Analyzing Log Data

 < Day Day Up > 

Now that the behavior investigation log files have been sent to the analysis workstation (that is, the CSA MC), you can continue the process of investigating the target application. The continuation of your investigation procedure takes place on the CSA MC. When the job in the list displays a status of Log Data Available for Analysis, you can select the job by clicking its name, as shown in Figure 11-7.

Figure 11-7. Behavior Investigation Job Status Listing


After you have selected the job and entered the configuration page, notice that a new button has appeared at the bottom of the page: the Start Analysis button. Clicking this button generates the associated report (see Figure 11-8), which is discussed in the next section, and creates the associated policy if you have a license for the Rule Generation module. The Import button appears at the bottom of the page. You learn more about the Import button in the section "Creating Behavior Analysis Rule Modules" later in this chapter.

Figure 11-8. Start Analysis Button Appearance


     < Day Day Up > 


    Cisco Security Agent
    Cisco Security Agent
    ISBN: 1587052059
    EAN: 2147483647
    Year: 2005
    Pages: 145
    Authors: Chad Sullivan

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net