Sign In
Upload
Manuals
Brands
Enterasys Manuals
Software
Intrusion Prevention System
Enterasys Intrusion Prevention System Manuals
Manuals and User Guides for Enterasys Intrusion Prevention System. We have
2
Enterasys Intrusion Prevention System manuals available for free PDF download: Manual, Reporting Manual
Enterasys Intrusion Prevention System Manual (260 pages)
Network Sensor Policies and Signatures Guide
Brand:
Enterasys
| Category:
Software
| Size: 7.74 MB
Table of Contents
Table of Contents
9
About this Guide
13
Intended Audience
13
Version Support
13
Related Documents
13
Conventions
14
Getting Help
14
Chapter 1: Network Sensor Overview
15
Enterasys IPS Network Sensors
15
Virtual Network Sensors
16
Network Sensor Policies
16
Network Sensor Policy Modules
18
Network Sensor Signatures
23
Signature Libraries and Event Groups
24
Basic and Extended Signatures
28
Configuring Port Macros
28
Procedure
29
Chapter 2 : Creating Network Sensor Policies
31
Creating New Policies
31
Creating New Policies
32
Copying Existing Policies
33
Configuring the Application Filter Module
33
General Settings Tab
34
IP Settings Tab
36
Port Settings Tab
38
Protocol Settings Tab
41
VLAN Settings Tab
43
Probe Settings Tab
44
Rule Settings Tab
46
Signature Settings Tab
48
Configuring the Covert Channel Analysis Module
50
Backdoor Settings
50
Fast ICMP Settings
51
Enable Loki Check Setting
51
Procedure
51
Configuring the Dos Check Module
52
Procedure
53
Configuring the Dragon Filter Module
54
Writing a Filter Rule
55
Procedure
56
Configuring the Dynamic Module
58
Procedure
58
Configuring the Header Search Module
59
Specifying Search Strings
59
Procedure
60
Example
61
Configuring the Logging Module
61
Procedure
62
Configuring the Network Layer Module
63
General Settings Tab
64
Log Option Tab
69
Log Protocol Tab
71
Log Frag Tab
72
Log Static Tab
74
Log Broadcast Tab
76
Configuring the Probe Detection Module
77
Procedure
78
Configuring the Protocol Analysis Module
80
DNS Analysis Configuration
81
FTP Analysis Configuration
84
Finger Analysis Configuration
86
H.225 Analysis Configuration
88
H.245 Analysis Configuration
91
HTTP Analysis Configuration
93
ICMP Analysis Configuration
96
MGCP Analysis Configuration
99
RIP Analysis Configuration
102
RPC Analysis Configuration
104
SIP Analysis Configuration
108
SMB Analysis Configuration
111
SNMP Analysis Configuration
113
Telnet Analysis Configuration
115
Configuring the SNMP Trap Module
118
Procedure
118
Configuring the TCP State Module
119
Procedure
119
Configuring the Transport Layer Module
121
General Settings Tab
121
Stream Rebuilding Tab
124
Flags Tab
126
Log Syn Tab
127
Log Session Tab
129
Log Start Stop Tab
131
Log Destination Tab
133
Log Server Tab
135
Log Syn Pattern Tab
138
Log Pairs Tab
139
Chapter 3: Creating Network Sensor Signatures
143
Signature Overview
143
Resource-Based Signatures
143
Suspicious Traffic
144
Server Messages
144
Indirect Signatures
144
Tips for Creating Signatures
145
Creating Custom Signature Libraries
147
Signatures and Live Update
147
Creating a Custom Library
148
Copying Existing Signatures into a Custom Library
150
Using the Signature Filter Dialog
151
Creating Custom Signatures
154
Configuring Basic Signature Properties
156
Configuring Extended Signature Properties
163
Setting Event Limits
165
Enhanced Pattern Matching Capabilities
165
Extended Settings Tab
170
Network Layer Tab
172
Transport Layer Tab
174
Application Layer Tab
178
Creating Custom Event Groups
185
Example of Signature Creation
186
Appendix A: Keywords/Xml Attributes
195
6.X to 7.X Mappings
195
Network Sensor Signature Fields
254
Host Sensor Mappings
255
Agent Mappings
255
Index
257
Advertisement
Enterasys Intrusion Prevention System Reporting Manual (122 pages)
Analysis and Reporting Guide
Brand:
Enterasys
| Category:
Software
| Size: 9.65 MB
Table of Contents
Table of Contents
7
About this Guide
11
Intended Audience
11
Version Support
11
Related Documents
11
Conventions
12
Getting Help
12
Chapter 1: Getting Started
13
Starting Enterasys IPS Reporting
13
Displaying Interactive Reports
16
24 Hours Reports
16
Top N Reports
18
Trending Reports
20
Creating and Editing Report Filters
22
Creating and Viewing User Defined Reports
23
Creating a User Defined Report
23
Viewing Generated Reports
25
Finding Events
25
Viewing Database Restore Status
26
Chapter 2: System Dashboard
27
System Dashboard Overview
27
The Views Panel
28
The Tabbed Panel
30
Systems Tab
30
Sensors Tab
33
Interfaces Tab
35
Ems/Reporting Tab
37
Customizing the Dashboard Interface
38
Customizing the Views Panel
38
Customizing Tables in the Tabbed Panel
40
Resetting the Dashboard Interface to the Default Layout
45
Platform-Specific Dashboard Details
46
Unix and Linux Systems
46
Windows Systems
46
Chapter 3: 24 Hours Reports
49
Event Summary Report
49
Event Log Report
50
Setting Display Preferences
52
Customizing 24 Hours Report Tables
52
Resizing Columns
52
Moving Columns
52
Sorting, Filtering, and Grouping in Columns
52
Exporting Tables in CSV Format
54
Chapter 4: Top N Reports
55
Defining a Top N Report
55
Selecting the Top N Report Type
56
Event Breakdown of Data
58
Displaying Details for a Selected Event
59
Selecting a Chart Type
59
Chapter 5: Trending Reports
61
Daily Event Rate Report
61
Selecting a Display Type
62
Defining a Daily Event Rate Report
65
Displaying Details for a Selected Event
65
Event Growth Report
65
Selecting a Chart Type
67
Defining an Event Growth Report
69
Chapter 6: Event Table Pane
71
Displaying Data in the Event Table Pane
71
Customizing the Event Table Display
73
Setting Display Preferences
73
Resizing Columns
74
Moving Columns
74
Sorting, Filtering, and Grouping in Columns
74
Exporting Tables in CSV Format
76
Chapter 7: Event Details
77
Chapter 8: Viewing a PCAP File for an Event
81
Chapter 9: User Defined Reporting
83
Creating a User Defined Report
83
Viewing Generated Reports
85
Chapter 10: Preferences
87
Schedule Preferences
87
Configuring Session Time-Out
88
Chapter 11: Legacy Reporting
89
Legacy Reporting Tools
89
Dragon Realtime Console
89
Dragon Forensics Console
90
Dragon Trending Console
90
Dragon Executive Reporting
90
Ipv6 Support in Legacy Tools
90
Accessing the Legacy Reporting Tools
91
Main Window
91
Using the Realtime Console
94
Using the Console
94
Analyzeevent
95
Chartgroups
95
Graphevents and Graphscores
96
Eventdetail
97
Eventsbygroup
98
Eventsbynetworksensor
98
Eventsscoredbyip
99
Summarybyip
99
Eventsummary
99
Summarybydirection
101
Summarylast7Days
101
Summarybygroup
101
Creating Custom Queries
102
Filter Management
104
Load Events
105
Realtime Status
106
Using the Forensics Console
106
Reviewing Forensics
106
Notes Option
109
Using the Trending Console
110
Event Summaries
110
IP Address Summaries
112
Event Details
113
Creating Additional Reports
114
Using Executive Reporting
116
Managing Reports
117
Save All Reports
117
Viewing Saved Reports
118
Report Examples
118
Advertisement
Related Products
Enterasys IRM2
Enterasys Wireless Ethernet Adapter I
Enterasys I Series
Enterasys I3H252
Enterasys 2000
Enterasys 700
Enterasys 9034385
Enterasys ANG-1100 Series
Enterasys Aurorean 3.5
Enterasys Element Manager 2.2.1
Enterasys Categories
Switch
Network Router
Network Hardware
Wireless Access Point
Software
More Enterasys Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL