Enterasys Intrusion Prevention System Manuals

Manuals and User Guides for Enterasys Intrusion Prevention System. We have 2 Enterasys Intrusion Prevention System manuals available for free PDF download: Manual, Reporting Manual

Enterasys Intrusion Prevention System Manual (260 pages)

Network Sensor Policies and Signatures Guide

Brand: Enterasys | Category: Software | Size: 7.74 MB

Table of Contents
9
About this Guide

13
- Intended Audience
  13
- Version Support
  13
- Related Documents
  13
- Conventions
  14
- Getting Help
  14
Chapter 1: Network Sensor Overview

15
- Enterasys IPS Network Sensors
  15
  - Virtual Network Sensors
    16
- Network Sensor Policies
  16
  - Network Sensor Policy Modules
    18
- Network Sensor Signatures
  23
  - Signature Libraries and Event Groups
    24
  - Basic and Extended Signatures
    28
- Configuring Port Macros
  28
  - Procedure
    29
Chapter 2 : Creating Network Sensor Policies

31
- Creating New Policies
  31
- Creating New Policies
  32
- Copying Existing Policies
  33
- Configuring the Application Filter Module
  33
  - General Settings Tab
    34
  - IP Settings Tab
    36
  - Port Settings Tab
    38
  - Protocol Settings Tab
    41
  - VLAN Settings Tab
    43
  - Probe Settings Tab
    44
  - Rule Settings Tab
    46
  - Signature Settings Tab
    48
- Configuring the Covert Channel Analysis Module
  50
  - Backdoor Settings
    50
  - Fast ICMP Settings
    51
  - Enable Loki Check Setting
    51
  - Procedure
    51
- Configuring the Dos Check Module
  52
  - Procedure
    53
- Configuring the Dragon Filter Module
  54
  - Writing a Filter Rule
    55
  - Procedure
    56
- Configuring the Dynamic Module
  58
  - Procedure
    58
- Configuring the Header Search Module
  59
  - Specifying Search Strings
    59
  - Procedure
    60
  - Example
    61
- Configuring the Logging Module
  61
  - Procedure
    62
- Configuring the Network Layer Module
  63
  - General Settings Tab
    64
  - Log Option Tab
    69
  - Log Protocol Tab
    71
  - Log Frag Tab
    72
  - Log Static Tab
    74
  - Log Broadcast Tab
    76
- Configuring the Probe Detection Module
  77
  - Procedure
    78
- Configuring the Protocol Analysis Module
  80
  - DNS Analysis Configuration
    81
  - FTP Analysis Configuration
    84
  - Finger Analysis Configuration
    86
  - H.225 Analysis Configuration
    88
  - H.245 Analysis Configuration
    91
  - HTTP Analysis Configuration
    93
  - ICMP Analysis Configuration
    96
  - MGCP Analysis Configuration
    99
  - RIP Analysis Configuration
    102
  - RPC Analysis Configuration
    104
  - SIP Analysis Configuration
    108
  - SMB Analysis Configuration
    111
  - SNMP Analysis Configuration
    113
  - Telnet Analysis Configuration
    115
- Configuring the SNMP Trap Module
  118
  - Procedure
    118
- Configuring the TCP State Module
  119
  - Procedure
    119
- Configuring the Transport Layer Module
  121
  - General Settings Tab
    121
  - Stream Rebuilding Tab
    124
  - Flags Tab
    126
  - Log Syn Tab
    127
  - Log Session Tab
    129
  - Log Start Stop Tab
    131
  - Log Destination Tab
    133
  - Log Server Tab
    135
  - Log Syn Pattern Tab
    138
  - Log Pairs Tab
    139
Chapter 3: Creating Network Sensor Signatures

143
- Signature Overview
  143
  - Resource-Based Signatures
    143
  - Suspicious Traffic
    144
  - Server Messages
    144
  - Indirect Signatures
    144
  - Tips for Creating Signatures
    145
- Creating Custom Signature Libraries
  147
- Creating Custom Signatures
  154
  - Configuring Basic Signature Properties
    156
  - Configuring Extended Signature Properties
    163
  - Setting Event Limits
    165
  - Enhanced Pattern Matching Capabilities
    165
  - Extended Settings Tab
    170
  - Network Layer Tab
    172
  - Transport Layer Tab
    174
  - Application Layer Tab
    178
- Creating Custom Event Groups
  185
- Example of Signature Creation
  186
Appendix A: Keywords/Xml Attributes

195
- 6.X to 7.X Mappings
  195
- Network Sensor Signature Fields
  254
- Host Sensor Mappings
  255
- Agent Mappings
  255
Index

257

Enterasys Intrusion Prevention System Reporting Manual (122 pages)

Analysis and Reporting Guide

Brand: Enterasys | Category: Software | Size: 9.65 MB

Table of Contents
7
About this Guide

11
- Intended Audience
  11
- Version Support
  11
- Related Documents
  11
- Conventions
  12
- Getting Help
  12
Chapter 1: Getting Started

13
- Starting Enterasys IPS Reporting
  13
- Displaying Interactive Reports
  16
  - 24 Hours Reports
    16
  - Top N Reports
    18
  - Trending Reports
    20
  - Creating and Editing Report Filters
    22
- Creating and Viewing User Defined Reports
  23
  - Creating a User Defined Report
    23
  - Viewing Generated Reports
    25
- Finding Events
  25
- Viewing Database Restore Status
  26
Chapter 2: System Dashboard

27
- System Dashboard Overview
  27
- The Views Panel
  28
- The Tabbed Panel
  30
  - Systems Tab
    30
  - Sensors Tab
    33
  - Interfaces Tab
    35
  - Ems/Reporting Tab
    37
- Customizing the Dashboard Interface
  38
- Platform-Specific Dashboard Details
  46
  - Unix and Linux Systems
    46
  - Windows Systems
    46
Chapter 3: 24 Hours Reports

49
- Event Summary Report
  49
- Event Log Report
  50
- Setting Display Preferences
  52
- Customizing 24 Hours Report Tables
  52
Chapter 4: Top N Reports

55
Chapter 5: Trending Reports

61
- Daily Event Rate Report
  61
- Event Growth Report
  65
  - Selecting a Chart Type
    67
  - Defining an Event Growth Report
    69
Chapter 6: Event Table Pane

71
- Displaying Data in the Event Table Pane
  71
- Customizing the Event Table Display
  73
  - Setting Display Preferences
    73
  - Resizing Columns
    74
  - Moving Columns
    74
  - Sorting, Filtering, and Grouping in Columns
    74
  - Exporting Tables in CSV Format
    76
Chapter 7: Event Details

77
Chapter 8: Viewing a PCAP File for an Event

81
Chapter 9: User Defined Reporting

83
- Creating a User Defined Report
  83
- Viewing Generated Reports
  85
Chapter 10: Preferences

87
- Schedule Preferences
  87
- Configuring Session Time-Out
  88
Chapter 11: Legacy Reporting

89
- Legacy Reporting Tools
  89
  - Dragon Realtime Console
    89
  - Dragon Forensics Console
    90
  - Dragon Trending Console
    90
  - Dragon Executive Reporting
    90
  - Ipv6 Support in Legacy Tools
    90
- Accessing the Legacy Reporting Tools
  91
  - Main Window
    91
- Using the Realtime Console
  94
  - Using the Console
    94
  - Analyzeevent
    95
  - Chartgroups
    95
  - Graphevents and Graphscores
    96
  - Eventdetail
    97
  - Eventsbygroup
    98
  - Eventsbynetworksensor
    98
  - Eventsscoredbyip
    99
  - Summarybyip
    99
  - Eventsummary
    99
  - Summarybydirection
    101
  - Summarylast7Days
    101
  - Summarybygroup
    101
  - Creating Custom Queries
    102
  - Filter Management
    104
  - Load Events
    105
  - Realtime Status
    106
- Using the Forensics Console
  106
  - Reviewing Forensics
    106
  - Notes Option
    109
- Using the Trending Console
  110
  - Event Summaries
    110
  - IP Address Summaries
    112
  - Event Details
    113
  - Creating Additional Reports
    114
- Using Executive Reporting
  116
- Managing Reports
  117
  - Save All Reports
    117
  - Viewing Saved Reports
    118
  - Report Examples
    118

Enterasys Categories

Switch

Network Router Network Hardware Wireless Access Point Software

More Enterasys Manuals

Enterasys Intrusion Prevention System Manuals

Enterasys Intrusion Prevention System Manual (260 pages)

Table of Contents

About this Guide

Chapter 1: Network Sensor Overview

Chapter 2 : Creating Network Sensor Policies

Chapter 3: Creating Network Sensor Signatures

Appendix A: Keywords/Xml Attributes

Index

Enterasys Intrusion Prevention System Reporting Manual (122 pages)

Table of Contents

About this Guide

Chapter 1: Getting Started

Chapter 2: System Dashboard

Chapter 3: 24 Hours Reports

Chapter 4: Top N Reports

Chapter 5: Trending Reports

Chapter 6: Event Table Pane

Chapter 7: Event Details

Chapter 8: Viewing a PCAP File for an Event

Chapter 9: User Defined Reporting

Chapter 10: Preferences

Chapter 11: Legacy Reporting

Related Products

Enterasys Categories