Device Configuration Guide for Cisco Security MARS, Release 6.x - Symantec ManHunt [Cisco Security Monitoring, Analysis and Response System]

Table Of Contents

Symantec ManHunt

Symantec ManHunt Side Configuration

MARS Side Configuration

Add Configuration Information for Symantec ManHunt 3.x

Symantec ManHunt

This chapter contains the following topics:

•Symantec ManHunt Side Configuration

•MARS Side Configuration

Symantec ManHunt Side Configuration

Step 1 Login to the Symantec ManHunt with appropriate username and password.

Step 2 In the main screen, click Setup > Policy > Response Rules, then Response Rules window will appear.

Figure 8-1 ManHunt Configuration

Step 3 In the Response Rules window, click Action > Add Response Rules.

Step 4 Click in the field of Response Action

Figure 8-2 ManHunt Response Rule Config

Step 5 In the left menu, click SNMP Notification and enter the following information:

•SNMP Manager IP address—Reporting IP address of MARS

•Maximum number of SNMP notification—(Example: 100000).

•Delay between SNMP notification (mins)—(Example: 1 min)

Step 6 Click OK to return to main screen.

MARS Side Configuration

This section contains the following topics:

•Add Configuration Information for Symantec ManHunt 3.x

Add Configuration Information for Symantec ManHunt 3.x

Step 1 Click Admin > System Setup > Security and Monitor Devices > Add.

Step 2 From the Device Type list, select Add SW Security apps on a new host or Add SW security apps on existing host.

Step 3 Enter the Device Name and IP addresses if adding a new host.

Step 4 Click Apply

Step 5 Click Reporting Applications tab

Step 6 From the Select Application list, select Symantec ManHunt 3.x

Step 7 Click Add.

Step 8 For attack path calculation and mitigation, specify the networks being monitored by the sensor. Do one of the following:

•To manually define the networks, select the Define a Network radio button.

a. Enter the network address in the Network IP field.

b. Enter the corresponding network mask value in the Mask field.

c. Click Add to move the specified network into the Monitored Networks field.

d. Repeat as needed.

•To select the networks that are attached to the device, click the Select a Network radio button.

a. Select a network from in the Select a Network list

b. Click Add to move the specified network into the Monitored Networks field.

c. Repeat as needed.

Step 9 To save your changes, click Submit.

Step 10 To enable MARS to start sessionizing events from this module, click Activate.

	Device Configuration Guide for Cisco Security MARS, Release 6.x
	Symantec ManHunt
Device Configuration Guide for Cisco Security MARS, Release 6.x Preface Part 1: Concepts Configuring Reporting and Mitigation Devices in MARS Part 2: Intrusion Detection and Prevention (Network based) Cisco IPS Devices (4.x and 5.x) NetScreen IDP Devices and Servers Cisco IPS 6.x Devices and Virtual Sensors Enterasys Dragon Devices Snort Devices McAfee Intrushield Symantec ManHunt Cisco IPS Modules IBM SiteProtector Devices IBM RealSecure Devices Part 3: Vulnerability Assessment Qualys QualysGuard Devices eEye REM Devices McAfee Foundstone Part 4: Switches Cisco Switches Extreme Switches Part 5: Routers Cisco Routers Routers (Generic) Part 6: Firewalls Cisco Firewall Devices Cisco ASA, Version 8.1.X and 8.2.X and NetFlow Check Point Devices NetScreen ScreenOS Devices Part 7: Network Access Control Cisco NAC Appliance Part 8: Virtual Private Network Gateways Cisco VPN 3000 Concentrator Part 9: WLAN Controller Cisco Wireless LAN Controller Part 10: AAA Servers Cisco Secure ACS Devices Part 11: Intrusion Detection and Prevention (Host based) Cisco Security Agent Entercept Devices Part 12: Virus Protection Symantec AntiVirus McAfee EPO Management Devices Cisco Incident Controller Server Part 13: Content Management Cisco CSC SSM Part 14: Database Applications Oracle Database Applications Part 15: Web Servers Web Server Devices Part 16: Web Proxies Network Appliance NetCache Generic Part 17: Host Nodes Generic, Solaris, Linux, and Windows Application Hosts Index	Download this chapter Symantec ManHunt Download the complete book Device Configuration Guide for Cisco Security MARS Release 6.x (PDF - 5 MB) Table Of Contents Symantec ManHunt Symantec ManHunt Side Configuration MARS Side Configuration Add Configuration Information for Symantec ManHunt 3.x Symantec ManHunt This chapter contains the following topics: •Symantec ManHunt Side Configuration •MARS Side Configuration Symantec ManHunt Side Configuration Step 1 Login to the Symantec ManHunt with appropriate username and password. Step 2 In the main screen, click Setup > Policy > Response Rules, then Response Rules window will appear. Figure 8-1 ManHunt Configuration Step 3 In the Response Rules window, click Action > Add Response Rules. Step 4 Click in the field of Response Action Figure 8-2 ManHunt Response Rule Config Step 5 In the left menu, click SNMP Notification and enter the following information: •SNMP Manager IP address—Reporting IP address of MARS •Maximum number of SNMP notification—(Example: 100000). •Delay between SNMP notification (mins)—(Example: 1 min) Step 6 Click OK to return to main screen. MARS Side Configuration This section contains the following topics: •Add Configuration Information for Symantec ManHunt 3.x Add Configuration Information for Symantec ManHunt 3.x Step 1 Click Admin > System Setup > Security and Monitor Devices > Add. Step 2 From the Device Type list, select Add SW Security apps on a new host or Add SW security apps on existing host. Step 3 Enter the Device Name and IP addresses if adding a new host. Step 4 Click Apply Step 5 Click Reporting Applications tab Step 6 From the Select Application list, select Symantec ManHunt 3.x Step 7 Click Add. Step 8 For attack path calculation and mitigation, specify the networks being monitored by the sensor. Do one of the following: •To manually define the networks, select the Define a Network radio button. a. Enter the network address in the Network IP field. b. Enter the corresponding network mask value in the Mask field. c. Click Add to move the specified network into the Monitored Networks field. d. Repeat as needed. •To select the networks that are attached to the device, click the Select a Network radio button. a. Select a network from in the Select a Network list b. Click Add to move the specified network into the Monitored Networks field. c. Repeat as needed. Step 9 To save your changes, click Submit. Step 10 To enable MARS to start sessionizing events from this module, click Activate.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.