User Guide for Cisco IPS Manager 3.0 - Index [Cisco Security Manager]

Table Of Contents

A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W -

Index

A

allowed hosts

specifying 5-41

Analysis Engine

Configuring 5-101

Global Parameters 5-103

Approver (account type) 6-1

approving configurations 6-3

ASANYs_SqlCoreDB 10-3

audit log reports

task list for 11-1

automatic IP logging 5-45

B

background task status 4-11

backup

file location 10-9

blocking

by master sensors 5-30

overriding certain networks or hosts 5-19

blocking devices 5-20

blocking properties

for 4.x sensors 5-15

for 5.x sensors 5-16

overview 5-14

blocking routers

definition 3-7

C

cautions

significance of xiv

certificates 4-13

Cisco Secure Policy Manager

migrating from A-1

migration of event data from A-2

using custom signatures from A-2

using sensor configurations from A-2

Cisco Security Wheel (figure) 3-1

plink 4-10

Config Diff Tool

See Configuration Comparison Tool

configuration

file management 10-9

Configuration Comparison Tool 5-33

configuration files

copying 5-34

reviewing historical settings 5-38

reviewing pending settings 5-36

unlocking pending settings 5-37

configurations

approving 6-3

deploying 6-4

generating 6-2

configuration settings

copying 5-34

context

definition of 5-50, 5-119, 5-136

copying configuration settings 5-34

creating

report definition 11-4

D

database caution 10-1

dbServer service 10-3

default vs. built-in signature set 5-137

deploying configurations 6-4

device statistics 4-11

Director

See Unix Director

documentation

conventions xiii

related xiv

E

e-mailing

reports 11-16

event action

definition of 5-63

event action filters 5-72

event action overrides 5-68

F

false positives

definition of 5-12

file management 10-9

filters

at the group level 5-79

defined using signature categories 5-72

for a 4.x sensor 5-56

for a 5.x sensor 5-72

for an IOS IPS device 5-144

fingerprints

See SSH fingerprints

fragment reassembly

4.x sensors 5-43

5.x sensors 5-122

G

generating configuration 6-2

global settings 5-103

groups

definition of 4-1

discussion of 4-1

H

Health Monitoring

See Sensor Health Monitoring

Help Desk (account type) 6-1

I

icons

action and notification 2-1

device 2-3

lock 2-4

object selector 2-3

ICS Support 7-12

IDSM (Intrusion Detection System Module)

definition 5-1

Incident Control System Support 7-12

interface configuration for IPS 5.X Sensors 5-88

interfaces 3-6

Internal Network Identification 5-4

internal networks

identifying 5-4

Intrusion Detection System Module

See IDSM (Intrusion Detection System Module)

IOS IPS

filters 5-144

general properties 5-142

identification properties 5-129

port mapping 5-141

SDEE properties 5-143

SDFs 5-128

signatures 5-135

IOS IPS rules 5-141

J

Job Management page 6-4

L

license key

location on sever 8-10

naming convention 8-10

subscription 8-8

log files

management of 10-3

purpose of 10-3

truncating 10-3

M

master blocking sensors 5-30

specifying 5-31

N

navigation links 2-4

Network Administrator (account type) 6-1

Network Operator (account type) 6-1

Network Timing Protocol

See NTP server

NSDB 8-22

NTP server 5-4

O

Object Selector 5-2

object selector

icons 2-3

P

pending configurations 6-4

port mapping

definition 5-13

printing

reports 11-14

Progress Viewer 4-11

R

Rate limiting 5-16

RDEP v2 5-143

reassembly

4.x sensors 5-43

5.x sensors 5-122

reports

deleting 11-17

device statistics 4-11

editing parameters for 11-9

e-mailing 11-16

exporting 11-14

predefined definitions 11-2

printing 11-14

report definitions

creating 11-4

running 11-5

scheduling 11-6

viewing 11-13

workflow 11-3

report templates 11-2

S

scheduling

reports 11-6

SDEE 5-143

Secure Shell protocol

See SSH

security policies

objectives of 3-1

Security Wheel

See Cisco Security Wheel (figure)

sensor groups

See groups

Sensor health messages 7-4

Sensor health monitoring 7-1

sensors

basic settings 5-3

configuring sensing interfaces for 5-48, 5-99, 5-101

creating sensor subgroups 4-2

defining identification properties for 5-46, 5-62, 5-130

definition 5-1

deployment considerations 3-8

functionality 3-6

master blocking 5-30

placement 3-7

placement in network 3-4

placement of 3-4

sensor settings

copying from a group 4-3

sensor signatures

See signatures

sensor software

updating 8-1, 8-15

sensor version

determining from Management Center 8-7

serial number 8-8

Signature Definition Files

IOS IPS 5-128

signature release numbering 8-2

signatures

configuring general signatures 5-136

definition of 3-2, 5-6

methods of tuning 3-3, 5-12

overview 5-6

tuning by defining filters 5-57

tuning by port mapping 5-44

tuning by specifying reassembly options 5-43, 5-146

tuning for 5.x device 5-119

updating 8-1

signature settings

basic 5-3

signature updates

notification by e-mail 8-13

signature version and levels

from Management Center 8-5

signature versions

downloading updates automatically 8-15

Signature Wizard 5-55, 5-125, 5-139

SNMP settings 5-104

Software Center 8-13

SSH

definition 4-5

fingerprints 4-8

purpose 4-5

using 4-6

SSL certificates 4-13

statistics 4-11

System Administrator (account type) 6-1

T

target value ratings 5-66

tftp directory B-1

tftp server B-1

TOC 5-2

traffic flow notifications 5-99

Trend Micro ICS support 7-12

TVR

See target value ratings

U

Unix Director

migrating from A-1

migration of event data from A-2

using custom signatures from A-2

using sensor configurations from A-2

Unlocking pending configurations 5-37

updating

signatures 8-1

V

virtual sensor

definition of 5-94

editing 5-101

VLAN pairs 5-94

W

warnings

significance of xiv

	User Guide for Cisco IPS Manager 3.0
	Index
User Guide for Cisco IPS Manager 3.0 Preface Introduction Advanced User Interface Design Features Managing Sensors with IPS MC Working with Groups and Sensors Configuring Sensors and Signature Settings Generating, Approving, and Deploying Sensor Configurations Monitoring Sensor Health Using Update Files Administering the System Configuration Administering the Database Reports Moving from the Unix Director or CSPM to IPS MC Solving Common Problems in IPS MC Employing Cisco Secure ACS with IPS MC Index	Download this chapter Index Download the complete book User Guide for Cisco IPS Manager 3.0 (PDF - 3 MB) Table Of Contents A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W - Index A allowed hosts specifying 5-41 Analysis Engine Configuring 5-101 Global Parameters 5-103 Approver (account type) 6-1 approving configurations 6-3 ASANYs_SqlCoreDB 10-3 audit log reports task list for 11-1 automatic IP logging 5-45 B background task status 4-11 backup file location 10-9 blocking by master sensors 5-30 overriding certain networks or hosts 5-19 blocking devices 5-20 blocking properties for 4.x sensors 5-15 for 5.x sensors 5-16 overview 5-14 blocking routers definition 3-7 C cautions significance of xiv certificates 4-13 Cisco Secure Policy Manager migrating from A-1 migration of event data from A-2 using custom signatures from A-2 using sensor configurations from A-2 Cisco Security Wheel (figure) 3-1 plink 4-10 Config Diff Tool See Configuration Comparison Tool configuration file management 10-9 Configuration Comparison Tool 5-33 configuration files copying 5-34 reviewing historical settings 5-38 reviewing pending settings 5-36 unlocking pending settings 5-37 configurations approving 6-3 deploying 6-4 generating 6-2 configuration settings copying 5-34 context definition of 5-50, 5-119, 5-136 copying configuration settings 5-34 creating report definition 11-4 D database caution 10-1 dbServer service 10-3 default vs. built-in signature set 5-137 deploying configurations 6-4 device statistics 4-11 Director See Unix Director documentation conventions xiii related xiv E e-mailing reports 11-16 event action definition of 5-63 event action filters 5-72 event action overrides 5-68 F false positives definition of 5-12 file management 10-9 filters at the group level 5-79 defined using signature categories 5-72 for a 4.x sensor 5-56 for a 5.x sensor 5-72 for an IOS IPS device 5-144 fingerprints See SSH fingerprints fragment reassembly 4.x sensors 5-43 5.x sensors 5-122 G generating configuration 6-2 global settings 5-103 groups definition of 4-1 discussion of 4-1 H Health Monitoring See Sensor Health Monitoring Help Desk (account type) 6-1 I icons action and notification 2-1 device 2-3 lock 2-4 object selector 2-3 ICS Support 7-12 IDSM (Intrusion Detection System Module) definition 5-1 Incident Control System Support 7-12 interface configuration for IPS 5.X Sensors 5-88 interfaces 3-6 Internal Network Identification 5-4 internal networks identifying 5-4 Intrusion Detection System Module See IDSM (Intrusion Detection System Module) IOS IPS filters 5-144 general properties 5-142 identification properties 5-129 port mapping 5-141 SDEE properties 5-143 SDFs 5-128 signatures 5-135 IOS IPS rules 5-141 J Job Management page 6-4 L license key location on sever 8-10 naming convention 8-10 subscription 8-8 log files management of 10-3 purpose of 10-3 truncating 10-3 M master blocking sensors 5-30 specifying 5-31 N navigation links 2-4 Network Administrator (account type) 6-1 Network Operator (account type) 6-1 Network Timing Protocol See NTP server NSDB 8-22 NTP server 5-4 O Object Selector 5-2 object selector icons 2-3 P pending configurations 6-4 port mapping definition 5-13 printing reports 11-14 Progress Viewer 4-11 R Rate limiting 5-16 RDEP v2 5-143 reassembly 4.x sensors 5-43 5.x sensors 5-122 reports deleting 11-17 device statistics 4-11 editing parameters for 11-9 e-mailing 11-16 exporting 11-14 predefined definitions 11-2 printing 11-14 report definitions creating 11-4 running 11-5 scheduling 11-6 viewing 11-13 workflow 11-3 report templates 11-2 S scheduling reports 11-6 SDEE 5-143 Secure Shell protocol See SSH security policies objectives of 3-1 Security Wheel See Cisco Security Wheel (figure) sensor groups See groups Sensor health messages 7-4 Sensor health monitoring 7-1 sensors basic settings 5-3 configuring sensing interfaces for 5-48, 5-99, 5-101 creating sensor subgroups 4-2 defining identification properties for 5-46, 5-62, 5-130 definition 5-1 deployment considerations 3-8 functionality 3-6 master blocking 5-30 placement 3-7 placement in network 3-4 placement of 3-4 sensor settings copying from a group 4-3 sensor signatures See signatures sensor software updating 8-1, 8-15 sensor version determining from Management Center 8-7 serial number 8-8 Signature Definition Files IOS IPS 5-128 signature release numbering 8-2 signatures configuring general signatures 5-136 definition of 3-2, 5-6 methods of tuning 3-3, 5-12 overview 5-6 tuning by defining filters 5-57 tuning by port mapping 5-44 tuning by specifying reassembly options 5-43, 5-146 tuning for 5.x device 5-119 updating 8-1 signature settings basic 5-3 signature updates notification by e-mail 8-13 signature version and levels from Management Center 8-5 signature versions downloading updates automatically 8-15 Signature Wizard 5-55, 5-125, 5-139 SNMP settings 5-104 Software Center 8-13 SSH definition 4-5 fingerprints 4-8 purpose 4-5 using 4-6 SSL certificates 4-13 statistics 4-11 System Administrator (account type) 6-1 T target value ratings 5-66 tftp directory B-1 tftp server B-1 TOC 5-2 traffic flow notifications 5-99 Trend Micro ICS support 7-12 TVR See target value ratings U Unix Director migrating from A-1 migration of event data from A-2 using custom signatures from A-2 using sensor configurations from A-2 Unlocking pending configurations 5-37 updating signatures 8-1 V virtual sensor definition of 5-94 editing 5-101 VLAN pairs 5-94 W warnings significance of xiv
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks