 7-17

P

packet-dump

auto-capture command 12-16

automatic

activating 12-15

deactivating 12-17

displaying settings 12-17

exporting 12-20, 12-21, 13-9

signatures 12-28

packet-dump command 12-17

packets, capturing 12-17

password

changing 4-9

enabling 4-12

encrypted 4-9

recovering 13-23, 13-24

password, recovering 13-24

pending dynamic filters 10-2

displaying 10-4, 10-8

periodic action

accepting policies automatically 8-10

acepting policies automatically 8-7

deactivating 8-7, 8-10

permit

command 3-15, 3-16, 4-3

permit ssh command 4-28

ping command 12-45

pkts packet type 7-17

policy

action 7-19, 7-28

activating 7-20

adding services 7-13

backing up current 7-39, 8-20, 8-26

command 7-19

configuration mode 3-4

constructing 1-5, 7-4, 8-3, 8-5

copying parameters 8-25

copy-policies 8-25

deleting services 7-15

disabling 7-20

inactivating 7-20

learning-params, fixed-threshold command 7-23

marking as tuned 5-12, 8-16

marking threshold as fixed 7-23

multiplying thresholds 7-25

navigating path 7-19

packet types 7-16

show statistics 7-36

state 7-20

structure 7-2

threshold 7-4, 7-19, 7-22

threshold-list command 7-26

timeout 7-19, 7-27

traffic characteristics 7-18

tuning thresholds 1-5, 7-4, 8-3, 8-8

using wildcards 7-20, 7-34, 7-37

viewing statistics 8-12

policy set-timeout command 7-27

policy template

command 7-7, 7-8, 7-11

configuration command level 7-8

configuration mode 3-4

displaying list 7-7

Guard policy templates for synchronization 7-6

max-services 7-9

min-threshold 7-10

overview 7-4, 7-12

parameters 7-8

state 7-10

worm_tcp 7-8

policy-template add-service command 7-14

policy-template remove service command 7-15

policy-type activation form 9-4

port

data 3-10, 3-11

management 3-10, 3-11

port scan 11-7

detected anomalies 11-3

policy template 7-5

power enable command 2-13

privilege levels 3-2

assigning passwords 4-12

moving between 4-13

protect

activation methods 9-3

deactivating 9-5

protect command 9-5

protection-end-timer 9-9, 9-11

protect-ip-state command 9-4

protocol traffic characteristics 7-18

proxy

no proxy policy templates 7-7

public-key

displaying 4-34

R

rates

history 12-4

rates, viewing 12-4

reactivate-zones 13-11

rebooting

parameters 13-11

recommendations

accepting 10-10

activating 10-5, 10-9

change decision 7-29

command 10-9

deactivating 10-4, 10-12

displaying 10-2

ignoring 10-10

overview 10-2

receiving notification 10-2

viewing 10-5

viewing pending-filters 10-4, 10-8

reload command 13-11

remote-activate policy action 7-28

remote Guard

activating 6-23

terminating protection 9-9, 9-11

remote-guard command 9-9, 9-10

remote Guard list

displaying 9-10

remote Guards

activating 9-6

default list 9-9

list 9-10

list activation order 9-10

remove service command 7-15

renumbering flex-content filters 6-5

report

See attack report 11-2

reports

details 11-6

exporting 13-9

reqs packet type 7-17

reset command 2-12

router configuration mode 3-3

routing table

manipulation 3-13

viewing 3-14

running-config

copy 5-23, 13-4, 13-6

show 12-2

S

scanners traffic characteristics 7-18

service

adding 7-13

command 3-15, 4-3

copy 8-24

deleting 7-15

permissions 4-3

snmp-trap 4-36

wbm 3-15

services

enabling 4-3

session, configuring timeout 4-49

session, displaying idle timeout 4-49

session timeout, disableling 4-49

session-timeout command 4-49

set-action 7-28

show commands

counters 12-4

cpu 12-34

diagnostic-info 12-32

dynamic-filters 6-20

file-servers 13-3, 13-11

flex-content-filter 6-14

host-keys 4-28, 4-32

learning parameters 8-13

learning-params 7-23

log 12-11

log export-ip 12-10

logging 12-10

login-banner 4-44

memory 12-34

module 2-2, 13-14, 13-17

packet-dump 12-17

packet-dump signatures 12-28

policies 7-34

policies statistics 7-36, 8-12

public-key 4-32, 4-34

rates 12-4

recommendations 10-6, 10-7

recommendations pending-filters 10-4, 10-8

remote-guards 9-10

reports details 11-6

running-config 12-2

show 12-4

sorting dynamic-filters 6-20

sync-config 5-25

sync-config file-servers 5-25, 13-10, 13-11

templates 5-8

zone policies 7-34

show privilege level 3-2

show public-key command 4-35

shutdown command 3-11

signature

generating 12-27

snapshot

backing up policies 7-39, 8-20, 8-26

command 8-20

comparing 8-21

deleting 8-24

displaying 8-23

saving 8-20, 8-21

snapshot command 8-19

snapshots

save periodically 8-13

SNMP

accessing 4-2

configuring trap generator 4-36

traps description 4-38

snmp commands

community 4-43

trap-dest 4-36

SPAN, configuring 2-8

specific IP threshold 7-26

src traffic characteristics 7-18

SSH

configuring 3-16

deleting keys 4-33

generating key 4-29, 4-35

host key 4-31

service 3-16

viewing public key 4-32

ssh key, publishing 4-30

state command 7-20

static route

adding 3-13

supervisor engine

booting 2-13

configuring 2-1

powering off 2-13

resetting 2-12

saving configuration 2-1

shutting down 2-12

verifying configuration 2-14

supervisor module

supported versions 13-12

syn_by_fin packet type 7-17

sync command 5-19, 5-20

syncronization

exporting configuration 13-9

syns packet type 7-17

syslog

configuring export parameters 12-9

configuring server 12-10

message format 12-9

system log

message format 12-9

T

TACACS+

authentication

key generate command 4-25

key publish command 4-29

clearing statistics 4-22

configuring search 4-20

configuring server 4-18

server connection timeout 4-21

server encryption key 4-20

server IP address 4-19

viewing statistics 4-22

tacacs-server commands

clear statistics 4-22

first-hit 4-18, 4-21

host 4-18, 4-19

key 4-18, 4-20

show statistics 4-22

timeout 4-19, 4-21

TCP

detected anomalies 11-3, 11-7

no proxy policy templates 7-7

policy templates 7-5

templates

LINK 8-6

viewing policies 5-8

zone 5-3

thresh-mult 7-25

threshold

command 7-22

configuring IP threshold 7-26

configuring list 7-26

configuring specific IP 7-26

marking as tuned 5-12, 8-16

multiplying before accepting 7-24

selection 8-20

setting as fixed 7-22

tuning 1-5, 8-3

worm 7-31

threshold-list command 7-26

threshold selection 8-10

threshold tuning

save results periodically 8-13

timeout command 7-27

timeout session, configuring 4-49

timeout session, disabling 4-49

timesaver

symbol overview xxvii

tip

symbol overview xxvii

traceroute command 12-43

traffic

monitoring 12-20, 12-21

traffic sources

capturing 2-4

configuring 2-4

SPAN 2-4

VACL 2-4

trap 12-9

trap-dest 4-36

tuning policy thresholds 8-8

U

UDP

detected anomalies 11-4

policy templates 7-6

unauth_pkts packet type 7-17

unauthenticated TCP detected anomalies 11-4

upgrade command 13-24

upgrading

AP 13-14

inline 13-19

MP 13-16

user

detected anomalies 11-4

user filter

command 6-5

username

encrypted password 4-9

username command 4-8

users

adding 4-8

adding new 4-8

assigning privilege levels 4-7

deleting 4-10

privilege levels 3-2, 4-12

system users

admin 2-11

riverhead 2-11

username command 4-8

V

VACL, configuring 2-5

version, upgrading 13-24

W

WBM

activating 3-15

WBM logo

adding 4-47

deleting 4-49

worm

dynamic filter 7-33

identifying attack 7-33

overview 7-30

policy 7-17, 7-18

policy templates 7-6, 7-32

thresholds 7-31, 7-32

worm_tcp policy template 7-8

X

XML schema11-10to 11-13, 12-20, 13-9

Z

zone

clearing counters 12-6

command 5-6, 5-8, 10-5

command completion 4-16, 5-10

comparing 8-22

configuration mode 3-4, 5-9

copying 5-8

creating 5-6

defining IP address 5-11

definition 1-3

deleting 5-8

deleting IP address 5-12

detecting 9-1

duplicating 5-8

excluding IP address 5-11

exporting configuration 5-24

IP address 5-11

learning 8-2

LINK templates 8-6

modifying IP address 5-12

operation mode 5-7

reconfiguring 5-9

synchronize configuration 5-12

synchronizing automatically 5-16

synchronizing offline 5-21

templates 5-3

viewing configuration 5-10

viewing policies 7-34

viewing status 12-3

zone policy

marking as tuned 5-12, 8-16

	Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 5.1)
	Index
Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 5.1) Index Preface Product Overview Configuring the Detector Module on the Supervisor Engine Initializing the Detector Module Configuring the Detector Module Configuring Zones Configuring Zone Filters Configuring Policy Templates and Policies Learning the Zone Traffic Characteristics Detecting Zone Traffic Anomalies Using Interactive Detect Mode Understanding Attack Reports Using Detector Module Diagnostics Tools Performing Maintenance Tasks	Download this chapter Index Download the complete book Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 5.1), Book-Length PDF (PDF - 3 MB) Table Of Contents Symbols - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X - Z Index Symbols # (number sign) 11-5 * (wildcard) 3-9, 5-8, 11-5 A AAA accounting 4-17 authentication 4-7 authorization 4-14 configuring 4-4 aaa accounting command 4-17 aaa authentication command 4-7 aaa authorization command 4-14 accounting, configuring 4-17 action command 7-28 action flow 11-9 add-service command 7-14 admin privilege level 3-2 always-accept 7-29 always-ignore 7-30 analysis detection level 7-16 anomaly detected 11-3 flow 11-5 anomaly detection engine memory usage 12-34, 12-36 AP booting to 2-13 clearing configuration 13-23 clearing passwords 13-23, 13-24 upgrading 13-14 upgrading, inline 13-19 application partition See AP arp command 12-37 attack report copying 11-10 detected anomalies 11-3 exporting 11-9, 11-10 exporting automatically 11-10 layout 11-2 notify 11-5 statistics 11-3 timing 11-2 viewing 11-6 attack reports exporting 13-9 attack type detected attack 11-7 authentication, configuring 4-7 authorization disabling zone command completion 4-16, 5-10 authorization, configuring 4-11, 4-12 auth packet types 7-16 automatic detect mode 1-5, 9-3 automatic protection mode 9-3 B banner configuring login 4-44 Berkley Packet filter 6-12 boot command 2-13 burn flash 13-22 bypass filter command 6-17 configuring 6-16 definition 1-6, 6-2 deleting 6-19 displaying 6-18 C capture, packets 12-17 caution symbol overview xxvii CFE 13-15, 13-21, 13-22 clear ap config command 13-23 clear ap password command 13-23, 13-24 clear counters command 3-12, 12-6 clear log command 12-13 CLI changing prompt 4-36 command shortcuts 3-9 error messages 3-7 getting help 3-8 issuing commands 3-5 TAB completion 3-8 using 3-2 command completion 4-16 command line interface See CLI 3-2 command shortcuts 3-9 config privilege level 3-2 configuration file copying 13-3 exporting 13-4 importing 13-6 viewing 12-2 importing 13-6 saving supervisor engine 2-1 configuration, accessing command mode 4-15 configuration mode 3-3 configure command 3-10 constructing policies 8-5 copy command packet-dump 12-21 copy commands ftp running-config 13-6 log 12-9, 12-11 reports 11-10 running-config 5-23, 13-4 zone log 12-11 copy-from-this 5-8 copy guard-running-config command 5-22, 5-25 copy login-banner command 4-45 copy-policies command 8-25 copy wbm-logo command 4-47 counters clearing 3-12, 12-6 history 12-4 counters, viewing 12-4 cpu utilization 12-34 D DDoS overview 1-2 deactivate command 8-9, 9-5 deactivating commands commands, dedactivating 3-6 default configuration, returning to 13-23 default-gateway command 3-12 description command 5-10 detect automatic mode 1-5, 9-3 interactive mode 1-5, 9-3 detect command 9-5 detected anomalies 11-3 flow 11-9 detected attack 11-7 detection level analysis 7-16 detect learning command 8-9 DETECTOR_DEFAULT 5-3 DETECTOR_WORM 5-3 diff command 8-21, 8-22 disable command 7-11 disabling automatic export 13-10 distributed denial of service See DDoS DNS detected anomalies 11-3 TCP policy templates 7-5 tcp protocol flow 11-7 dst-ip-by-ip activation form 9-4, 9-8 dst-ip-by-name activation form 9-3 dst traffic characteristics 7-18 Dynamic filter command 9-12 dynamic filter 1000 and more 6-21 command 6-24, 6-25 definition 1-7 deleting 6-25 displaying 6-20 displaying events 12-10 overview 6-2, 6-20 preventing production of 6-25 sorting 6-20 worm 7-33 dynamic privilege level 3-2 E enable command 4-13, 7-11 password command 4-12 enabling services 4-3 entire-zone activation form 9-3 even log deactivating 12-8 event log activating 12-8 event monitor command 12-8 export disabling automatic 13-10 export command 13-9 packet-dump 12-20 reports 11-10 exporting configuration file 13-4 log file 12-11 reports automatically 11-10 exporting GUARD configuration 5-22, 5-25 export sync-config command 5-24 extracting signatures 12-27 F facility 12-9 file server configuring 13-2 file-server command 5-24, 13-2 configuring 13-2 deleting 13-3 displaying 13-3, 13-11 displaying sync-config 5-25, 13-10 file server, displaying sync-config 13-11 filters bypass 1-6, 6-16 dynamic 1-7, 6-2, 6-20 flex-content 1-6, 6-3 overview 6-2 first-hit 4-21 fixed-threshold 7-23 flash-burn command 13-22 flex-content filter configuring 6-4 definition 1-6, 6-2 displaying 6-14 filtering criteria 6-4 renumbering 6-5 fragments 11-7 detected anomalies 11-3 policy template 7-5 G generating signatures 12-27 global mode 3-3 global traffic characteristics 7-18 Guard configuration mode 3-4 exporting configuration 13-9 GUARD_DEFAULT 5-4 GUARD_LINK 5-4, 5-5 GUARD_TCP_NO_PROXY 5-5 GUARD_ zone template policy templates included with zone templates 7-6 guard-conf command 5-14 GUARD configuration, exporting 5-22, 5-25 GUARD configuration, importing 5-23 Guard-protection activation methods 9-3 H histogram command 7-32 host, logging 12-10 host keys deleting 4-27, 4-28 hostname changing 4-36 command 4-36 HTTP detected anomalies 11-3 policy template 7-5 hw-module command 13-14, 13-15, 13-17, 13-20, 13-24 hw-module commands 2-12 hybrid 11-7 I idle session, configuring timeout 4-49 idle session, displaying timeout 4-49 importing configuration 13-6 importing GUARD configuration 5-23 inline upgrade 13-19 in packet types 7-17 installation verifying 2-2 interactive operation mode 10-5 policy status 7-30 interactive detect mode 1-5, 9-3 interactive protection mode 9-3 interactive-status command 7-29 interface activating 3-10, 3-11 clearing couters 3-12 command 3-11 configuration mode 3-3 configuring IP address 3-11 ip address modifying, zone 5-12 IP address command excluding 5-11 ip address command deleting 5-12 interface 3-11 zone 5-11 ip route command 3-13 IP scan 11-7 detected anomalies 11-3 policy template 7-5 IP threshold configuration 7-26 K key command add 4-29, 4-32 generate 4-29, 4-35 remove 4-33 key publish command 4-29, 4-30 L learning command 8-7, 8-11 constructing policies 8-5 overview 8-2 policy-construction command 8-6 synchronizing results 8-4 terminating process 8-7, 8-11 threshold-tuning command 8-9 tuning thresholds 8-8 learning accept command 8-7, 8-10 learning parameters, displaying 8-13 learning params threshold-selection command 8-15 learning-params deactivating periodic action 8-10 deactivating periodic-action command 8-7 periodic-action command 5-17, 8-7, 8-10, 8-13 threshold-multiplier command 7-24 threshold-selection command 8-10 threshold-tuned command 5-12, 8-16 learning-params command 5-16, 5-24 learning-params fixed-threshold command 7-23 LINK templates 8-6 log file clearing 12-13 exporting 12-8, 12-11 viewing 12-11 logging, viewing configuration 12-10 logging command 12-9 login banner configuring 4-44 deleting 4-46 importing 4-45 login-banner command 4-44 logo, adding WBM 4-47 logo, deleting WBM 4-49 M maintenance partition See MP management overview 3-14 port 2-3, 3-10, 3-11 SSH 3-16 VLAN 2-3 WBM 3-15 max-services command 7-9 memory consumption 12-33 memory usage, anomaly detection engine 12-34, 12-36 MIB, supported 4-2 min-threshold command 7-10 monitoring network traffic 12-20, 12-21 MP booting to 2-13 upgrading 13-16 upgrading, inline 13-19 mtu command 3-11 N netstat command 12-40 network server configuring 13-2 deleting 13-3 displaying 13-3, 13-11 displaying sync-config 5-25, 13-10 network server, displaying sync-config 13-11 no learning command 8-7, 8-11 non_estb_conns packet type 7-17 no proxy policy templates 7-7 note symbol overview xxvii notify 11-5 notify policy action 7-28 ns policy templates 7-7 O other protocols detected anomalies 11-3 policy template 7-5 out_pkts packet types 7-17 P packet-dump auto-capture command 12-16 automatic activating 12-15 deactivating 12-17 displaying settings 12-17 exporting 12-20, 12-21, 13-9 signatures 12-28 packet-dump command 12-17 packets, capturing 12-17 password changing 4-9 enabling 4-12 encrypted 4-9 recovering 13-23, 13-24 password, recovering 13-24 pending dynamic filters 10-2 displaying 10-4, 10-8 periodic action accepting policies automatically 8-10 acepting policies automatically 8-7 deactivating 8-7, 8-10 permit command 3-15, 3-16, 4-3 permit ssh command 4-28 ping command 12-45 pkts packet type 7-17 policy action 7-19, 7-28 activating 7-20 adding services 7-13 backing up current 7-39, 8-20, 8-26 command 7-19 configuration mode 3-4 constructing 1-5, 7-4, 8-3, 8-5 copying parameters 8-25 copy-policies 8-25 deleting services 7-15 disabling 7-20 inactivating 7-20 learning-params, fixed-threshold command 7-23 marking as tuned 5-12, 8-16 marking threshold as fixed 7-23 multiplying thresholds 7-25 navigating path 7-19 packet types 7-16 show statistics 7-36 state 7-20 structure 7-2 threshold 7-4, 7-19, 7-22 threshold-list command 7-26 timeout 7-19, 7-27 traffic characteristics 7-18 tuning thresholds 1-5, 7-4, 8-3, 8-8 using wildcards 7-20, 7-34, 7-37 viewing statistics 8-12 policy set-timeout command 7-27 policy template command 7-7, 7-8, 7-11 configuration command level 7-8 configuration mode 3-4 displaying list 7-7 Guard policy templates for synchronization 7-6 max-services 7-9 min-threshold 7-10 overview 7-4, 7-12 parameters 7-8 state 7-10 worm_tcp 7-8 policy-template add-service command 7-14 policy-template remove service command 7-15 policy-type activation form 9-4 port data 3-10, 3-11 management 3-10, 3-11 port scan 11-7 detected anomalies 11-3 policy template 7-5 power enable command 2-13 privilege levels 3-2 assigning passwords 4-12 moving between 4-13 protect activation methods 9-3 deactivating 9-5 protect command 9-5 protection-end-timer 9-9, 9-11 protect-ip-state command 9-4 protocol traffic characteristics 7-18 proxy no proxy policy templates 7-7 public-key displaying 4-34 R rates history 12-4 rates, viewing 12-4 reactivate-zones 13-11 rebooting parameters 13-11 recommendations accepting 10-10 activating 10-5, 10-9 change decision 7-29 command 10-9 deactivating 10-4, 10-12 displaying 10-2 ignoring 10-10 overview 10-2 receiving notification 10-2 viewing 10-5 viewing pending-filters 10-4, 10-8 reload command 13-11 remote-activate policy action 7-28 remote Guard activating 6-23 terminating protection 9-9, 9-11 remote-guard command 9-9, 9-10 remote Guard list displaying 9-10 remote Guards activating 9-6 default list 9-9 list 9-10 list activation order 9-10 remove service command 7-15 renumbering flex-content filters 6-5 report See attack report 11-2 reports details 11-6 exporting 13-9 reqs packet type 7-17 reset command 2-12 router configuration mode 3-3 routing table manipulation 3-13 viewing 3-14 running-config copy 5-23, 13-4, 13-6 show 12-2 S scanners traffic characteristics 7-18 service adding 7-13 command 3-15, 4-3 copy 8-24 deleting 7-15 permissions 4-3 snmp-trap 4-36 wbm 3-15 services enabling 4-3 session, configuring timeout 4-49 session, displaying idle timeout 4-49 session timeout, disableling 4-49 session-timeout command 4-49 set-action 7-28 show commands counters 12-4 cpu 12-34 diagnostic-info 12-32 dynamic-filters 6-20 file-servers 13-3, 13-11 flex-content-filter 6-14 host-keys 4-28, 4-32 learning parameters 8-13 learning-params 7-23 log 12-11 log export-ip 12-10 logging 12-10 login-banner 4-44 memory 12-34 module 2-2, 13-14, 13-17 packet-dump 12-17 packet-dump signatures 12-28 policies 7-34 policies statistics 7-36, 8-12 public-key 4-32, 4-34 rates 12-4 recommendations 10-6, 10-7 recommendations pending-filters 10-4, 10-8 remote-guards 9-10 reports details 11-6 running-config 12-2 show 12-4 sorting dynamic-filters 6-20 sync-config 5-25 sync-config file-servers 5-25, 13-10, 13-11 templates 5-8 zone policies 7-34 show privilege level 3-2 show public-key command 4-35 shutdown command 3-11 signature generating 12-27 snapshot backing up policies 7-39, 8-20, 8-26 command 8-20 comparing 8-21 deleting 8-24 displaying 8-23 saving 8-20, 8-21 snapshot command 8-19 snapshots save periodically 8-13 SNMP accessing 4-2 configuring trap generator 4-36 traps description 4-38 snmp commands community 4-43 trap-dest 4-36 SPAN, configuring 2-8 specific IP threshold 7-26 src traffic characteristics 7-18 SSH configuring 3-16 deleting keys 4-33 generating key 4-29, 4-35 host key 4-31 service 3-16 viewing public key 4-32 ssh key, publishing 4-30 state command 7-20 static route adding 3-13 supervisor engine booting 2-13 configuring 2-1 powering off 2-13 resetting 2-12 saving configuration 2-1 shutting down 2-12 verifying configuration 2-14 supervisor module supported versions 13-12 syn_by_fin packet type 7-17 sync command 5-19, 5-20 syncronization exporting configuration 13-9 syns packet type 7-17 syslog configuring export parameters 12-9 configuring server 12-10 message format 12-9 system log message format 12-9 T TACACS+ authentication key generate command 4-25 key publish command 4-29 clearing statistics 4-22 configuring search 4-20 configuring server 4-18 server connection timeout 4-21 server encryption key 4-20 server IP address 4-19 viewing statistics 4-22 tacacs-server commands clear statistics 4-22 first-hit 4-18, 4-21 host 4-18, 4-19 key 4-18, 4-20 show statistics 4-22 timeout 4-19, 4-21 TCP detected anomalies 11-3, 11-7 no proxy policy templates 7-7 policy templates 7-5 templates LINK 8-6 viewing policies 5-8 zone 5-3 thresh-mult 7-25 threshold command 7-22 configuring IP threshold 7-26 configuring list 7-26 configuring specific IP 7-26 marking as tuned 5-12, 8-16 multiplying before accepting 7-24 selection 8-20 setting as fixed 7-22 tuning 1-5, 8-3 worm 7-31 threshold-list command 7-26 threshold selection 8-10 threshold tuning save results periodically 8-13 timeout command 7-27 timeout session, configuring 4-49 timeout session, disabling 4-49 timesaver symbol overview xxvii tip symbol overview xxvii traceroute command 12-43 traffic monitoring 12-20, 12-21 traffic sources capturing 2-4 configuring 2-4 SPAN 2-4 VACL 2-4 trap 12-9 trap-dest 4-36 tuning policy thresholds 8-8 U UDP detected anomalies 11-4 policy templates 7-6 unauth_pkts packet type 7-17 unauthenticated TCP detected anomalies 11-4 upgrade command 13-24 upgrading AP 13-14 inline 13-19 MP 13-16 user detected anomalies 11-4 user filter command 6-5 username encrypted password 4-9 username command 4-8 users adding 4-8 adding new 4-8 assigning privilege levels 4-7 deleting 4-10 privilege levels 3-2, 4-12 system users admin 2-11 riverhead 2-11 username command 4-8 V VACL, configuring 2-5 version, upgrading 13-24 W WBM activating 3-15 WBM logo adding 4-47 deleting 4-49 worm dynamic filter 7-33 identifying attack 7-33 overview 7-30 policy 7-17, 7-18 policy templates 7-6, 7-32 thresholds 7-31, 7-32 worm_tcp policy template 7-8 X XML schema11-10to 11-13, 12-20, 13-9 Z zone clearing counters 12-6 command 5-6, 5-8, 10-5 command completion 4-16, 5-10 comparing 8-22 configuration mode 3-4, 5-9 copying 5-8 creating 5-6 defining IP address 5-11 definition 1-3 deleting 5-8 deleting IP address 5-12 detecting 9-1 duplicating 5-8 excluding IP address 5-11 exporting configuration 5-24 IP address 5-11 learning 8-2 LINK templates 8-6 modifying IP address 5-12 operation mode 5-7 reconfiguring 5-9 synchronize configuration 5-12 synchronizing automatically 5-16 synchronizing offline 5-21 templates 5-3 viewing configuration 5-10 viewing policies 7-34 viewing status 12-3 zone policy marking as tuned 5-12, 8-16
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks