Guest

Cisco Security Monitoring, Analysis and Response System

Cisco Security MARS 6.X Documentation Master Index

 Feedback

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - L - M - N - O - P - Q - R - S - T - U - V - W - Z

Master Index

The following Cisco Security MARS appliance abbreviations are used in this Master Index.

UG = User Guide

ICG = Intial Configuration Guide

DCG = Device Configuration Guide

HIG = Hardware Installation Guide

CR = Command Reference

Numerics

5-tuple data

low-latency event query UG:11-9

802.1x, logging in Cisco Secure ACS DCG:25-6

A

AAA

configure login prompts IG:2-17

AAA authentication

and Cisco Secure ACS

for policy lookup UG:11-16

AAA devices DCG:25-1

AAA server

add UG:13-9

delete UG:13-16

servers supported UG:13-1

access rule lookup UG:11-4

device software versions

supported for UG:11-15

devices with multiple contexts UG:11-4

issues UG:11-8

overview UG:11-5

syslog messages supported

by IOS routers UG:11-7

access rules

looking up

from MARS events (procedure) UG:11-23

Accounts

expired

unlocking UG:13-4

unlocking CR:1-105

AC power HIG:3-8

connecting to HIG:4-9

ACS

See also Cisco Secure ACS

configuring user names UG:13-9

Activate button UG:4-15, UG:4-16, UG:4-18, UG:4-20, UG:6-1

activating reporting devices DCG:1-15

explanation UG:7-11

what it does DCG:1-15

when multiple users are logged in UG:7-12

when to use DCG:1-16

Activation Settings page UG:7-12

adding

cell phone number UG:6-14

CSV file DCG:1-31

devices IG:3-16, DCG:1-31

manually IG:3-16, DCG:1-31

seed file DCG:1-31

drop rules UG:4-19

event groups UG:6-3

inspection rules UG:4-16

IP groups UG:6-4

pager number UG:6-14

routes IG:2-10

seed file DCG:1-31

service UG:6-10

service provider UG:6-14

user UG:5-13, UG:6-12

user group UG:6-15

addresses UG:13-9

administrative account

default password settings IG:2-6

reset password IG:4-2

admin roles, see user management UG:6-11

Adobe SVG UG:7-18

alert

hard drive HIG:5-11

alert action UG:4-12

alerts UG:5-1

appliance

turning on power HIG:4-10

Appliance Recovery DVD HIG:3-10

archive IG:6-1

data IG:6-1

file and folder format IG:6-3

NFS for Windows IG:6-5

NFS on Linux IG:6-9

Windows Services for UNIX IG:6-5

archive data

identify time period contained IG:6-4

archive server

retrieving raw messages UG:12-3

archiving IG:6-13

starting IG:6-14

stopping IG:6-15

ASA devices

supported software versions

for policy and events lookup UG:11-15

with multiple contexts UG:11-4

attack diagram UG:7-18

attack paths

L2 UG:9-6

L3 UG:9-6

audit trail

viewing UG:12-2

authentication settings

policy table lookup

allow saving of credentials UG:11-19

B

backing up IG:6-13

backup IG:6-1

estimating storage requirements IG:6-2

network connection requirements IG:6-2

schedule IG:6-1

using eth1 interface for NFS traffic IG:6-2

Banner configuration UG:7-9

beep code HIG:5-22

bootstrapping

Security Manager server

for communication with MARS UG:11-16

Botnet Traffic Filter

syslog and SNMP notification limitation UG:5-4

browser

configure IG:1-5

C

cables

Cat 5 crossover HIG:3-10

connect order HIG:4-10

serial HIG:3-10

telephone HIG:3-10

cabling HIG:3-8

connecting a console HIG:4-10

connecting during installation HIG:4-10

case management

case report UG:10-7

editing cases UG:10-6

emailing case UG:10-7

overview UG:10-1

Cat 5 crossover cable IG:A-6

Catalyst 6500 Series switches

supported software versions

for policy and events lookup UG:11-15

cautions

significance of DCG:i-xvi, HIG:i-viii

cell phone paging

adding UG:5-15, UG:6-14

certificate IG:2-12

monitor status UG:12-9

upgrading from expired or fingerprint UG:12-9

certificates

presented by Security Manager

compared by MARS during policy lookup UG:11-10

changing

drop rule status UG:4-18

inspection rule status UG:4-14

charts

improving refresh time UG:7-21

Cisco Adaptive Security Appliance, see Cisco ASA DCG:18-1

Cisco ASA

add to MARS DCG:18-14

bootstrapping DCG:18-2

security context

add discovered DCG:18-19

define reporting options for DCG:18-20

make MARS aware of DCG:18-17

Cisco Firewall Services Modules, see Cisco FWSM DCG:18-1

Cisco FWSM

add to MARS DCG:18-14

bootstrapping DCG:18-2

security context

add discovered DCG:18-19

define reporting options for DCG:18-20

make MARS aware of DCG:18-17

Cisco IOS routers

supported software versions

for policy and events lookup UG:11-15

Cisco Secure ACS

access settings for

MARS appliance UG:11-16

configuring user names UG:13-9

roles for

policy table lookup UG:11-16

Cisco Secure ACS, 802.1x feature support DCG:25-6

Cisco Secure ACS, 802.1x support DCG:25-1

Cisco Secure ACS, audit logs required by MARS DCG:25-4

Cisco Secure ACS, bootstrap DCG:25-3

Cisco Secure ACS, event logs studied by MARS DCG:25-1

Cisco Secure ACS, MARS agent DCG:25-8

Cisco Secure ACS, NAC support DCG:25-1

Cisco Secure ACS, representing in MARS DCG:25-13, DCG:25-15

Cisco Secure ACS, sever support DCG:25-2

Cisco Secure ACS, solution engine 3x support DCG:25-2

Cisco Secure ACS, solution engine 4.x support DCG:25-2

Cisco Secure ACS, supported versions DCG:25-1

Cisco Secure ACS, TACACS+ command authorization DCG:25-8

CLI

command conventions CR:6-vi

command privileges CR:6-vi

console connection IG:2-4

date CR:1-9

direct console IG:2-5

dns CR:1-11

dnssuffix CR:1-12

domainname CR:1-13

Ethernet console IG:2-5

ethtool CR:1-14

exit CR:1-17

gateway CR:1-22

help CR:1-23

hostname CR:1-25

ifconfig CR:1-29

netstat CR:1-31

nslookup CR:1-32

ntp CR:1-33

passwd CR:1-35

passwd expert CR:1-36

ping CR:1-37

pnlog CR:1-53

pnreset CR:1-54

usage note IG:6-25

pnrestore

usage note IG:6-24

pnstart CR:1-61

pnstatus CR:1-62

pnstop CR:1-63

reboot CR:1-76

route CR:1-77

serial console IG:2-5

show healthinfo CR:1-80

show inventory CR:1-82

ssh CR:1-87

SSH console IG:2-5

sslcert CR:1-89

tcpdump CR:1-97

telnet CR:1-98

time CR:1-99

timezone CR:1-100

traceroute CR:1-103

version CR:1-106

command reference

CLI conventions CR:6-vi

command privileges CR:6-vi

syntax, checking CR:6-vi

system help CR:6-vi

Common Services

AAA authentication for

MARS appliance UG:11-16

Common Vulneratbilities and Exposures UG:6-2

configuration

initial IG:2-1

initial procedure IG:2-6

Configuring the IP IG:4-6

connection teardown messages UG:11-13

realtime event viewer UG:11-13

connectivity test

between MARS and Security Manager UG:11-19

console connection IG:2-4

log in IG:4-1

log off IG:4-3

remote shut down IG:4-3

conventions DCG:i-xv

command line interface CR:6-vi

cords

connect order HIG:4-10

power HIG:3-10

creating

report UG:8-30

creating a safe environment HIG:3-7

credentials

bulk update DCG:1-37

CSC SSM DCG:31-1

bootstrap to report to MARS DCG:31-1

define module manually DCG:31-2

CSV files DCG:1-31

custom device type parser

selecting traffic type UG:14-19

custom log parser

selecting traffic type UG:14-20

custom signatures

unknown device event type UG:11-32

CVE UG:6-2

D

data

archive IG:6-1

archiving IG:6-13

backup IG:6-1

database

cardinality calculation UG:12-14

indexing UG:12-11

tuning UG:12-11

data reduction UG:7-17

default address

eth0 IG:2-5

eth1 IG:2-5

default certificate response

change UG:12-8

default fingerprint response

change UG:12-8

default login IG:2-12

default password IG:2-12

change UG:12-7

deleting

routes IG:2-10

deleting service UG:6-10

device event types

create new UG:14-8

define

overview UG:14-6

defined UG:14-1

override defined patterns UG:14-17

devices

in MARS

time synchronization, recommendation UG:11-14

lookup UG:11-4

managed by MARS and Security Manager

running compatible software version UG:11-14

management traffic

between MARS and UG:11-14

mitigation

monitored by MARS UG:11-14

notification traffic

between MARS and UG:11-14

policy lookup from MARS UG:11-5

reporting

monitored by MARS UG:11-14

software versions

supported by MARS and Security Manager UG:11-15

versions supported for policy lookup

by MARS and Security Manager UG:11-10

with multiple contexts UG:11-4

device support

define custom devices UG:14-3

device support framework

definition of UG:14-3

device support package

checksum protection UG:14-23

define a device type UG:14-7

defined UG:14-2

events about UG:14-28

export UG:14-24

overview UG:14-6

import UG:14-20

password protection UG:14-27

provider definition UG:14-5

provider information

define UG:14-4

remove UG:14-28

reports about UG:14-28

device type

create custom UG:14-7

custom

overview UG:14-5

defined UG:14-1

edit custom/local UG:14-17

extend existing UG:14-18

add event types UG:14-18

derive from UG:14-18

device types

override existing

edit parser UG:14-17

diagnostics

beep codes HIG:5-22

diagrams

attack UG:7-18

disaster recovery

overview IG:6-16

planning failover IG:6-23

discovering networks

automatic DCG:1-20

discovery

scheduling DCG:1-20

updating DCG:1-20

display format

query UG:8-4

displays

refreshing UG:7-21

DNS

configuration settings IG:2-15

documentation

conventions DCG:i-xv

ordering DCG:i-xvi

related to this product IG:i-viii, HIG:i-xiii

typographical conventions in HIG:i-viii

drop rule

activate and inactive UG:4-18

drop rules

adding UG:4-19

editing UG:4-19

drop rule status

changing UG:4-18

DVD IG:6-17, HIG:3-10

dynamic information UG:9-12

E

editing

drop rules UG:4-19

host information UG:6-7

inspection rules UG:4-15

IP groups UG:6-4

service UG:6-10

user UG:6-15

electrostatic discharge

protecting against HIG:3-5

e-mail settings

define system administrative account IG:2-16

error messages

policy table lookup from MARS

connection setup syslog unavailable UG:11-13

connection teardown events in realtime viewer UG:11-13

error messages, list of IG:A-15, DCG:25-16

eth0 IG:2-14

define settings IG:2-7

eth1 IG:2-14

define settings IG:2-8

Ethernet connectors HIG:1-24, HIG:2-11

ethernet device change command CR:1-14

event action filter

saving as a local policy UG:11-34

event groups UG:6-3

event log

changing pulling time interval for Windows DCG:35-11

event management UG:6-2

editing UG:6-2

events per second

deployment planning IG:1-1

expired

accounts UG:13-4

expired certificate UG:12-9

F

failover

configure standby server IG:6-23

false positives

tuning UG:9-6

types UG:9-9

file system consistency check IG:5-8

during reboot IG:5-8

filter

modem HIG:3-8, HIG:4-10, HIG:5-22

fingerprint validation UG:12-7

FIPS PCI Card CR:1-19

flash disk-on-module (DOM), see flash drive IG:6-17

flash drive

configuration saved on IG:6-18

corruption IG:6-18

fsck, see file system consistency check IG:5-8

FWSM

supported software versions

for policy and events lookup UG:11-15

with multiple contexts UG:11-4

G

gateways

intermediate

allowing flows between MARS and devices UG:11-14

getting started

initial configuration IG:2-1

Global Controller

adding Local Controllers to IG:3-3

adding Security Manager to UG:11-16

and Local Controllers UG:4-1, UG:4-4, UG:7-1, IG:3-15

Network Summary page UG:7-1

queries UG:8-2

reimaging guidelines IG:6-24

rules UG:4-1, UG:4-4

user management UG:6-12

H

hard drive

failure alert HIG:5-11

hotswap procedure for MARS 55, 110R, 110, 210, GC2R, and GC2 HIG:5-16

raidstatus command HIG:5-10

replacing in carrier HIG:5-20

slot number diagram, MARS 55, 110R, 110, 210, GC2R, and GC2 HIG:5-15

hardware

Cat 5 crossover cable HIG:3-10

status HIG:4-11

hardware maintenance

MARS 100, 100E, 200, GCM, GC HIG:5-1, HIG:6-1

MARS 55, 110, 110R, 210, GC2R, GC2 HIG:5-8

help

system, displaying CR:6-vi

hostname

define for appliance IG:2-9

host routes

adding IG:2-10

deleting IG:2-10

hosts

adding UG:6-5

editing UG:6-7

Hot Spot Graph UG:7-18

hot swap

configure standby server IG:6-23

hotswap

hard drives HIG:5-10

power supply HIG:5-21

procedure for MARS 55, 110R, 110, 210, GC2R, and GC2 HIG:5-16

humidity, operating HIG:1-4, HIG:1-6, HIG:3-6

I

ICMP connection-related messages

access rule lookup from MARS UG:11-6

idle session timeout

of Security Manager

authentication of MARS UG:11-11

policy table lookup UG:11-11

IDSM-2 modules

supported software versions

for policy and events lookup UG:11-15

Incident Details page UG:9-4

incidents UG:7-16

defined UG:9-1

incident path UG:9-4

incident vector UG:9-4

instances UG:9-7

mitigation UG:9-11

page UG:9-2

incident table UG:9-6

initial configuration IG:2-1

inspection rule

activate and inactive UG:4-14

inspection rules

adding UG:4-16

editing UG:4-15

inspection rule status

changing UG:4-14

installation

cables, connecting HIG:4-10

creating a safe environment HIG:3-7

installing in a rack HIG:4-2

network, setting up HIG:3-9

power source, connecting to HIG:4-10

precautions for rack-mounting HIG:3-8

preparation HIG:3-1

preparing for

LAN options, precautions for HIG:3-9

modems, precautions for HIG:3-9

telecommunications, precautions for HIG:3-9

safety HIG:3-1

site preparation HIG:3-5

tools and equipment required HIG:3-9

interface names IG:2-14

Internal upgrade server, preparing for use IG:5-19

Internet Explorer

accessing MARS GUI using

for signature policy lookup UG:11-33

interoperability

local controllers and global controllers IG:3-2

IOS IPS sensors

supported software versions

for policy and events lookup UG:11-15

IP address

defaults for MARS IG:2-5

IP groups

adding UG:6-4

editing UG:6-4

IP management UG:6-3

adding

hosts UG:6-5

IP range UG:6-5

network UG:6-5

variable UG:6-5

filter list UG:6-4

IPS

Global Correlation Score UG:8-10

IOS IPS DCG:16-5

Risk Rating UG:8-10

Threat Rating UG:8-10

virtual sensor DCG:4-5

IPS sensors

supported software versions

for policy and events lookup UG:11-15

IPS signature

policy lookup UG:11-38

IPS signature policy

go to from MARS events UG:11-28

IPS signature policy lookup

device lookup query UG:11-5

device software versions

supported for UG:11-15

issues UG:11-8

looking up devices in MARS UG:11-4

overview UG:11-8

L

L2 attack path UG:9-6

L3 attack path UG:9-6

LAN options

precautions for HIG:3-9

license

5.x software IG:2-11

license key IG:2-11

5.x software IG:2-11

importing IG:2-13

locating on chassis HIG:2-2

license key, recovery IG:A-2

Linux host, bootstrap DCG:35-2

loading

MARS

seed file DCG:1-37

Local Controller UG:4-1, UG:4-4, UG:7-1, IG:3-15

adding Security Manager to (procedure) UG:11-20

queries UG:8-2

Security Manager not added to

user credential fields UG:11-20

standalone mode reset CR:1-55

Local User Setup page

defining

MARS user account UG:11-22

log files

viewing UG:12-2

logging levels UG:12-1

Logging Off IG:4-3

logging off IG:4-3

logging traffic

between MARS and monitored devices

enabling UG:11-14

login

default IG:2-12

login credentials

of Security Manager

saved in MARS during policy lookup UG:11-11

Login Failure

procedure to unlock UG:13-16

log keyword

output details UG:11-7

Logon Banner UG:7-9

logs

viewing at console IG:4-6

log template

See device event type

M

management

events UG:6-2

IP UG:6-3

service UG:6-8

user UG:6-11

management traffic

between MARS and monitored devices

enabling UG:11-14

MARS

audit trail UG:12-2

devices

identifying for policy lookup UG:11-14

running supported software for lookup UG:11-14

device software versions

supported for policy lookup UG:11-10

integration with Security Manager UG:11-1

log files UG:12-2

MARS appliance

administering IG:4-1

disaster recovery IG:6-16

license key IG:2-11

log in IG:2-11

log off via console IG:4-3

log on via console IG:4-1

name of IG:2-14

reboot from console IG:4-3

reset password IG:4-2

shutdown via console IG:4-3

time synchronization

recommendation UG:11-14

upgrade IG:5-3

MARS events

for connection teardown

in realtime event viewer UG:11-13

generated by management traffic UG:11-13

MARS software

version IG:A-2

Matched Rule UG:9-4

matching rules

not found

during policy lookup UG:11-13

Microsoft Windows host, bootstrap DCG:35-4

mitigation

definition UG:9-11

Modems

line impedance matching filter HIG:3-8, HIG:4-10, HIG:5-22

modems

precautions for HIG:3-9

N

NAC, AAA server support DCG:25-1

NAC Appliance

define appliance manually DCG:22-2

navigating

to other MARS pages

from read-only access rule table UG:11-35

NetFllow, enable processing DCG:19-7

NetFlow

Global NetFlow UPD Port DCG:19-8

NetFlow,enable processing DCG:19-8

NetFlow,examined networks DCG:19-9

NetFlow, store ASA NetFlow DCG:19-8

NetFlow flows per second

deployment planning IG:1-1

NetFlow Security Event Logging UG:11-3, UG:11-5

NetScreen

IDP 2.x DCG:3-1

IDP 3.x DCG:3-1

IDP 4.0 DCG:3-1

IDP-Management Server DCG:3-1

Security Manager DCG:3-1

network discovery

auto-populate MARS DCG:1-16

exceptions to discovery DCG:1-17

how it works DCG:1-17

restricting list DCG:1-19, DCG:1-20

SNMP DCG:1-17

work around exceptions DCG:1-17

network routes

adding IG:2-10

deleting IG:2-10

Network Status tab

Incidents UG:7-20

Top Destinations UG:7-21

Top Event Types UG:7-21

Top Sources UG:7-21

NFS Server

Linux IG:6-9

notification traffic

between MARS and monitored devices

enabling UG:11-14

NTP

configuration settings IG:2-10

O

operating ranges

environmentals HIG:3-6

optimizing queries UG:12-11

Order/Rank By UG:8-6

order by UG:8-6

P

packaging

contents HIG:3-9

pager UG:6-14

adding UG:5-15

parser template

defined UG:14-1

password

change default UG:12-7

default IG:2-12

device support package protection UG:14-27

recovery IG:4-2, IG:6-17

resetting IG:4-2

pattern

key UG:14-11

value UG:14-11

personnel qualifications warning IG:i-vii, HIG:i-vii

personnel training warning IG:i-vii, HIG:i-vii

PIX

add to MARS DCG:18-14

bootstrapping DCG:18-2

security context

add discovered DCG:18-19

define reporting options for DCG:18-20

make MARS aware of DCG:18-17

PIX firewalls

supported software versions

for policy and events lookup UG:11-15

PIX Security Appliance, see PIX DCG:18-1

pnadmin account, recovery IG:6-17

PN Log agent DCG:25-8

PN Log Agent, error messages DCG:25-11

pnlog show command IG:4-6

pnstatus,service and process descriptions IG:A-12

policy query login dialog box

saving Security Manager credentials UG:11-11

policy table lookup UG:11-1, UG:11-2

checklist for UG:11-14

device lookup query UG:11-5

devices with multiple contexts UG:11-4

issues UG:11-8

ports

required flows IG:1-2

used by MARS IG:1-2

power cords HIG:3-10

powering up HIG:4-10

processes, see services. IG:A-12

provider configuration

define custom values UG:14-4

public networks DCG:1-19

Q

queries

action

ANY UG:8-12

display format UG:8-4

use only firing events UG:8-7

filter by time UG:8-6

interface UG:8-2

of Security Manager policies from MARS events UG:11-1

operation

AND UG:4-11

FOLLOWED-BY UG:4-11

none UG:4-11

OR UG:4-11

optimizing UG:12-11

rank by UG:8-6

rule UG:8-12

ANY UG:8-12

service

ANY UG:8-9

defined services UG:8-9

service variables UG:8-9

types of UG:8-3

Query page UG:8-1

R

rack-mounting

precautions for HIG:3-8

rack rails HIG:3-10

rail kit

AXXBASICRAIL13 HIG:4-2

AXXHERAIL2 HIG:4-2

rail-kit

two-post installation HIG:4-2

raw messages

archive folder location UG:12-3

file name format UG:12-4

maximum size stored UG:12-3

retrieving from archive server UG:12-3

read-only access rule table

UG:11-34

navigating to Access Rules page UG:11-35

navigating to other MARS pages UG:11-35

realtime event viewer

access rule lookup

for connection teardown events UG:11-13

Rebooting IG:4-3

rebooting IG:4-3

recovery

CD ROM IG:6-16

DVD IG:6-17

password IG:6-16, IG:6-17

re-image Global Controller IG:6-20

re-image Local Controller IG:6-19

restore data IG:6-22

restore OS IG:6-17

recovery DVD

burn bootable IG:6-17

burn speed guideline IG:6-17

download from IG:6-17

format guidelines IG:6-17

restore Global Controller IG:6-20

restore Local Controller IG:6-19

restore OS to flash drive IG:6-18

recovery management IG:6-16

re-imaging hard drive IG:6-19, IG:6-20

removing

user UG:6-15

reporting device

custom UG:14-1

device type UG:14-5

custom appliance definition UG:14-18

custom software definition UG:14-19

unsupported UG:14-1

receiving events from UG:14-2

reporting devices

custom UG:14-3

reports

adding UG:8-29, UG:8-30

charts and graphs UG:8-29

delete UG:8-31

duplicate UG:8-32

edit UG:8-31

new UG:8-29, UG:8-30

type views UG:8-27

csv UG:8-28

peak UG:8-28

recent UG:8-28

total UG:8-28

viewing UG:8-21, UG:8-31

restore

range of days IG:6-24

routes

adding IG:2-10

deleting IG:2-10

rules

destination IP

ANY UG:4-7

devices UG:4-7

DISTINCT UG:4-7

IP addresses UG:4-7

IP ranges UG:4-7

Network Groups UG:4-7

networks UG:4-7

SAME UG:4-7

variables UG:4-7

device UG:4-10

ANY UG:4-9

Unknown Reporting Device UG:4-9

variables UG:4-9

event type grouping UG:4-9

event types UG:4-9

ANY UG:4-9

variables UG:4-9

reported user

ANY UG:4-10

Invalid User Name UG:4-10

NONE UG:4-10

variables UG:4-10

service

ANY UG:4-8

defined groups UG:4-8

defined services UG:4-8

service variables UG:4-8

severity

ANY UG:4-11

green UG:4-11

red UG:4-11

yellow UG:4-11

source IP

devices UG:4-7

IP addresses UG:4-7

IP ranges UG:4-7

Network Groups UG:4-7

networks UG:4-7

variables UG:4-7

runtime logging UG:12-1

S

safety

electrostatic discharge HIG:3-5

general precautions HIG:3-3

installation HIG:3-1

preventing EMI HIG:3-5

warnings and cautions HIG:3-1

with electricity HIG:3-4

scheduled activities

archive intervals IG:6-5

scheduling

discovery DCG:1-20

search domains IG:2-16

Secure Syslog DCG:19-6

security contexts

add discovered DCG:18-19

define reporting options DCG:18-20

make MARS aware of DCG:18-17

security guidelines

obtaining DCG:i-xvi

see CVE 25-2 UG:6-2

seed file

credentials

bulk update DCG:1-37

CSV file DCG:1-31

loading DCG:1-37

See syslog messages

self-signed certificate IG:2-12

serial cable HIG:3-10

service

adding UG:6-10

deleting UG:6-10

editing UG:6-10

editing groups UG:6-9

service group

adding UG:6-9

service management UG:6-8

service provider

adding UG:5-15, UG:6-14

services

adding group UG:6-9

determine status IG:4-4

expected differences in Global Controller IG:4-4, IG:5-9, IG:A-12, CR:1-62

expected status IG:4-4, IG:5-9, IG:A-12, CR:1-62

list of IG:A-12

starting system IG:4-6

stopping system IG:4-6

setting

runtime logging levels UG:12-1

Severity icons UG:9-4

Short Message Service

See SMS

shutting down IG:4-3

signature ID

parsed from IPS event messages

for signature policy lookup from MARS UG:11-8

signature policy lookup

from MARS events (procedure) UG:11-29

signature policy lookup page UG:11-39

signatures

looking up from events UG:11-28

modifying UG:11-8

Simple Network Management Protocol

See SNMP

site preparation HIG:3-5

SNMP DCG:1-17

SNMP RO, unsupported characters DCG:1-10, DCG:1-34

SNMPv1

RO community string DCG:1-13, DCG:1-18

SNMPv3

authentication protocol DCG:1-13, DCG:1-18

context name DCG:1-14, DCG:1-19

privacy protocol DCG:1-14, DCG:1-18

security level DCG:1-13, DCG:1-18

Snort

syslog format expectation DCG:6-1

Solaris host, bootstrap DCG:35-2

SSH

fingerprint validation UG:12-7

SSL

certificate validation UG:12-7

self-signed IG:2-12

stacked charts UG:7-21

starting

archiving IG:6-14

system services IG:4-6

static information UG:9-12

status, determining system IG:4-4

stopping

archiving IG:6-15

subsignature ID

parsed from IPS event messages

for signature policy lookup from MARS UG:11-8

support

obtaining DCG:i-xvi

support information

collecting IG:A-3

get_mars_summary_info.sh script IG:A-3

pnlog mailto

contents of IG:A-4

supporting devices

deployment planning IG:1-1

syntax of commands, checking CR:6-vi

syslog

mapping to policy UG:11-1

syslog messages

changing the severity level UG:11-7

format UG:11-7

for Packet Data events UG:11-8

IDs UG:11-7

system administrative account IG:2-12

system log messages

T

telecommunications, precautions for HIG:3-9

telephone cable HIG:3-10

temperature, operating HIG:1-4, HIG:1-6, HIG:2-4, HIG:3-6

Timeout Interval, setting for GUI and CLI UG:7-7

Topology

toggle device display UG:7-20

traffic flows

between MARS and devices

enabling UG:11-14

troubleshoot

cannot add device IG:A-3

delete device IG:A-3

error messages IG:A-15, DCG:25-16

password recovery IG:A-2

re-add device IG:A-3

rename device IG:A-3

troubleshooting

Cisco Secure ACS integration DCG:25-15

tuning

false positives UG:9-6, UG:9-10

turning on

appliance HIG:4-10

typographical conventions in this document HIG:i-viii

U

Unknown Device Event Type

custom signatures and UG:11-8

unlock

after login failure UG:13-16

CLI command

after login failure UG:13-4, CR:1-105

updates

software updates IG:2-18

upgrade

burn CD-ROM IG:5-18

checklist IG:5-3

determine upgrade path IG:5-7

download packages IG:5-19

from CLI IG:5-22

from GUI IG:5-13

Local Controller from Global Controller IG:5-16

periodic system consistency checks IG:5-8

prepare internal server IG:5-19

proxy settings IG:5-20

use only firing events UG:8-7

user

adding UG:5-13, UG:6-12

editing UG:6-15

removing UG:6-15

user credentials

Reporting Applications tab of MARS

different from those in User Configuration page UG:11-10

user group

adding UG:6-15

user management UG:6-11

roles defined UG:6-11

user roles

for policy lookup from MARS UG:11-16

V

validation

fingerprint UG:12-7

valid networks DCG:1-19

variables UG:4-7

version

IPS signature version

determine IG:A-2

MARS software IG:A-2

viewing

security incidents UG:11-1

W

warnings

regarding

batteries and explosion danger HIG:3-3

chassis, opening HIG:3-3

chassis, working on HIG:3-2

disposal of unit HIG:3-3

explosion HIG:3-3

faceplates and cover panels, removing HIG:3-3

ground conductor, defeating HIG:3-3, HIG:3-7

installation area HIG:3-7

instructions, reading HIG:3-2

lightning activity HIG:3-2, HIG:4-10

On/Off switch HIG:3-2

power cords, more than one HIG:3-2

rack-mounting equipment HIG:3-2, HIG:3-8

safety cover HIG:3-2

short circuits HIG:3-3, HIG:3-8

training and qualifications of personnel working on unit IG:i-vii, HIG:i-vii

significance of DCG:i-xvi

translations of HIG:3-2

Windows Services for UNIX IG:6-5

create share IG:6-7

enable logging IG:6-8

install IG:6-6

Z

Zone IG:2-15