Using Monitoring Center for Security 1.2 - Getting Started with Security Monitor [CiscoWorks Monitoring Center for Security]

Getting Started with Security Monitor
Accessing Security Monitor

Logging In to CiscoWorks
Starting Security Monitor
Roles and Permissions in Security Monitor

About the Security Monitor Interface

Understanding Security Monitor Interface Elements
Understanding Security Monitor Wizard Elements

Getting Started with Security Monitor

This section describes how to access Security Monitor, use the interface, and use the application. See the following topics to start using Security Monitor:

Accessing Security Monitor
About the Security Monitor Interface
Using Security Monitor

Accessing Security Monitor

To access Security Monitor, you must first log in to the CiscoWorks Server. After you are logged in to the CiscoWorks Server, you can start Security Monitor.

The features and functionality that you can access in Security Monitor depend upon the role of the user account that you used to log in to CiscoWorks. A role is a set of permissions for accessing application features.

See the following to learn how to access Security Monitor:

Logging In to CiscoWorks
Starting Security Monitor
Roles and Permissions in Security Monitor

Logging In to CiscoWorks

The CiscoWorks Server desktop is the interface for the CiscoWorks network management applications, including Security Monitor, IDS MC, and Firewall MC.

Before you log in, make sure that your browser is configured correctly for CiscoWorks.

Note If you have installed CiscoWorks and are logging in for the first time, you can use the "admin" username with the password you configured during installation. If you did not change the password for the "admin" account during installation, use the default password "admin" (without the quotation marks).

To log in to CiscoWorks, follow these steps:

Step 1 Access the CiscoWorks Server from your web browser.

The CiscoWorks Server login page appears.

Figure 2-1 CiscoWorks Server Login Page

Step 2 Enter your username in the Name field and your password in the Password field.

Step 3 Click Connect, or press Enter.

The CiscoWorks Server navigation menu replaces the Login Manager pane. You are now logged in.

Starting Security Monitor

The CiscoWorks Server desktop contains drawers for the installed applications. The drawers are present in the left pane.

To start Security Monitor, follow these steps:

Step 1 Log in to CiscoWorks Server.

Step 2 From the navigation tree, select VPN/Security Management Solution > Monitoring Center > Security Monitor.

Figure 2-2 Starting Security Monitor

Security Monitor starts in a new browser window.

Roles and Permissions in Security Monitor

The following roles, and associated permissions, are available when you use CiscoWorks authentication. If your CiscoWorks Server uses Cisco Secure ACS for authentication, contact your system administrator for information about available roles and permissions.

Help Desk—Using this type of account, you can view any report or alarm but cannot delete reports or alarms and cannot generate reports.
Approver—Using this type of account, you can view any report or alarm but cannot delete reports or alarms and cannot generate reports. In Security Monitor, this role is the same as the Help Desk role.
Network Operator—Using this type of account, you can view any report or alarm, delete reports and alarms, and generate reports.
Network Administrator—Using this type of account, you can view any report or alarm, delete reports and alarms, generate reports, and edit device configurations.
System Administrator—Using this type of account, you can edit anything in the system, view any report or alarm, delete reports and alarms, generate reports, and import lists (files) and notification scripts.

About the Security Monitor Interface

The Security Monitor interface is divided into tabs. The tabs provide access to main components of the application.

Complex tasks use wizards to guide you through the steps. Wizards typically contain multiple pages. Each page that appears depends upon the choices selected on the previous page.

For more information about using the various interface components, see the following topics:

Understanding Security Monitor Interface Elements
Understanding Security Monitor Wizard Elements

Understanding Security Monitor Interface Elements

Figure 2-3 shows the Security Monitor GUI elements.

Figure 2-3 Security Monitor GUI Elements

1	Path bar—Provides a context for the displayed page. Shows tab, option, and current page.	5	Tools—Contains the Close, Help, and About buttons. Close—Closes Security Monitor. Help—Opens a new window that displays context-sensitive help for the displayed page. The window also contains buttons that you use to go to the overall help contents, index, and search tool. About—Displays the version of the application.
2	TOC—Displays available suboptions, if available.	6	Instructions box—Provides a brief overview of how to use the page.
3	Options bar—Displays the options available for the selected tab.	7	Action buttons—Initiate actions or commands for this page. Buttons that do not work on a particular page are dimmed.
4	Tabs—Provide access to product functionality. Click a tab to access its options. Devices—Displays options for adding, editing, importing, and deleting monitored devices. Monitor—Displays options for monitoring device status and using Event Viewer. Reports—Displays options for generating, scheduling, and viewing reports. Admin—Displays options for administering database rules, system configuration, Event Viewer preferences, and event rules.

Understanding Security Monitor Wizard Elements

Wizards provide you with step-by-step instructions for performing tasks in Security Monitor. Figure 2-4 shows the wizard elements.

Figure 2-4 Security Monitor Wizard Elements

1	Wizard steps—Displays an ordered list of steps. Ellipses (...) mean the following steps depend on which option you select.	3	Action buttons—Initiate actions or commands for this page. Buttons that do not work on a particular page are dimmed. Some of the action buttons you may see in a wizard are: Back—Returns you to the previous page of the wizard. Next—Opens the next page of the wizard. Finish—Completes the wizard Cancel—Closes the wizard without making any changes.
2	Wizard page—The area in which you work. Displays the following types of information: Table—List of items and their components. Field—Area in which you enter values. Instructions box—A brief overview of how to use the page.

Using Security Monitor

The following checklist provides a basic workflow for using Security Monitor. The Step column contains a high-level task to perform, and the Reference column contains references to where you can find detailed procedures for accomplishing that task.

	Step	Reference
	1. Define the devices you will monitor. You must define the devices that you want to monitor, and then configure those devices to send security events to Security Monitor.	"Configuring Devices to Monitor"
	2. View the events received by Security Monitor. After you have defined the devices that you want to monitor, and configured those devices to send security information to Security Monitor, you can immediately use Event Viewer to see the events being sent to Security Monitor.	"Using the Event Viewer"
	3. Define notifications using Event Rules. Event Rules allow you to define specific events or conditions and to send an e-mail notification or run a script when those events or conditions are met.	"Defining Notifications"
	4. Define alarm and audit reports. Audit reports provide information about the server and application. Alarm reports provide information about monitored events.	"Defining and Viewing Reports"
	5. Maintain the server. Use Database Rules to manage the database. Update the IDS signatures to keep your system current.	"Maintaining Security Monitor"

Table of Contents