Table of Contents
Advertisement
Chapter 16
Policy Table Lookup on Cisco Security Manager
Task
Bootstrap the reporting devices and mitigation devices managed by Security Manager.
3.
For each device identified in Task 1., you must prepare, or bootstrap, that device to ensure that the desired
communications with MARS occur. Bootstrapping a device involves configuring the settings for that device,
based on its role in the STM system. Perform the following subtasks as applicable to a device type and its role:
Enable management of the device by the MARS Appliance for mitigation and access.
•
Turn on the correct logging level and logging services.
•
•
Direct the logs to the MARS Appliance.
Enable discovery of the device settings.
•
While many Cisco devices support the EMBLEM syslog format, this format is not compatible with MARS.
Note
As part of this task, you must verify that the devices are not reporting to the MARS Appliance using the
EMBLEM format.
You must configure the router and switch settings using the CLI, as Security Manager does not support those
features. However, for ASA, FSWM, and PIX, you can use the Security Manager user interface to configure the
management and log settings.
Any events published by a device to MARS prior to adding and activating the device in the web interface can
Tip
be queried using the reporting IP address of the device as a match criterion. This technique can be useful for
verifying that the device is properly bootstrapped.
You may also need to enable alternate settings on the to provide richer data. For more information on these possible
settings, see Task 5 in the
Result: The correct logging levels are enabled on the reporting devices and mitigation devices. The MARS
Appliance can receive or pull any necessary logs from those devices, and it can retrieve configuration settings
and push ACLS to the supported mitigation devices. While the MARS Appliance picks up and stores the events
it receives, it does not inspect them until the reporting devices and mitigation devices are defined and activated
in web interface.
For more information, see:
Device Inventory Worksheet, page 1-18
•
•
Bootstrap Summary Table, page 2-12
Cisco Router Devices, page 3-1
•
Cisco Switch Devices, page 3-9
•
User Guide for Cisco Security Manager 3.0
Understanding Device Credentials
•
See SNMP credentials.
Managing Firewall Devices
•
See device access, SNMP settings, logging policies, and static routes as needed.
Note
When defining SNMP settings for the FWSM and ASA, you should define these setting for the admin context.
Field definitions for the
•
Managing Routers
•
See device access, SNMP, 802.1x, NAC, and static routes as needed.
Using the Catalyst 6500/7600 Device Manager
•
See
Spanning Tree Settings
78-17020-01
Checklist for Provisioning Phase, page 1-2
(ASA, PIX, and FWSM)
Logging Policies
(ASA, PIX, and FWSM)
(Cisco IOS Routers)
(STP).
Checklist for Security Manager-to-MARS Integration
found in the
STM Task Flow Overview
(Cisco Switches)
User Guide for Cisco Security MARS Local Controller
chapter.
16-9
Advertisement
Table of Contents
Troubleshooting
