Dragon Forensics Console; Dragon Trending Console; Dragon Executive Reporting; Ipv6 Support In Legacy Tools - Enterasys Intrusion Prevention System Reporting Manual

Legacy Reporting Tools

Dragon Forensics Console

The Dragon Forensics Console processes and displays event data collected in the Dragon
database. Using the Forensics Console, you can select a day of log data; for example, and produce
a summary of the collected events for that day, providing a list of events with other data. You can
also produce a list of individual events in the database that match a selected event. In this list, each
event can have extra data displayed about it, such as the associated network session. Options in
the Forensics Console provide many ways to view forensic data. Each option (also referred to as
forensics tools) contains a custom set of persistent filters that allow you to quickly focus on a string
of events.

Dragon Trending Console

The Dragon Trending Console is used to answer questions about long-term trends and activity.
The tool reads events and then sends them to a MySQL database. This Trending Console GUI
utilizes SQL queries to display IP addresses, events, or search for unique event entries. For each
query, the occurrence of the top seven matches over the selected time range is displayed.

Dragon Executive Reporting

Dragon Executive Reporting provides high-level reporting capabilities. There are eight executive
level reports which summarize event counts and the distribution of event types over reporting
periods of one week.

IPv6 Support in Legacy Tools

In general, the legacy tools should be used to report on IPv4 events.
• Realtime Console reports will not include any IPv6 events.
• Trending and Executive reports will include IPv6 events but will not display the address.
11-2 Enterasys IPS Analysis and Reporting Guide
Legacy Reporting