Table Of Contents
Analysis Engine
About the Analysis Engine
Configuring the Virtual Sensor
Overview
Supported User Role
Field Definitions
Virtual Sensor Panel
Edit Virtual Sensor Dialog Box
Assigning Interfaces to the Virtual Sensor
Configuring Global Variables
Overview
Supported User Role
Field Definitions
Analysis Engine
This chapter explains the function of the analysis engine and how to assign interfaces to the virtual sensor. It contains the following sections:
•About the Analysis Engine
•Configuring the Virtual Sensor
•Configuring Global Variables
About the Analysis Engine
The analysis engine performs packet analysis and alert detection. It monitors traffic that flows through specified interfaces and interface pairs.
Configuring the Virtual Sensor
This section describes how to configure the virtual sensor, and contains the following topics:
•Overview
•Supported User Role
•Field Definitions
•Assigning Interfaces to the Virtual Sensor
Overview
The sensor can receive data inputs from one or many monitored data streams. These monitored data streams can either be physical interface ports or virtual interface ports. For example, a single sensor can monitor traffic from in front of the firewall, from behind the firewall, or from in front of and behind the firewall concurrently. And a single sensor can monitor one or more data streams. In this situation a single sensor policy or configuration is applied to all monitored data streams.
A virtual sensor can monitor multiple segments, and it lets you apply a different policy or configuration for each virtual sensor within a single physical sensor. You can set up a different policy per monitored segment under analysis.
Note IPS 5.0 only supports one virtual sensor, vs0.
You can assign interfaces or interface pairs to the virtual sensor and you can change the description of the virtual sensor, but you cannot add a virtual sensor or change the virtual sensor name.
Supported User Role
The following user roles are supported:
•Administrator
•Operator
•Viewer
You must be Administrator or Operator to configure the virtual sensor.
Field Definitions
This section lists the field definitions for the virtual sensor, and contains the following topics:
•Virtual Sensor Panel
•Edit Virtual Sensor Dialog Box
Virtual Sensor Panel
The following fields and buttons are found on the Virtual Sensor panel.
Field Descriptions:
•Name—The Name of the virtual sensor.
There is only one virtual sensor in IPS 5.0 and it is named "vs0."
•Assigned Interfaces (or Interface Pairs)—The interfaces or interface pairs that belong to this virtual sensor.
•Description—The description of the virtual sensor.
Button Functions:
•Apply—Applies your changes and saves the revised configuration.
•Reset—Refreshes the panel by replacing any edits you made with the previously configured value.
Edit Virtual Sensor Dialog Box
The following fields and buttons are found in the Edit Virtual Sensor dialog box.
Field Descriptions:
•Virtual Sensor Name—The name of the virtual sensor.
There is only one virtual sensor in IPS 5.0 and it is named "vs0."
•Description—The description of the virtual sensor.
•Available Interfaces (or Pairs)—The list of available interfaces or interface pairs that you can assign to the virtual sensor.
•Assigned Interfaces (or Pairs)—The list of interfaces or interface pairs that you have assigned to the virtual sensor.
Button Functions:
•Add—Adds the selected interface or interface pair to the Assigned Interfaces (or Pairs) list.
•Remove—Removes the selected interface or interface pair from the Assigned Interfaces (or Pairs) list.
Assigning Interfaces to the Virtual Sensor
To assign or remove an interface or interface pair from the virtual sensor, follow these steps:
Step 1 Click Configuration > Analysis Engine > Virtual Sensor.
The Virtual Sensor panel appears.
Step 2 Click Edit.
The Edit Virtual Sensor dialog box appears.
Step 3 To assign an interface or interface pair to the virtual sensor, select the interface or interface pair from the Available Interfaces (or Pairs) list, and click Add.
Step 4 To remove an interface or interface pair from the virtual sensor, select the interface or interface pair from the Assigned Interfaces (or Pairs) list, and click Remove.
Step 5 To change the description from "default virtual sensor," type a new description in the Description field.
Tip To discard your changes and close the Edit Virtual Sensor dialog box, click Cancel.
Step 6 Click OK.
The interface appears in the list on the Virtual Sensor panel.
Tip To discard your changes, click Reset.
Step 7 Click Apply to apply your changes and save the revised configuration.
Configuring Global Variables
This section describes how to configure global variables, and contains the following topics:
•Overview
•Supported User Role
•Field Definitions
Overview
You can configure global variables inside the analysis engine component. There is only one global variable: Maximum Open IP Log Files.
Supported User Role
The following user roles are supported:
•Administrator
•Operator
•Viewer
You must be Administrator or Operator to configure global variables.
Field Definitions
The following fields and buttons are found on the Global Variables panel.
Field Descriptions:
•Maximum Open IP Log Files—Maximum number of concurrently open IP log files.
The valid range is from 20 to 100. The default is 20.
Button Functions:
•Apply—Applies your changes and saves the revised configuration.
•Reset—Refreshes the panel by replacing any edits you made with the previously configured value.