Chapter 2
Reporting and Mitigation Devices Overview
Table 2-3
Reporting and Mitigation Device Bootstrap Summary (continued)
Device Type/Name
Host IDS
Cisco Security Agent
McAfee Entercept
ISS RealSecure Host
Sensor
Anti-virus
Symantec AntiVirus
Cisco Incident Control
System (Cisco ICS),
Trend Micro Outbreak
Prevention Service
(OPS)
McAfee ePolicy
Orchestrator
Network Associates
VirusScan
Vulnerability Assessment
eEye REM
Qualys QualysGuard
Foundstone Foundscan
Host Operating Systems
Windows
Solaris
Redhat Linux
Web Server
Microsoft Internet
Information Server
Sun iPlanet
78-17020-01
Bootstrap Summary
Do one of the following:
Install and configure the SNARE agent
•
Create or edit an administrative account to
•
ensure that it has permissions to pull the event
data
—
—
—
—
Reference Information
Cisco Security Agent 4.x Device, page 7-5
Entercept Entercept 2.5 and 4.0, page 7-1
ISS RealSecure 6.5 and 7.0, page 6-17
Symantec AntiVirus Configuration, page 8-1
Cisco Incident Control Server, page 8-13
McAfee ePolicy Orchestrator Devices, page
8-8
McAfee ePolicy Orchestrator Devices, page
8-8
eEye REM 1.0, page 9-3
Qualys QualysGuard Devices, page 9-5
Foundstone FoundScan 3.0, page 9-1
Syslog (pushed by SNARE agent) or event
data pull using MS-RPC
Push Method: Configure Generic Microsoft
Windows Hosts, page 10-5
Pull Method: Configure the Microsoft
Windows Host, page 10-6
Syslog (from Device)
Sun Solaris and Linux Hosts, page 10-2
Syslog (from Device)
Sun Solaris and Linux Hosts, page 10-2
Syslog (from SNARE agent)
Install and Configure the Snare Agent for IIS,
page 12-1
HTTP (from MARS Agent)
Install and Configure the Web Agent on
UNIX or Linux, page 12-7
User Guide for Cisco Security MARS Local Controller
Bootstrap Summary Table
2-15