Chapter 15. Enterprise IDS Monitoring with the Cisco Security Monitor for VMS

[ LiB ]  

Terms you'll need to understand:

  • Virtual Private Network (VPN)/Security Management Solution (VMS)

  • Security Monitor

  • Table of contents (TOC)

  • Event Viewer

  • Database rules

Techniques you'll need to master:

  • Memorizing the installation requirements

  • Creating user authorization roles

  • Navigating the Security Monitor interface

  • Monitoring events

  • Configuring event rules

  • Managing views with Event Viewer

  • Administering the database

  • Using Security Monitor reports

In the last chapter, you saw how you use the IDS Management Center (MC), a Web-based component of VMS, to manage and configure sensors and groups of sensors. Security Monitor, another component of VMS, complements IDS MC by providing a Web interface to monitor statistics, connections, and events. Anyone who has studied log files from firewalls, routers, or sensors can appreciate the need to filter, summarize, and quantify these logs into meaningful reports. This is exactly what the Security Monitor is designed to do, with a graphical user interface that simplifies what can otherwise be very complex tasks .

Features of the Security Monitor include the following:

  • Device monitoring The Security Monitor can receive and process Intrusion Detection System (IDS) events from the following Cisco IDS-capable devices: sensor appliances, Cisco Security Agent Management Center (CSA MC), IDS Modules (IDSMs), IOS Routers, and PIX Firewalls.

  • Web-based monitoring platform Because the Security Monitor is Web-based, you can view IDS events from a Web browser.

  • Custom-reporting capability The Security Monitor includes a wide range of reports that you can customize according to your specific reporting needs.

graphics/alert_icon.gif

Security Monitor can receive and process IDS events from sensor appliances, CSA MC, IDSMs, IOS Routers, and PIX Firewalls.


In this chapter, we first go through the basics such as installation, accounts, authorization, and the interface layout. We then go through each of the four tab sheets, Device, Monitor, Reports, and Administration, with a focus on the Event Viewer in the Monitor, Events tab sheet.

[ LiB ]  


CSIDS Exam Cram 2 (Exam 642-531)
CSIDS Exam Cram 2 (Exam 642-531)
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 213

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net