Ip Address Summaries - Enterasys Intrusion Prevention System Reporting Manual

Analysis and reporting guide

Hide thumbs Also See for Intrusion Prevention System:

Manual (260 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

page of 122

/ 122
Contents
Table of Contents
Bookmarks

Table of Contents

Using the Trending Console

Table 11-3 Event Summary Buttons (Continued)

Button

events

Click Apply.

The table at the bottom of the display area is populated with the selected criteria.

The Reset button clears any selected data.

If desired, sort the data by clicking on a column header or the item name.

Table 11-4 Event Summary Options

Column or Item

Date

Event Name

Event Name descriptor

# Events

Event numbers

Details

IP Address Summaries

You can manipulate data to show a variety of information that summarizes events by IP address.

To manipulate IP address summary data:

Click IP Address Summary in the top left navigation area.

The display area is populated with IP address Summary information in a display similar to

Event Summaries shown in

The activity summary Graph is at the top of the display area. For any query, the top seven

events are graphed over the specified query time period. Floating the mouse over the bar

graph reveals the actual number of events for the given event type. The graph can be shifted to

the left or right to expose hidden dates by clicking in the graph region and dragging the graph

left or right. To zoom in on a region of the graph, click on the graph while pressing the Ctrl

key and drag the mouse to select a region.

The top seven events are indexed in a legend to the left of the graph. Filtering certain events

can cause this graph and table to regenerate.

Select the desired information to view by clicking the navigation buttons and selecting the

desired item in the pulldown menu.

11-24 Enterasys IPS Analysis and Reporting Guide

Description

Any set of events can be filtered positively or negatively. Short event names, such as

TCP, can be used to search for other events such as TCP-SWEEP and TCP-FRAG.

Clicking on the blue circle question mark also lists all of the current event types in the

database. Multiple events can be specified by using the character, &. For example,

data can be specified as WEB & TCP & DNS.

Description

Sort by date.

Sort the events alphabetically by name.

A description of that event's signature.

Rank events by their most common occurrence.

The individual events that comprise the total. Upon clicking the number, the

Trending Console switches to the Event Detail tab and preloads all the

appropriate filter conditions. The query is then executed so that the event

detail is displayed for the selected line item.

Toggles the "Unique IPs and Most Active IPs" on and off.

Event Summaries

on page 11-22.

Legacy Reporting

Table of Contents

Ip Address Summaries - Enterasys Intrusion Prevention System Reporting Manual

IP Address Summaries

Related Manuals for Enterasys Intrusion Prevention System

Related Content for Enterasys Intrusion Prevention System

Table of Contents