Filter Management - Enterasys Intrusion Prevention System Reporting Manual

Analysis and reporting guide

Hide thumbs Also See for Intrusion Prevention System:

Manual (260 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

page of 122

/ 122
Contents
Table of Contents
Bookmarks

Table of Contents

Using the Realtime Console

Table 11-1 Custom Query Field Usage and Description (Continued)

Field

Time Mode

Sensor Match, Group

Match

IP Match/Filter

You may click Reset to clear all field entries.

Click Execute.

The display area is populated with the results of your query.

Filter Management

You can add, edit, or delete filters. Filters are used to fine-tune event summaries.

Add Filters

To add filters:

Click Filter Management in the top left navigation area.

Select Filter Add from the pulldown menu.

Select the desired filter from the Filters pulldown menu.

Click Execute.

The display area is populated with entry fields for the selected field.

Enter the desired information in the fields.

11-16 Enterasys IPS Analysis and Reporting Guide

Description

The Time Mode field interacts with the Time Start/Stop field in the following ways:

• "hours" value selected: The number value placed in the Time Start field indicates

number of hours from the current time counting backwards to retrieve the

events. For example, if the value indicates 36, events in the past 36 hours are

retrieved.

• "start" value selected: only the value from the Time Start field is taken into

consideration. Events starting at that specified time are retrieved.

• "stop" value selected: only the value from the Time Stop field is taken into

consideration. Events up to that specified time are retrieved.

• "span" value selected: both values in the Time Start and Time Stop fields are

taken into consideration. Events that occurred between these times are

retrieved.

• "date" value selected: only the value specified in the Time Start field is taken into

consideration. Events that occurred only during the specified date are retrieved.

• "dates" value selected: both values in the Time Start and Time Stop fields are

taken into consideration. Events that occurred between the specified dates

(inclusive) are retrieved.

All other values ignore Time Start and Stop fields.

These are text fields specifying sensor and/or group names for the realtime filter.

They may contain one or more names of the sensor/group. If more than one name

is specified, the values must be separated by spaces.

These are text fields specifying IP address/mask for the realtime filter. One or more

values can be specified in theses fields. If more than one value is entered, the

values must be separated by spaces.

Note: The DefaultFilter refreshes the screen every minute.

Refresh mode is indicated by a

parentheses. For example, (1).

red number

in the upper right-hand corner of the screen in

Legacy Reporting

Table of Contents

Filter Management - Enterasys Intrusion Prevention System Reporting Manual

Filter Management

Related Manuals for Enterasys Intrusion Prevention System

Related Content for Enterasys Intrusion Prevention System

Table of Contents