User Guide for Cisco Security MARS Global Controller, Release 4.2.x - Index [Cisco Security Monitoring, Analysis and Response System]

Table Of Contents

A - B - C - D - E - F - G - H - I - L - M - N - O - P - Q - R - S - T - U - V -

Index

A

Action 5-3

Activate button 7-17, 7-18, 7-20, 9-1

adding

cell phone number 8-11, 9-9

devices 2-11

manually 2-11

event groups 9-3

inspection rules 7-18

pager number 8-11, 9-9

service 9-6

user 8-10, 9-7

user group 9-10

adding IP groups 9-4

adding service provider 8-11, 9-9

admin roles, see user management 9-7

Adobe SVG 3-11

alert

action 7-14

Distributed Threat Management 7-14

Email 7-14

NONE 7-14

Page 7-14

SMS 7-14

SNMP 7-14

Syslog 7-14

alerts 8-1

all matching event raw messages 6-8

all matching events 6-8

all matching sessions 6-7

archive server

retrieving raw messages 10-3

attack diagram 3-10

attack paths

L2 5-5

L3 5-5

audit trail 10-3

B

bytes transmitted 6-8

C

cell phone paging 8-11, 9-9

certificate

monitor status 10-6

upgrading from expired or fingerprint 10-6

changing

inspection rule status 7-16

Collapse All 5-5

Common Vulneratbilities and Exposures 9-2

creating

report 6-22

CVE 9-2

D

data reduction 3-10

default certificate response

change 10-5

default fingerprint response

change 10-5

default password

change 10-3

deleting service 9-6

destination IP address ranking 6-7

destination network group ranking 6-7

destination network ranking 6-7

destination ranking 6-7

diagrams

attack 3-10

display format

query 6-6

E

editing

inspection rules 7-17

IP groups 9-4

service 9-6

user 9-10

event groups 9-3

event management 9-1

editing 9-2

Event Type 5-3

event type group ranking 6-6

event type ranking 6-6

Expand All 5-5

expired certificate 10-6

F

false positives

tuning 5-5

fingerprint validation 10-4

G

Global Controller ii-xi

adding Local Controllers to 2-2

and Local Controllers 2-10, 3-1, 5-1, 6-1, 7-1, 7-3, 9-7

Network Summary page 3-1

queries 6-1

rules 7-1, 7-3

user interface ii-xi

user management 9-7

Global Controller

overview 1-1

H

hardware maintenance

MARS 100, 100E, 200, GCM, GC 10-7

Hot Spot Graph 3-10

I

incident count 6-8

Incident Details page 5-4

Incident ID 5-3

Incident Path 5-3

incidents 3-9

action 5-3

event type 5-3

incident ID 5-3

incident path 5-3

incident vector 5-3

instances 5-6

matched rule 5-3

severity 5-3

time 5-3

time ranges 5-4

incidents table

navigation 5-3

incident table 5-5

Incident Vector 5-3

inspection rule

activate and inactive 7-16

inspection rules

adding 7-18

editing 7-17

inspection rule status

changing 7-16

instances

incidents 5-6

IP groups

adding 9-4

editing 9-4

IP management 9-3

adding

IP range 9-4

network 9-4

variable 9-4

L

L2 attack path 5-5

L3 attack path 5-5

Local Controller 2-10, 3-1, 5-1, 6-1, 7-1, 7-3, 9-7

log files 10-2

M

MAC address report 6-8

management

events 9-1

IP 9-3

service 9-5

user 9-6

MARS

audit trail 10-3

log files 10-2

matched incident ranking 6-7

Matched Rule 5-3

matched rule ranking 6-7

mitigate 5-5

N

NAT connection report 6-8

network group ranking 6-6

network ranking 6-6

Network Status tab

Incidents 3-13

Top Destinations 3-14

Top Event Types 3-13

Top Sources 3-14

O

Order/Rank By 6-8

order by 6-8

bytes transmitted 6-8

incident count 6-8

session count 6-8

time 6-8

P

pager 8-11, 9-9

password

change default 10-3

post NAT destination addresses 6-11

post NAT source addresses 6-11

pre NAT destination addresses 6-11

pre NAT source addresses 6-11

protocol ranking 6-7

Q

queries

action

ANY 6-13

actions 6-13

destination IP 6-11

ANY 6-11

devices 6-12

IP addresses 6-11

IP ranges 6-11

networks 6-11

post NAT destination addresses 6-11

pre NAT destination addresses 6-11

devices 6-12

display format

all matching event raw messages 6-8

all matching events 6-8

all matching sessions 6-7

destination IP address ranking 6-7

destination ranking 6-7

event type group ranking 6-6

MAC address report 6-8

matched incident ranking 6-7

matched rule ranking 6-7

NAT connection report 6-8

protocol ranking 6-7

reporting device ranking 6-7

reporting device type ranking 6-7

source IP address ranking 6-6

source port ranking 6-7

unknown event report 6-8

use only firing events 6-9

event type grouping 6-12

event types 6-12

ANY 6-12

operation

AND 6-13, 7-12

FOLLOWED-BY 6-13, 7-12

none 6-13, 7-12

OR 6-13, 7-12

result format

destination network group ranking 6-7

destination network ranking 6-7

event type ranking 6-6

network group ranking 6-6

network ranking 6-6

reported user ranking 6-7

source network group ranking 6-6

source network ranking 6-6

rule 6-13

ANY 6-13

save as

reports 6-13

rules 6-13

service

ANY 6-12

defined services 6-12

service variables 6-12

severity

ANY 6-12

green 6-12

red 6-12

yellow 6-12

source IP

ANY 6-11

devices 6-11

IP addresses 6-11

IP ranges 6-11

networks 6-11

post NAT source addresses 6-11

pre NAT source addresses 6-11

variables 6-11

time range

last 6-8

start and end times 6-8

zone 6-12

query

display format 6-6

Query page 6-1

R

rank by 6-8

bytes transmitted 6-8

incident count 6-8

session count 6-8

time 6-8

removing

user 9-10

report

adding 6-22

delete 6-23

edit 6-23

new 6-22

reported user ranking 6-7

reporting device ranking 6-7

reporting device type ranking 6-7

reports

viewing 6-16, 6-22

reports, view type, CSV 6-21

reports, view type, recent 6-21

reports,view type, total 6-21

report views, CSV 6-21

report views, peak, reports, view type, peak 6-21

report views, recent 6-21

report views, total 6-21

rules

destination IP

ANY 7-7

devices 7-7

DISTINCT 7-7

IP addresses 7-7

IP ranges 7-7

Network Groups 7-7

networks 7-7

SAME 7-7

variables 7-7

device 7-10

ANY 7-10

Unknown Reporting Device 7-10

variables 7-10

event type grouping 7-9

event types 7-9

ANY 7-9

variables 7-9

reported user

ANY 7-10

Invalid User Name 7-10

NONE 7-10

variables 7-10

service

ANY 7-8

defined groups 7-9

defined services 7-9

service variables 7-8

severity

ANY 7-11

green 7-11

red 7-11

yellow 7-11

source IP

devices 7-6

IP addresses 7-6

IP ranges 7-6

Network Groups 7-6

networks 7-6

variables 7-6

runtime logging 10-1

S

see CVE 9-2

service

adding 9-6

deleting 9-6

editing 9-6

editing groups 9-5

service group

adding 9-5

service management 9-5

service provider

adding 8-11, 9-9

services

adding group 9-5

session count 6-8

setting

runtime logging levels 10-1

Severity icons 5-3

Short Message Service

See SMS. 7-14

Simple Network Management Protocol

See SNMP. 7-14

source IP address ranking 6-6

source network group ranking 6-6

source network ranking 6-6

source port ranking 6-7

SSH

fingerprint validation 10-4

SSL

certificate validation 10-4

stacked charts 3-14

T

table

incidents 5-5

Time 5-3

time ranges

incidents 5-4

Topology

toggle device display 3-13

tuning

false positives 5-5

U

unknown event report 6-8

use only firing events 6-9

user

adding 8-10, 9-7

editing 9-10

removing 9-10

user group

adding 9-10

user management 9-6

roles defined 9-7

V

validation

fingerprint 10-4

variables 6-11, 7-6, 7-7

	User Guide for Cisco Security MARS Global Controller, Release 4.2.x
	Index
User Guide for Cisco Security MARS Global Controller, Release 4.2.x Preface Introduction Configuring the Global Controller Network Summary Case Management Incident Investigation and Mitigation Queries and Reports Rules Sending Alerts Management Tab Overview System Maintenance Cisco Security MARS XML API Reference Regular Expression Reference Date/Time Format Specfication System Rules and Reports Reference Glossary Index	Download this chapter Index Download the complete book uggc42x.pdf (PDF - 4 MB) Table Of Contents A - B - C - D - E - F - G - H - I - L - M - N - O - P - Q - R - S - T - U - V - Index A Action 5-3 Activate button 7-17, 7-18, 7-20, 9-1 adding cell phone number 8-11, 9-9 devices 2-11 manually 2-11 event groups 9-3 inspection rules 7-18 pager number 8-11, 9-9 service 9-6 user 8-10, 9-7 user group 9-10 adding IP groups 9-4 adding service provider 8-11, 9-9 admin roles, see user management 9-7 Adobe SVG 3-11 alert action 7-14 Distributed Threat Management 7-14 Email 7-14 NONE 7-14 Page 7-14 SMS 7-14 SNMP 7-14 Syslog 7-14 alerts 8-1 all matching event raw messages 6-8 all matching events 6-8 all matching sessions 6-7 archive server retrieving raw messages 10-3 attack diagram 3-10 attack paths L2 5-5 L3 5-5 audit trail 10-3 B bytes transmitted 6-8 C cell phone paging 8-11, 9-9 certificate monitor status 10-6 upgrading from expired or fingerprint 10-6 changing inspection rule status 7-16 Collapse All 5-5 Common Vulneratbilities and Exposures 9-2 creating report 6-22 CVE 9-2 D data reduction 3-10 default certificate response change 10-5 default fingerprint response change 10-5 default password change 10-3 deleting service 9-6 destination IP address ranking 6-7 destination network group ranking 6-7 destination network ranking 6-7 destination ranking 6-7 diagrams attack 3-10 display format query 6-6 E editing inspection rules 7-17 IP groups 9-4 service 9-6 user 9-10 event groups 9-3 event management 9-1 editing 9-2 Event Type 5-3 event type group ranking 6-6 event type ranking 6-6 Expand All 5-5 expired certificate 10-6 F false positives tuning 5-5 fingerprint validation 10-4 G Global Controller ii-xi adding Local Controllers to 2-2 and Local Controllers 2-10, 3-1, 5-1, 6-1, 7-1, 7-3, 9-7 Network Summary page 3-1 queries 6-1 rules 7-1, 7-3 user interface ii-xi user management 9-7 Global Controller overview 1-1 H hardware maintenance MARS 100, 100E, 200, GCM, GC 10-7 Hot Spot Graph 3-10 I incident count 6-8 Incident Details page 5-4 Incident ID 5-3 Incident Path 5-3 incidents 3-9 action 5-3 event type 5-3 incident ID 5-3 incident path 5-3 incident vector 5-3 instances 5-6 matched rule 5-3 severity 5-3 time 5-3 time ranges 5-4 incidents table navigation 5-3 incident table 5-5 Incident Vector 5-3 inspection rule activate and inactive 7-16 inspection rules adding 7-18 editing 7-17 inspection rule status changing 7-16 instances incidents 5-6 IP groups adding 9-4 editing 9-4 IP management 9-3 adding IP range 9-4 network 9-4 variable 9-4 L L2 attack path 5-5 L3 attack path 5-5 Local Controller 2-10, 3-1, 5-1, 6-1, 7-1, 7-3, 9-7 log files 10-2 M MAC address report 6-8 management events 9-1 IP 9-3 service 9-5 user 9-6 MARS audit trail 10-3 log files 10-2 matched incident ranking 6-7 Matched Rule 5-3 matched rule ranking 6-7 mitigate 5-5 N NAT connection report 6-8 network group ranking 6-6 network ranking 6-6 Network Status tab Incidents 3-13 Top Destinations 3-14 Top Event Types 3-13 Top Sources 3-14 O Order/Rank By 6-8 order by 6-8 bytes transmitted 6-8 incident count 6-8 session count 6-8 time 6-8 P pager 8-11, 9-9 password change default 10-3 post NAT destination addresses 6-11 post NAT source addresses 6-11 pre NAT destination addresses 6-11 pre NAT source addresses 6-11 protocol ranking 6-7 Q queries action ANY 6-13 actions 6-13 destination IP 6-11 ANY 6-11 devices 6-12 IP addresses 6-11 IP ranges 6-11 networks 6-11 post NAT destination addresses 6-11 pre NAT destination addresses 6-11 devices 6-12 display format all matching event raw messages 6-8 all matching events 6-8 all matching sessions 6-7 destination IP address ranking 6-7 destination ranking 6-7 event type group ranking 6-6 MAC address report 6-8 matched incident ranking 6-7 matched rule ranking 6-7 NAT connection report 6-8 protocol ranking 6-7 reporting device ranking 6-7 reporting device type ranking 6-7 source IP address ranking 6-6 source port ranking 6-7 unknown event report 6-8 use only firing events 6-9 event type grouping 6-12 event types 6-12 ANY 6-12 operation AND 6-13, 7-12 FOLLOWED-BY 6-13, 7-12 none 6-13, 7-12 OR 6-13, 7-12 result format destination network group ranking 6-7 destination network ranking 6-7 event type ranking 6-6 network group ranking 6-6 network ranking 6-6 reported user ranking 6-7 source network group ranking 6-6 source network ranking 6-6 rule 6-13 ANY 6-13 save as reports 6-13 rules 6-13 service ANY 6-12 defined services 6-12 service variables 6-12 severity ANY 6-12 green 6-12 red 6-12 yellow 6-12 source IP ANY 6-11 devices 6-11 IP addresses 6-11 IP ranges 6-11 networks 6-11 post NAT source addresses 6-11 pre NAT source addresses 6-11 variables 6-11 time range last 6-8 start and end times 6-8 zone 6-12 query display format 6-6 Query page 6-1 R rank by 6-8 bytes transmitted 6-8 incident count 6-8 session count 6-8 time 6-8 removing user 9-10 report adding 6-22 delete 6-23 edit 6-23 new 6-22 reported user ranking 6-7 reporting device ranking 6-7 reporting device type ranking 6-7 reports viewing 6-16, 6-22 reports, view type, CSV 6-21 reports, view type, recent 6-21 reports,view type, total 6-21 report views, CSV 6-21 report views, peak, reports, view type, peak 6-21 report views, recent 6-21 report views, total 6-21 rules destination IP ANY 7-7 devices 7-7 DISTINCT 7-7 IP addresses 7-7 IP ranges 7-7 Network Groups 7-7 networks 7-7 SAME 7-7 variables 7-7 device 7-10 ANY 7-10 Unknown Reporting Device 7-10 variables 7-10 event type grouping 7-9 event types 7-9 ANY 7-9 variables 7-9 reported user ANY 7-10 Invalid User Name 7-10 NONE 7-10 variables 7-10 service ANY 7-8 defined groups 7-9 defined services 7-9 service variables 7-8 severity ANY 7-11 green 7-11 red 7-11 yellow 7-11 source IP devices 7-6 IP addresses 7-6 IP ranges 7-6 Network Groups 7-6 networks 7-6 variables 7-6 runtime logging 10-1 S see CVE 9-2 service adding 9-6 deleting 9-6 editing 9-6 editing groups 9-5 service group adding 9-5 service management 9-5 service provider adding 8-11, 9-9 services adding group 9-5 session count 6-8 setting runtime logging levels 10-1 Severity icons 5-3 Short Message Service See SMS. 7-14 Simple Network Management Protocol See SNMP. 7-14 source IP address ranking 6-6 source network group ranking 6-6 source network ranking 6-6 source port ranking 6-7 SSH fingerprint validation 10-4 SSL certificate validation 10-4 stacked charts 3-14 T table incidents 5-5 Time 5-3 time ranges incidents 5-4 Topology toggle device display 3-13 tuning false positives 5-5 U unknown event report 6-8 use only firing events 6-9 user adding 8-10, 9-7 editing 9-10 removing 9-10 user group adding 9-10 user management 9-6 roles defined 9-7 V validation fingerprint 10-4 variables 6-11, 7-6, 7-7
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.