User Guide for Cisco Security Manager 3.2 - Activities User Interface Reference [Cisco Security Manager]

Table Of Contents

Activities User Interface Reference

Activity Manager Window

Activity States

Create Activity Dialog Box

Submit Activity Dialog Box

Approve Activity Dialog Box

Reject Activity Dialog Box

Discard Activity Dialog Box

Activity Required Dialog Box

Openable Activities Dialog Box

Change Report Dialog Box

Audit Report Window

Activities User Interface Reference

An activity is a temporary container within which you define and assign policies. You must create an activity or open an existing activity before you can define policies and assign them to devices if you are working in Workflow mode. In non-Workflow mode, activities are handled semi-transparently, and are referred to as configuration sessions.

In Workflow mode, most activity management is done in the Activity Manager window (select Tools > Activity Manager). However, you can also perform tasks using the Activities toolbar or menu.

The following topics describe the windows and dialog boxes related to activities or configuration sessions:

•Activity Manager Window

•Activity Required Dialog Box

•Openable Activities Dialog Box

•Change Report Dialog Box

•Audit Report Window

Activity Manager Window

Use the Activity Manager window to create and manage activities and to view activity status and history. The upper pane lists the activities that have been created. Select an activity to view its details and history in the lower pane.

The Activity Manager window is available only if you are operating in Workflow mode. In non-Workflow mode, Security Manager automatically and transparently manages activities.

Navigation Path

Click the Activity Manager button on the Main toolbar, or select Tools > Activity Manager.

Related Topics

•Working with Activities, page 8-9

•Understanding Activity States, page 8-5

Field Reference

Table E-1 Activities Manager Window

Element

Description

Activity

The name of the activity.

Last Modified

The date and time of the most recent change to the activity.

State

The state of the activity. For a list of states, see Activity States.

User

The username of the person who last changed the state of the activity.

Last Action

The most recent action performed on the activity.

Create button

Click this button to create new activity so that you can create or change policies or assign policies to devices. For more information, see Create Activity Dialog Box.

Open button

Click this button to open the selected activity so that changes, such as defining and assigning policies, are captured within the activity. You can open an activity when it is in the Edit or the Submitted state. Submitted activities are opened read-only.

Close button

Click this button to close the selected activity and save all changes made while the activity was open. You can close an activity when it is in the Edit Open or the Submit Open state.

Validate button

Click this button to validate changes that you have made to the selected activity from the time you created the activity to the current time. Validating an activity checks policy integrity and deployability, and displays detailed error information if errors are detected. For more information, see Validating an Activity, page 8-16.

Submit button

In Workflow mode with an activity approver, click this button to submit the selected activity. Submitting the activity sends notification that the activity is ready for review to the specified approver. You can submit an activity when it is in the Edit or the Edit Open state.

You are prompted for a comment (see Submit Activity Dialog Box).

Approve button

Click this button to approve the selected activity, which saves the proposed changes to the database. Devices associated with the activity are unlocked, meaning they can be included in policy definitions and changes in other activities. You must have appropriate user permissions to approve the activity.

In Workflow mode without an approver, you can approve your own activities when they are in the Edit state. In workflow mode with an approver, you must submit your activity, and the approver can approve an activity only when it is in the Submitted state.

You are prompted for an approval comment (see Approve Activity Dialog Box).

Reject button

In Workflow mode with an activity approver, click this button to reject the changes proposed in the selected activity. You must have appropriate user permissions to reject an activity. If the activity is rejected, the submitter can continue to make changes to the activity. Devices associated with the activity are not unlocked, meaning that they cannot be included in policy definitions or changes in another activity. You can reject an activity only when it is in the Submitted or the Submitted Open state.

You are prompted for a rejection comment (see Reject Activity Dialog Box).

Discard button

Click this button to discard the selected activity. Devices associated with the activity are unlocked, meaning they can be used by other activities.

You are prompted for a comment (see Discard Activity Dialog Box).

Discarded activities are removed from the system according to the settings defined in the Security Manager settings for Workflow. The activity state is shown as discarded until the activity is purged from the system. For more information, see Workflow Page, page A-56.

View Changes

Click this button to generate a report in PDF format for the selected activity. If activity is closed, this button is grayed out. For more information, see Viewing Activity Change Reports, page 8-14.

Refresh button

Click this button to refresh the information presented in the window.

Details tab

Displays detailed information for the selected activity. Besides the information repeated from the activities table, the details include this information:

•Activity ID—The identification number assigned by Security Manager when you created the activity.

•Created—The date and time the activity was created.

•Description—The description of the activity, which was entered when the activity was created.

History tab

Displays a log of the changes that have been made to the selected activity. The information includes the state changes, the user who made the change, the date and time of the change (based on the Security Manager server time), and any comments the user entered to document the change.

Activity States

The State column in the Activity Manager indicates the status of each activity.

Related Topics

•Activity Manager Window

•Understanding Activity States, page 8-5

•Working with Activities, page 8-9

Field Reference

Table E-2 Activity States

State

Description

Edit

The activity was created, but the activity is not currently being edited. The activity can be opened or discarded while it is in the Edit state.

Edit Open

The activity is open for editing. Changes, such as defining and assigning policies, are made in the activity. Devices or groups being configured are locked from other activities. The activity can be closed, discarded, submitted, or approved while it is in the Edit Open state.

Submitted

The activity was submitted for review. It can be viewed but not edited while it is in the Submitted state. It must be opened (in the Submitted Open state) to be edited. Devices and groups in the activity are locked from other activities. The activity can be opened, discarded, or rejected while it is in the Submitted state.

Submitted Open

The submitted activity is open for viewing. Devices in the activity are locked to other activities. The activity can be approved or rejected while it is in the Submitted Open state.

Approved

The activity was approved, and the corresponding configuration elements are now committed policy configurations. Devices associated with the activity are unlocked and can now be used by another activity. The activity can be deployed or discarded while it is in the Approved state.

Approve Failed

The activity is placed in the Approve Failed state if errors occur during approval (for example, due to a power failure). If this happens, try to approve the activity again or reboot the server.

Discarded

Changes made to the activity since the activity was created were discarded and further changes to the activity are not allowed. Devices associated with the activity are unlocked and can now be used in a new activity. The activity remains in the Activity table showing a Discarded state until it is purged from the system.

Create Activity Dialog Box

Use the Create Activity dialog box to create an activity in Workflow mode. Activities must be created before you can make policy changes.

Navigation Path

Do one of the following:

•Click Create Activity in the activity toolbar.

•Select Activities > New Activity.

•Click Create in the Activity Manager window.

Related Topics

•Creating an Activity, page 8-12

•Opening an Activity, page 8-13

•Activity States

Field Reference

Table E-3 Create Activity Dialog Box

Element

Description

Activity Name

The name of the activity. The default activity name contains the username, date, and time the activity was created. If you enter a different name, you should assign a logical name that reflects the contents of the activity. The activity name must be unique.

Description

A description of the purpose of the activity or other pertinent information.

Submit Activity Dialog Box

Use the Submit Activity dialog box to submit an activity for approval. When you are operating in Workflow mode with an activity approver, you must submit activities for approval before policy changes can be committed to the Security Manager database and deployed to devices.

Navigation Path

Do one of the following:

•To submit an open activity, click the Submit Activity button on the activity toolbar or select Activities > Submit Activity.

•To submit a closed activity, click the Activity Management button on the main toolbar, select the desired activity, and then click Submit.

Related Topics

•Opening an Activity, page 8-13

•Submitting an Activity for Approval, page 8-18

•Activity States

Field Reference

Table E-4 Submit Activity Dialog Box

Element

Description

Approver

The e-mail address of the person assigned approval permissions. This person receives notification of your submission. You can leave the default address or enter a new e-mail address. The default e-mail address is set in Tools > Security Manager Administration > Workflow.

Note Security Manager warns you if the e-mail cannot be sent and you must contact the approver directly.

Comment

A description of the changes included in the activity or other pertinent information.

Submitter

The e-mail address of the person submitting the approval request. The field initially contains the e-mail address associated with the username you used to log into Security Manager, but you can change it to another e-mail address.

View Changes button

Click this button to view a report in PDF format for the changes made in the activity. For more information, see Viewing Activity Change Reports, page 8-14.

Approve Activity Dialog Box

Use the Approve Activity dialog box to approve an activity. Approving an activity commits policy changes to the Security Manager database so that they can then be deployed to devices.

When you operate in Workflow mode with an activity approver, you must submit activities for review and approval. If you are operating without an approver, you can approve your own activities.

You can enter an optional comment to document why you are approving the activity.

Navigation Path

Do one of the following:

•To approve an open activity, click the Approve Activity button on the activity toolbar or select Activities > Approve Activity.

•To approve a closed activity, click the Activity Manager button on the Main toolbar, select the desired activity, then click Approve.

Related Topics

•Approving or Rejecting an Activity, page 8-19

•Activity States

Reject Activity Dialog Box

Use the Reject Activity dialog box to reject an activity.

In Workflow mode with an activity approver, you must submit activities to an activity approver who has permissions to approve or reject the activity.

Rejecting an activity does not commit policy changes to the Security Manager database. The activity is returned to the Edit state so that changes can be made. As the activity approver, you can specify any desired changes in the comments field.

Navigation Path

Do one of the following:

•To reject an open activity, click the Reject Activity button on the activity toolbar or select Activities > Reject Activity.

•To reject a closed activity, click the Activity Manager button on the Main toolbar, select the desired activity, then click Reject.

Related Topics

•Approving or Rejecting an Activity, page 8-19

•Activity States

Discard Activity Dialog Box

Use the Discard Activity dialog box to discard an activity. You can discard an activity if you want to cancel the changes that you have made. For tracking purposes, you can enter a comment explaining why you are discarding the activity.

Navigation Path

Do one of the following:

•To discard an open activity, click the Discard Activity button on the activity toolbar or select Activities > Discard Activity.

•To discard a closed activity, which must be in the Edit or Edit Open state, click the Activity Manager button on the Main toolbar, select the desired activity, then click Discard.

Related Topics

•Discarding an Activity, page 8-20

•Activity States

Activity Required Dialog Box

When in Workflow mode, you must create or open an activity before you create or modify policies.

Navigation Path

This dialog box appears if you attempt to create or modify policies without first creating or opening an activity.

Related Topics

•Creating an Activity, page 8-12

•Activity States

Field Reference

Table E-5 Activity Required Dialog Box

Element

Description

Create a new activity

Creates a new activity with the following information:

•Name—The name of the activity. The default activity name contains the username, date, and time the activity was created.

•Description—A description of the changes in the activity or other pertinent information.

Open an existing activity

Opens the activity selected from the Activity list. This option is displayed only if there are activities available in the Edit state.

Openable Activities Dialog Box

Use the Openable Activities dialog box to open an existing activity in Workflow mode. In Workflow mode, creating or modifying policies requires that an activity be open.

The dialog box lists all activities that can be opened. You can made changes to activities in the Edit state, but you can only view activities in the Submitted state. The activities list includes the name of the activity, its state, and the username of the person who created the activity.

Select an activity from the list and click OK to open it.

Navigation Path

Click the Open Activity button on the activity toolbar or select Activities > Open Activity.

Related Topics

•Opening an Activity, page 8-13

•Activity States

Change Report Dialog Box

Use the Change Report dialog box to view the configuration change report for previous configuration sessions in non-Workflow mode. In non-Workflow mode, a configuration session is considered complete when you either submit or discard your changes. These sessions are equivalent to activities in Workflow mode. Select a session and click View Changes to view the report.

To view the report for the current configuration session, close this dialog box and select File > View Changes.

Navigation Path

In non-Workflow mode, select Tools > Change Report.

Related Topics

•Viewing Activity Change Reports, page 8-14

Field Reference

Table E-6 Change Report Dialog Box

Element

Description

Date

The date and time the configuration session ended.

Action

Whether the changes made during the session were submitted to the database or discarded.

User

The user who submitted or discarded the changes.

View Changes button

Click this button to view the activity change report for the selected configuration session.

Audit Report Window

Use the Audit Report window to view records of state changes in Security Manager.

The Audit Report page contains two panes. Use the left pane to define the parameters for generating the audit report. The right pane displays the audit report using one row for each audit entry or message. The content of the audit report depends on the parameters you defined in the left pane. Therefore, all columns listed in the table might not be displayed in the generated audit report.

Navigation Path

Select Tools > Audit Report.

Related Topics

•Understanding Audit Reports, page 21-15

•Generating the Audit Report, page 21-16

Field Reference

Table E-7 Audit Report Window

Element

Description

Search Criteria (Left Pane)

The left side of the Audit Report window contains the search criteria for the report. The default report lists all state changes from yesterday and today, sorted with the most recent changes at the top.

Search by action

One or more sources of actions to include in the audit report. If you do not make a selection, the report is not filtered based on action. You can select All to include all action sources.

Search by date

The time period to include in the report. Actions that occur between the from and to dates are displayed. Click the calendar icon to select the dates.

This filter's default (reset position) is to include actions from yesterday to today.

Search for activity by state

This field works differently from the other search fields, and is primarily of use in Workflow mode. You can use this field to select one or more activities to include in the report. The activities are listed in the display box below the drop-down list. The drop-down list helps you find the activities on which you want to report.

To use this search mechanism, select the activity state of the activities on which you want to report, and then select the activities. Use Ctrl+click to select multiple activities.

Select No Activity to not filter by activity.

Search by message warning level

The message warning level. The report is limited to messages of the selected severity. Use Ctrl+click to select multiple levels.

Search by user name

The username of the person who performed the actions to include in the report. To see Security Manager system-generated actions, enter the username System.

Search by a phrase in the message body

A string of text that should occur in the message of the audit report entries. You can enter a maximum of 1025 characters.

The message is not visible in the report table. To see the messages related to an entry, double-click the entry.

Search by all or part of the object name

A string of text that should occur in the name of the object for which the audit entries were generated. You can enter a maximum of 1025 characters.

Search button

Click this button to generate the report in the right pane.

Reset button

Click this button to reset the search criteria and delete any values or selections you made.

Audit Report (Right Pane)

The right side of the Audit Report window contains the audit report. Each row represents one audit entry. Double-click a row to open the Audit Message Details dialog box, where you can view a more readable layout of the information and to see the specific messages associated with the entry. You can scroll through the entries in the report from within the Audit Message Details dialog box.

Message Level

The message warning level: Information, Warning, Success, Failure and Internal System Error.

Date

The date and time the action occurred.

Source

The origin of the audit entry: Objects, License, Admin, Firewall, Policy Manager, Devices, Topology, VPN, Config Archive, Deployment, System, and Activity.

Action

The action performed: Add, Assign, Create, Delete, Open, Purge, Unassign, and Update.

Object

The identifier of the object of the action. For example, if the category is device, then the object identifier could be the device name or IP address. If the category is deployment, then the object identifier could be job name, job ID, and so on. There frequently is no specific object name.

User Name

The username of the person performing the action.

Activity

The name of the activity in which the action occurred, if any.

# of rows per page

The number of rows to display on each page.

< arrow

Click this button to return to the previous page of the audit report.

> arrow

Click this button to advance to the next page of the audit report.