Understanding Application Behavior Investigation Components

 < Day Day Up > 

For application behavior investigation to be successful, a few of the CSA mechanisms must perform various actions. The CSA MC provides the first and last steps in the process, and the remotely deployed agent performs the steps in the middle.

The CSA MC starts the application behavior analysis process when the administrator configures an analysis job on the central console. The job configuration process requires information about which application or process you want to investigate along with other necessary configuration parameters, which you learn about in the next few sections. When the job is completely configured, it can be deployed to the remote agent through the normal agent polling process.

After the remote agent that is the target of the analysis job successfully polls into the CSA MC, it pulls its investigation orders local and begins analyzing the locally running application. The investigation occurs over a centrally defined interval, and the logged information is stored locally until the analysis is complete. Upon completion, the data can be transmitted back to the CSA MC for completion of the analysis process.

Upon receiving the investigative data from the remote agent, the CSA MC compiles the information into readable reports for further human analysis. These reports contain a wealth of information regarding the application and its interaction with the system and network. As an added step, the CSA MC can create a policy available for import into the policy database if you have a license installed for this feature. This policy will be an enforcement mechanism for the "normal" behavior demonstrated during the analysis process on the remote agent system.

     < Day Day Up > 


    Cisco Security Agent
    Cisco Security Agent
    ISBN: 1587052059
    EAN: 2147483647
    Year: 2005
    Pages: 145
    Authors: Chad Sullivan

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net