Table of Contents
Advertisement
Using the Forensics Console
Realtime Status
The Realtime Status option lists a variety of information about the Realtime console.
To display Realtime Console Status information:
1.
Click Realtime Status in the top left navigation area.
The display area is populated with Realtime Status information.
Figure 11-20
Using the Forensics Console
The Dragon Forensics Console processes and displays event data collected in the Dragon
database. The Forensics Console can select a day of log data, for example, and produce a summary
of the collected events for that day, providing a list of events along with other data. You can also
produce a list of individual events in the database that match a selected event. In this list, each
event can have extra data displayed about it, such as the associated network session. The Forensics
tools provide many ways to view forensic data. Each tool contains a custom set of persistent filters
that allow you to quickly focus on a string of events. The tools available in the Forensics GUI
access the Dragon database and are also available using the command line (only to root
administrators as explained in the Dragon Intrusion Defense System Configuration Guide).
Reviewing Forensics
To access the Forensics Console Main Window and tools:
1.
Click Forensics in the top right navigation area.
The Forensics Console main window appears as shown in
are shown in the left navigation panel.
11-18 Enterasys IPS Analysis and Reporting Guide
Realtime Status Tool
Legacy Reporting
Figure
11-21. Navigation options
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?
Questions and answers