|[ LiB ]|
Terms you'll need to understand:
Virtual Private Network (VPN)/Security Management Solution (VMS)
Table of contents (TOC)
Techniques you'll need to master:
Memorizing the installation requirements
Creating user authorization roles
Navigating the Security Monitor interface
Configuring event rules
Managing views with Event Viewer
Administering the database
Using Security Monitor reports
In the last chapter, you saw how you use the IDS Management Center (MC), a Web-based component of VMS, to manage and configure sensors and groups of sensors. Security Monitor, another component of VMS, complements IDS MC by providing a Web interface to monitor statistics, connections, and events. Anyone who has studied log files from firewalls, routers, or sensors can appreciate the need to filter, summarize, and quantify these logs into meaningful reports. This is exactly what the Security Monitor is designed to do, with a graphical user interface that simplifies what can otherwise be very complex tasks .
Features of the Security Monitor include the following:
Device monitoring The Security Monitor can receive and process Intrusion Detection System (IDS) events from the following Cisco IDS-capable devices: sensor appliances, Cisco Security Agent Management Center (CSA MC), IDS Modules (IDSMs), IOS Routers, and PIX Firewalls.
Web-based monitoring platform Because the Security Monitor is Web-based, you can view IDS events from a Web browser.
Custom-reporting capability The Security Monitor includes a wide range of reports that you can customize according to your specific reporting needs.
Security Monitor can receive and process IDS events from sensor appliances, CSA MC, IDSMs, IOS Routers, and PIX Firewalls.
In this chapter, we first go through the basics such as installation, accounts, authorization, and the interface layout. We then go through each of the four tab sheets, Device, Monitor, Reports, and Administration, with a focus on the Event Viewer in the Monitor, Events tab sheet.
|[ LiB ]|