Chapter 2
Reporting and Mitigation Devices Overview
Table 2-4
Seed File Column Description (continued)
Column
Type
Column E
DEVICE TYPE
Column F
ACCESS TYPE
78-17020-01
Entry
The device type designator. (case insensative)
Some of the devices supported in the GUI cannot be entered via a
Note
CSV file.
Use the following strings represent the desired device type:
: for Cisco ASA devices
•
ASA
: for applaince running Cisco IPS 4.x (not modules)
•
CiscoIDS4x
: for appliance running Cisco IPS 5.x (not modules)
•
CiscoIPS5x
: for Cisco FWSM 2.3
•
FWSM
3: for Cisco FWSM 3.1
•
FWSM
: for Cisco PIX 6.0, 6.1, 6.2, and 6.3 devices
•
PIX
•
: for Cisco PIX 7.0 devices
PIX7X
•
: for Cisco IOS 12.2 (default)
IOS
•
: for Cisco Switch in Hybrid Mode
SWITCH-CATOS
: for Cisco Switch in Native Mode
•
SWITCH-IOS
: for Extreme ExtremeWare 6.x
•
EXTREME
: for ScreenOS 4.0 and 5.0
•
NETSCREEN
: for Window host
•
WINDOWS
: for Windows 2000 host
•
Windows2000
: for Windows 2003 host
•
Windows2003
•
: for Windows NT 4.x host.
WindowsNT
•
: for Solaris host
SOLARIS
: for Linux host
•
LINUX
In the case of host files, Linux, Solaris, and Windows, MARS is
Note
configured by default to receive events from the hosts specified in a
seed file. However, for a Windows host where the RPC settings are
also specified in the seed file, MARS will both pull and receive logs
from the host by default.
The Access Type for this device. Your choices are:
TELNET
•
FTP
•
SSH
•
SNMP (default)
•
RPC (Windows only)
•
In the RPC case, the username field
password can be provided in
are given, the PULL flag is set by the backend in addition to the default
RECEIVE flag.
User Guide for Cisco Security MARS Local Controller
Adding Reporting and Mitigation Devices
(Column
G) should be non-empty. The
Column
H. If RPC access type and username
2-23