Automated Security Manager Help Table of Contents Automated Security Manager Help..................................................................................................................1 Automated Security Manager Overview.................................................................................................1 Accessing Help........................................................................................................................................1 Table of Contents Tab ......
Automated Security Manager Help Table of Contents NetSight Automated Security Manager Installation Solaris Installation.................................................................................................................................23 Preparing for Solaris Installation.....................................................................................................23 Stopping the NetSight Server and Database (Solaris).....................................................................
Automated Security Manager Help Table of Contents How to Configure and Manage the NetSight Server Changing the Database Password....................................................................................................43 Changing the Database Connection URL.......................................................................................43 Performing a Database Backup.......................................................................................................
Automated Security Manager Help Table of Contents How To Send a Test Incident to ASM.............................................................................................................69 To test a response by sending threat information directly to ASM:......................................................69 To perform a more comprehensive test:................................................................................................69 Server Configuration Considerations......................
Automated Security Manager Help Table of Contents Automated Security ManagerConfiguration Window Buttons...........................................................................................................................................104 Sender Names................................................................................................................................105 Buttons.................................................................................................................
Automated Security Manager Help Table of Contents Create/Edit Rule Window..............................................................................................................................154 Rule Conditions...................................................................................................................................155 Specify Action to take..........................................................................................................................
Automated Security Manager Help Table of Contents Menu Bar Applications.........................................................................................................................................201 Help......................................................................................................................................................201 Open Log File Window.........................................................................................................................
Automated Security Manager Help Table of Contents NetSight − Supported MIBs C...........................................................................................................................................................245 D...........................................................................................................................................................247 E..................................................................................................................
Automated Security Manager Help TM Welcome to the online help system for Enterasys NetSight Automated Security Manager (ASM). All ASM documentation is available in the online help system. Online help is available from the Help menus and Help buttons throughout ASM. The Help viewer is divided into two panels. The left panel contains two tabs: the Table of Contents tab and the Search tab. The right panel displays the actual help text itself.
Automated Security Manager Help Search Tab To search for specific instances of a term in all the help topics, click the right tab (magnifying glass) in the left panel. In the Find box, enter the term for which you want to search and press Enter. A list of topics in which the term appears is displayed, along with the number of instances found in each file. The first instance in the first topic is highlighted in the right panel.
NOTICE Enterasys Networks reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
Automated Security Manager Help This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/) BOOTP Server Software The BOOTP server software used with this product is a copyrighted product of Carnegie Mellon University, 1988, 1991, All Rights Reserved.
Automated Security Manager Help d. Modified, adapted, or combined with other computer software, provided that the modified, combined, or adapted portions of the derivative software incorporating restricted computer software are made subject to the same restricted rights; e.
CUSTOMER RELEASE NOTES TM Enterasys NetSight Automated Security Manager Version 2.2 June, 2006 INTRODUCTION: Refer to the Addendum section at the end of this document for updated release note information obtained using the Web Update feature. The most recent version of these release notes can also be found on the NetSight Documentation web page: http://www.enterasys.com/support/manuals/netsight.html.
Automated Security Manager Help NetSight Automated Security Manager NetSight Automated Security Manager combines the features of a comprehensive intrusion detection system, such as Enterasys' Dragon Intrusion Defense System (IDS), with NetSight Compass' search capabilities and NetSight Policy Manager to provide an effective defense against threats to the security of your network. Automated Security Manager lets you easily configure your responses to threats.
Automated Security Manager Help PRODUCT DEVICE/FIRMWARE SUPPORT: Static Policies Devices that support Static Policies must be able to discard traffic at the role level and apply a Quarantine role that is set up to discard traffic (as defined in NetSight Policy Manager 1.7). The following tables list devices and firmware revisions for which NetSight Automated Security Manager has been qualified. Firmware versions other than these may not be fully supported.
Automated Security Manager Help Firmware Version Matrix E5 3.00.xx Matrix V2 2.03.xx 2.04.xx Vertical Horizon VH−2402S VH−2402−L3 VH−4802 VH−8TX1UM/MF 2.05.19 1.00.16 2.05.05 2.04.07.08 RoamAbout Access Point 3000 1.00.xx SecureStack B2 1.00.xx SecureStack C2 1.00.20 CDP Implementation CDP must be disabled on the downstream devices when attached to a device using multi−user authentication (such as the Matrix N−Series Platinum). ASM (by design) excludes CDP ports from responding to a threat.
Automated Security Manager Help Optimized Node/Alias Implementation Automated Security Manager processes Dragon events by locating the intruder IP address stored in the event and then taking action. This search process is completed far more quickly on devices implementing the "optimized" Node/Alias MIB table. The following table lists devices and firmware revisions supporting the optimized Node/Alias MIB table.
Automated Security Manager Help MIB Selection panel. Disable Node/Alias Learning −− It's important to make sure that inter−switch links are not learning Node/Alias information, as it would slow down searches and give inaccurate results. Enabling CDP on inter−switch links disables Node/Alias learning.
Automated Security Manager Help instructions included with the Entitlement that was sent to you. (For more information, see http://www.enterasys.com/products/management/.) Evaluation requests for each product are limited to three 30−day instances of a single Entitlement ID. To upgrade from an evaluation copy of Automated Security Manager to a purchased copy, contact your Enterasys Networks Representative to purchase the software and receive an Entitlement ID.
Automated Security Manager Help condition, possibly compromising the security of your network. 2. Disable Log Entry Details. Under extreme network loads, you can improve ASM performance by disabling Log Entry Details. The Log Entry Details window displays information about a specific trap/action entry in the Automated Security Manager Activity Monitor, and can be useful for debugging purposes. The window is launched by double−clicking an entry in the Activity Monitor table.
Automated Security Manager Help KNOWN RESTRICTIONS AND LIMITATIONS The known restrictions and limitations for this release of NetSight Automated Security Manager are listed below. Solutions for these restrictions and limitations are noted, if available. Install/Uninstall Problem (Windows 2000/XP/Server 2003 only) An evaluation of your system is not automatically 1: performed during the installation. If system requirements are not met, the install will take place, but results will be unpredictable.
Automated Security Manager Help General Problem (Linux and UNIX only) You cannot specify a range of pages when printing from tables on 1: UNIX or Linux systems. If you select Print from the Table Tools popup menu, the resulting print settings window does not open to a sufficient size (and cannot be resized) to allow access to the page range fields. Solution: For these systems, the only option is to print the entire table.
Automated Security Manager Help Return to the Search tab, clear the entry and click Search. Go back to the Contents and the navigation will work correctly. Problem 3: Help does not launch from the Help button in the Authorization/Device Access window. Solution: You can access Help for the Authorization/Device Access window from the Help viewer Table of Contents (Help > Help Topics). Any other problems than those listed above should be reported to our Technical Support Staff.
Automated Security Manager Help For information regarding the latest software available, recent release note revisions, or if you require additional assistance, please visit the Enterasys Support web site. http://www.enterasys.com/support ADDENDUM: This section provides updated release information, available to current NetSight Automated Security Manager customers through the web update operation. Use the Check for Updates feature to determine if updates are currently available.
NetSight Automated Security Manager Installation NOTE: When this topic is opened from the CD−ROM, the links from this topic to other help topics will not work. Links within the topic will work and once you've installed NetSight Automated Security Manager, you can launch the help system and access help for all topics. This document provides instructions for installing NetSight Automated Security Manager. The most recent version of this file is located on the NetSight Documentation web page: http://www.
Automated Security Manager Help Before you install Automated Security Manager, it is recommended that you read the NetSight Automated Security Manager Release Notes. You can also access the release notes for Automated Security Manager from the CD with a web browser by opening the asmnotes.htm. The most recent version of the release notes can be found on the NetSight Documentation web page: http://www.enterasys.com/support/manuals/netsight.
Automated Security Manager Help 1. In the Automated Security Manager main window, select Tools > Server Information. 2. In the Server Information window, click the License tab. 3. Select Automated Security Manager from the table and click Change License. 4. Read and accept the License and click OK. 5. Enter the license text that you received when you generated the product license. (When you purchased the software, you received a License Entitlement ID that allows you to generate a product license.
Automated Security Manager Help a Windows platform system, you need to: • Configure the Environment • Stop the NetSight Server and Database (Windows) Once your system is properly configured, you can proceed with: • Installing Automated Security Manager (Windows) • Launching Automated Security Manager (Windows) Configuring the Environment Following are instructions for configuring the environment on Windows 2003 Server, Windows 2000, and Windows XP platforms.
Automated Security Manager Help 2. Select the Advanced tab and click the Settings button in the "Performance" section. The Performance Options window opens. 3. Select the Advanced tab and verify that the "Processor scheduling" and "Memory usage" sections have Adjust for best performance of: programs selected. 4. Click the Change button in the "Virtual Memory" section of the Performance Options window. The Virtual Memory window opens. 5.
Automated Security Manager Help No server or database components will be installed. This requires that an Automated Security Manager Client and Server has been installed on another system with an Enterasys NetSight Console 2.2 Server. • Client and Server − This requires that an Enterasys NetSight Console 2.2 Server already be installed on the system. This provides the server and database components for the Automated Security Manager features to integrate with Enterasys NetSight Console 2.2.
Automated Security Manager Help NOTE: You may encounter a Java exception during the install when becoming the root user with the su − command. Be sure that your system's root environment has a proper DISPLAY variable setting. The Installation program will report a Java exception (InvocationTargetException) if the DISPLAY variable is undefined.
Automated Security Manager Help 3. The NetSight Automated Security Manager Installer leads you through a series of windows that ask you for all the information required in order to install Automated Security Manager. You will need the following information to complete the Installer Program: • Client/Server or Client−only Install −− You will need to select whether you are installing a Client−only or Client and Server version of Automated Security Manager.
Automated Security Manager Help following procedures assume that the CD drive from which you are installing is physically attached to the system where ASM is being installed. The user performing the installation must have privileges to create, read, write, and execute within the installation directory. 1. Insert the NetSight Automated Security Manager CD into the CD drive. 2. Use an xterm where you are logged in as root.
Automated Security Manager Help • License Text −− You will need to enter the license text that you received when you generated the Automated Security Manager license. (When you purchased Automated Security Manager, you received a Licensed Product Entitlement ID that allows you to generate a product license. You must generate the license prior to installing Automated Security Manager. Refer to the instructions included with the Entitlement ID that was sent to you.
Automated Security Manager Help 1. Go to the Taskbar Notification Area of your desktop (on the lower right of your screen, unless you've relocated your Taskbar). 2. Right−click the Services Manager icon ( ) and select NetSight Server > Stop Server and Database. You can now uninstall Automated Security Manager: From the Start menu, select Programs > Enterasys Networks > NetSight Automated Security Manager > Uninstall Automated Security Manager.
Automated Security Manager Help 2. Start the Uninstaller by issuing the command: ./UninstallAutoSecMgr.sh Support To locate product specific information, refer to the Enterasys website: http://www.enterasys.com Accessing Help After you have installed Automated Security Manager on your system, the full Help system is available from the Help menu option on the Automated Security Manager windows, and from any window that has a Help button on it.
Getting Started with Automated Security Manager Automated Security Manager (ASM) can help you manage responses to serious network security threats. This topic takes you through the configuration steps needed to receive events from Dragon Intrusion Defense System, then create ASM rules and apply them, either automatically or through manual confirmation, to respond to network security threats. Before you begin: • You should have an SNMPv3 Credential defined in Console with AuthPriv access.
Automated Security Manager Help There are two ways to configure SNMPTrap information: Using the Trap Receiver Configuration View or by manually adding user information to the snmptrapd.conf file using a text editor. Configuring the SNMPTrap Service Manually 1. Open the snmptrapd.conf file located in the NetSight Console\server\bin directory using your favorite text editor. Security information for Inform messages is defined using the createUser directive in the snmptrapd.conf file. 2.
Automated Security Manager Help You can also type user credentials directly into the snmptrapd.conf Text area to add entries to the configuration file.
Automated Security Manager Help 1. Open a Web browser and navigate to Dragon. The following URL opens the Dragon user interface: https:///dragon 2. Enter the username and password that grants administrative access to Dragon. 3. Click AlarmTool on the Dragon main menu bar. Dragon's AlarmTool lets you create Event Groups that describe specific network threats and what to do when those threats are detected. 4. Create a new Event Group. a.
Automated Security Manager Help f. Enter a Name for your new Alarm and click Save. 7. Deploy your new trap configuration. a. Click DEPLOYMENT in the left panel. b. Click Deploy to activate your trap configuration. Configuring Automated Security Manager The following steps create an action rule to recognize any trap from the Dragon host device and record the event in the ASM Activity Log. 1. In ASM, select Tools > ASM Configuration from the menu bar. 2.
Automated Security Manager Help Dragon has four default notification rules: netsight−atlas−asm−attacks, netsight−atlas−asm−compromise, netsight−atlas−asm−informational, and netsight−atlas−asm−misuse. Each of Dragon's default notification rules has a corresponding default event category in ASM: ASM_ATTACKS, ASM_COMPROMISE, ASM_INFORMATIONAL, and ASM_MISUSE. ASM uses Rules to compare incoming trap messages with specific event categories, then determines where and what action to apply as a response.
How To Use the Automated Security Manager The How To help folder contains help topics that give you instructions for performing tasks in NetSight Automated Security Manager. Double−click the How To help folder in the left panel to open the folder and navigate to a specific How To help topic.
How to Check for Updates NetSight applications provide an easy way to access and download product updates using a web update operation. You can perform an immediate check for updates, or schedule a routine check for updates. If your network is behind a firewall, you must specify the HTTP Proxy server being used via the Web Update view in the Options window. You must be assigned the appropriate user capability to perform this function.
Automated Security Manager Help 8. The Updates Available window opens where you can view the new updates that are available for download. Use the checkboxes to select the updates you wish to download, and click Download to initiate the download operation. 9. After the download, a message is displayed stating that you must restart the NetSight server to install the updates. Click Restart to restart the server.
How to Configure Events You can use the Event View Manager window to add your own views (tabs) to the Event View panel. You can create custom tables that capture and combine similar information (same log type) from various sources. For example, you can combine or merge trap logs into a single Event View.
Automated Security Manager Help 6. If the Available Log Managers table lists a log that you want to add to this tab, select that log manager from the list and click . The selected log manager is added to the Log Managers in View table and in the Log Managers column in the Views table. 7. If the desired log is not in the Available Log Managers table, you can add a log manager to the table, then add it to the Log Managers in View table. To add a new Log Manager a. Click New.
Automated Security Manager Help 4. If the Available Log Managers table lists a log that you want to add to this tab, select that log manager from the list and click . The selected log manager is added to the Log Managers in View table and in the Log Managers column in the Views table. 5. If the desired log is not in the Available Log Managers table, you can add a log manager to the table, then add it to the Log Managers in View table. To add a new Log Manager a. Click New.
How to Configure and Manage the NetSight Server Use the Server Information window to manage various NetSight Server functions including viewing server information, configuring the server, and managing the database. To access this window, select Tools > Server Information from the menu bar. You must be assigned the appropriate user capability to access this view.
Automated Security Manager Help 6. Click OK. Managing the Database Use the Database tab in the Server Information window to change the database server password and connection URL, as well as perform database backup, initialize, and restore operations. To access the tab, select Tools > Server Information from the menu bar. The Server Information window opens, where you can select the Database tab.
Automated Security Manager Help 2. Select the Database tab. 3. In the NetSight Data Set Operations section, click Backup. The Backup Database window opens. 4. The Database Path field displays the default database backup location. If the NetSight Server is local, you can specify an alternate backup directory by entering a path to the directory, or using the Browse button to navigate to the directory. If the server is remote, the database will be saved to the default database backup location. 5.
Automated Security Manager Help 3. In the Current Client Connections table, select the client that you want to disconnect and click the Disconnect button. 4. The client being disconnected receives a message saying that their connection will be terminated in 30 seconds. Both tables on this tab update automatically when a client connects or disconnects.
Automated Security Manager Help Upgrading a Console License On UNIX and Linux systems only, you can use the Change License function to upgrade a Console license from a Standalone to a Client−Server configuration without reinstalling. Windows systems require that you reinstall Console using a Client−Server license. To upgrade your Console license from a Standalone to a Client−Server configuration on a UNIX or Linux system: 1. Navigate to the /var/Enterasys_Networks 2. Edit the run_conf.
Automated Security Manager Help Revoking a Lock Use the following steps to revoke a lock. 1. Select Tools > Server Information from the menu bar. The Server Information window opens. 2. Select the Locks tab. 3. In the Current Locks table, select the lock you want to cancel and click Revoke. 4. A message is displayed on the user's machine informing them that their use of the locked functionality has been terminated. When the user acknowledges the message, the function closes.
How To Configure Profiles and Credentials Use this tab to manage credentials that define the access privileges required for SNMPv1, SNMPv2c, and SNMPv3, and profiles that use the credentials for various access levels. NetSight applications access devices to control certain device functions (SNMP sets) and retrieve information for device properties views, FlexViews and periodic status polling (SNMP gets).
Automated Security Manager Help d. Select a Privacy Type (DES or None). Privacy settings are disabled when the Authentication Type is set to None. e. Type the same password (between 1 and 64 characters in length) into both the Privacy Password and the Confirm Password fields. The password fields are disabled when the Privacy Type is set to None. 4. Click Apply. You can add another credential or click Close to dismiss the Add Credential window. Your new credential appears in the SNMP Credentials table.
Automated Security Manager Help Managing Profiles Profiles are assigned to device models in the NetSight database. They identify the credentials that are used for the various access levels when communicating with the device. Profiles are created using the Add Profile button in the Profile/Device Mapping Tab, or imported from a file in NetSight Generated Format (.ngf) using Console's Import from Device List feature. To create a profile: 1. Click or choose Authorization/Device Access from the Tools menu.
Automated Security Manager Help 3. Click Delete. The selected profile is removed from the table.
How To Configure Profile/Device Mapping Use the Profile/Device Mapping tab to specify which profile will be used by each Authorization Group when communicating with a specific device. The Read credential of the NetSight Administrator profile is used for device Discovery and status polling. All other SNMP communications will use the profiles specified here.
How to Configure the SNMPTrap Service Console's SNMPTrap Service (snmptrapd) must know the user credentials of a sending agent (on the device) before a trap can be received. If this information is not provided trap messages will be dropped by SNMPTrap Service. There are two ways to configure Trap Receiver information: Using the Console's Trap Receiver Configuration window or by manually adding user information to the snmptrapd.conf file using a text editor.
Automated Security Manager Help Restarting snmptrapd Service Depending on the system where the NetSight Server is running and your preference, there are several ways to restart the snmptrapd service. Restarting the snmptrapd service locally on the NetSight Server host system: Windows a. Go to the Taskbar Notification Area of your desktop (on the lower right of your screen, unless you've relocated your Taskbar). b. Locate the Services Manager icon ( ) and right−click it. c. Select SNMP Trap > Restart.
Automated Security Manager Help For related information: • Traps and Informs Restarting snmptrapd Service 55
How to Manage Users and Groups Use the Users and Groups tab (via the Authorization/Device Access tool) to specify users who are authorized to access the NetSight database, and assign those users to authorization groups that define their access privileges to application features. Access privileges (called Capabilities) are associated with authorization groups. Based on their membership in a particular authorization group, users are granted specific capabilities in the application.
Automated Security Manager Help • Never Redirect SNMP to the NetSight Server − SNMP requests are always made from the client system. These settings have no effect when both the client and server are running on the same system. d. Click Apply to confirm your selections and Close to dismiss the Add Group window. Your new group now appears in the Authorization Groups table. To edit a group: 1. Click or choose Authorization/Device Access from the Tools menu.
Automated Security Manager Help 1. Click or choose Authorization/Device Access from the Tools menu. The Authorization/Device Access window opens with the Users/Groups tab selected. 2. Check Enable to activate the Automatic User Membership − Authorization Group drop−down list. 3. Select a group that will determine the capabilities granted to users who were not previously created as an authorized user.
How to Create and Edit Automated Security Manager Rules Automated Security Manager Rules serve two distinct functions: 1. Examine the source of the threat (switch/port) to determine if certain conditions exist (e.g. threat category, source of the notifying IDS, policies currently applied to the port, etc.) which warrant a response. 2. Define the action to be taken when these conditions match the criteria defined by the Rule. The Create Rule and Edit Rule windows are identical.
Automated Security Manager Help b. Select the Event Categories that will result in applying the action for this rule. To be recognized by ASM, the text string in the event message sent by the IDS must match exactly the event category names in the Rule. • Match Any − This is an unconditional match for the category. • Match Selected − The event category is compared against one or more categories selected from the list.
Automated Security Manager Help • Match Any − This is an unconditional match for a currently applied VLAN. • Match Selected − The currently applied VLAN is compared against one or more VLANs selected from the list. • Exclude Selected − The currently applied VLAN is not one of the VLANs selected from the list. f. Select the Day and Time Ranges that will result in applying the action for this rule. 4. Define an action to be taken when the event matches the above rule criteria.
Automated Security Manager Help Custom Action: Check Custom Action and click Edit to open the Specify Program for Action window where you can customize the response to an event by selecting a program to be executed. a. In the Program to run field, type a script name, if known or use the Select button to open a file browser window and choose a script. The Program to run field does not allow using options. For example, you cannot enter myscript.bat –i −m in the Program to run field.
Automated Security Manager Help Threat MAC thmac Device IP dev Device Port port Rule Name rname Action action Details dtls SNMP Parameters (note 1) SNMPv1, SNMPv2 Parameter SNMPv3 Keyword Parameter Keyword SNMP Read snmp="v1" ro SNMP Read snmp="v1" rw SNMP Read, SNMP Write, SNMP SU/ Max Acess snmp="v3" user seclevel authtype authpwd privtype privpwd SNMP Read Incident snmp="v1" su incident Note 1: When any SNMP parameter is selected, the snmp=value indicates the SNMP version and the
Automated Security Manager Help • When Unformatted without spaces is selected, the parameters will be passed as space delimited, unformatted text, without keywords. For this option, your script must know which parameters are being passed and in what order. If a parameter contains any spaces, they will be replaced with an underbar ( _ ).
Automated Security Manager Help How to Create and Edit Automated Security Manager Rules 65
How to Import a Database You can import a NetSight database (Console release 1.5) containing previously configured ASM components into the NetSight 2.2 database. Several preparations and caveats should be understood prior to importing elements from the earlier version into Automated Security Manager 2.2. • Make a Backup of your current NetSight 2.2 database (use the Database tab of the Server Information view). Importing components from the 1.5.1 database into 2.
How to Manage SNMP Passwords Use this tab to collectively manage the credentials that have been set on your network's devices. Instructions for: • Setting SNMPv1/2 Credentials • Setting SNMPv3 Credentials Setting SNMPv1/2 Credentials When a SNMPv1 or SNMPv2 credential is selected from the drop−down list above the table, the table lists the devices where that credential is set and you can define a New Community Name for access to the devices in the table.
Automated Security Manager Help Buttons Test This button lets you test to verify that the credential in the "Use for Set" column can access the applicable MIBs on the device. Apply Sets your credential changes on the devices in the table.
How To Send a Test Incident to ASM This tool lets you test and debug the search scopes, and actions to verify ASM's response to an event. You can perform a basic test that sends a inform message directly to ASM, bypassing the SNMPTrap Service or you can configure a more comprehensive test to test the complete path (IDS to SNMPTrap Service/Console to ASM), simulating exactly the workings of an actual inform message.
Automated Security Manager Help • Trap Receiver − This is the system where the SNMPTrap Service is running. 4. If necessary, edit the SNMPTrapd.conf file to configure user credentials in Console's SNMPTrap Service. (Refer to How to Configure the SNMPTrap Service for more information about editing this file.) 5. Click Send Incident to ASM. Your incident should appear in the table in the ASM Monitor window.
Server Configuration Considerations This Help topic provides configuration information for the NetSight Server, such as running the server in a non−DNS environment, limiting client connections to the server, adding memory to the server, and firewall considerations.
Automated Security Manager Help 2. Edit the HOSTNAME variable at the top of the file to: HOSTNAME="" For example, HOSTNAME="123.123.123.123" Clients must use the exact IP address to connect to the server. Clients can no longer use localhost, 127.0.0.1, or any DNS name that translates to anything but the specified IP address. Adding Memory to the Server on Solaris and Linux By default, the NetSight Server is configured to use a maximum of 512 MB of virtual memory.
How to Set Options Use the Options window to set options for NetSight functions on a suite−wide and per−application basis. The Options window has a right−panel view that changes depending on what you have selected in the left−panel tree. Each view allows you to set different options. You can access the Options window using Tools > Options in the menu bar.
How to Set Automated Security Manager Options Automated Security Manager Options (Tools > Options) let you define your preferences for ASM operations. The right−panel view changes depending on what you have selected in the left−panel tree. Expand the Automated Security Manager folder to view all the different options you can set.
Automated Security Manager Help 5. Click Apply or OK. Dialog Boxes This view lets you select whether certain dialog boxes are shown or ignored. 1. Select Tools > Options in the menu bar. The Options window opens. 2. Select Dialog Boxes in the left panel of the ASM Options window. 3. Select or deselect the checkbox depending on whether you want the Edit Mode Required dialog box displayed or ignored.
Using the ASM Activity Monitor The Activity Monitor opens when you launch Automated Security Manager (ASM). It contains a log of ASM activities, and provides access to features that let you manage responses to network security threats.
Automated Security Manager Help Clean Up Incidents You can delete incidents from the Activity Monitor based on incident status. 1. Click the Clean Up Incidents button below the Activity Monitor table. The Clean Up Incidents window opens. 2. Use the checkboxes to select the statuses of the incidents you want to delete. For more information on each status, see the Icon/Status section of the Activity Monitor Help topic. 3. Click Apply.
NetSight Automated Security Manager Windows The Windows help folder contains help topics describing NetSight Automated Security Manager windows and their field definitions. Double−click the Windows help folder in the left panel to open the folder and navigate to topics describing a particular window.
Advanced Statistics Window This window provides advanced server statistics that are useful as a troubleshooting tool. You can access this window by clicking the Advanced button in the Server Statistics window. Statistics are provided on the following server functionality. In each tab, you must use the Refresh button to display current statistical information.
Automated Security Manager Help Advanced Statistics Window 80
Automated Security Manager Activity Monitor In addition to the Menu Bar and Toolbar, the Automated Security Manager Activity Monitor window consists of three major functional areas. The top section provides facilities to control ASM's operational mode to enable or disable responses to network security threats and select and view statistics. The center section provides a log of Automated Security Manager activities.
Automated Security Manager Help The panels in the upper half of the view can be closed by clicking the button. The Operation Mode and Statistics Summary panels are restored by selections from the View menu. The Incident Filter panel is restored by a right−click menu selection from the Activity Monitor Table. Refer to the ASM Menu Bar topic for more information. Statistics Summary This area shows Current data and data accumulated Since the last statistics Counter Reset.
Automated Security Manager Help button) to show only the traffic light indicator in the upper right corner. A drop−down menu lets you make selections as shown here: ASM can be Disabled, or it can be set to Search and Respond to a threat or to only Search for the source of the threat. NOTE: ASM searches are performed by the NetSight Server, using the profile for the server, not the profile for the ASM client user. Disabled When selected, Automated Security Manager is not active.
Automated Security Manager Help Device/Port, Rule Name, Action, Details, Last Update and Search Time columns. • Show Excluded − when checked, the table contains entries for when an IP address is found on a port that has been excluded. Activity Table Incident This is an index of incidents in the Activity Monitor showing the order in which incidents were recorded. The sequence may be broken when incidents are removed from the table.
Automated Security Manager Help not been confirmed yet. • The status for this entry was Action in Progress when the ASM Operation Mode changed to Disabled, Search Only or Console was exited and relaunched. Action Suspended (these entries are always eligible for Undo) No Action Can Be Taken Automated Security Manager Activity Monitor • Operation Mode changed to Search Only and the action was pending or timer in progress.
Automated Security Manager Help • Port already disabled, Custom action failed • Policy already applied to port, Custom action failed • PVID already applied to port, Custom action failed • Policy not supported on device, Custom action failed Action Threshold Exceeded Action Failed Automated Security Manager Activity Monitor • Too many ports for Threat IP address, action not taken • Too many actions in progress, action not taken • Too many ports for Threat IP address, action not taken, Custom action not e
Automated Security Manager Help • SNMP Sets fail (Write parameters do not match the device), Custom action executed • Device not in database, Custom action executed • Policy not on device, Custom action executed • Port cannot be disabled, Custom action executed • VLAN ID not on device, Custom action executed • VLAN Name not on device, Custom action executed • Device not reachable, Custom action failed • SNMP Profile has ReadOnly access level, Custom action failed • SNMP Sets fail (Write parameters do not ma
Automated Security Manager Help not exist on device • Current PVID setting does not agree with ASM action taken (this includes PVID and tagging parameters) • Current port state does not agree with ASM action taken, Custom action executed • Current port policy setting does not agree with ASM action taken, Custom action executed • Original policy does not exist on device, Custom action executed • Current PVID setting does not agree with ASM action taken, Custom action executed • Current PVID setting does not
Automated Security Manager Help Undo Action button; Custom Undo Action executed • Action undone by Timer; Custom Undo Action executed • ASM Action was set to None; Custom Action was executed and undone by Undo Action button • ASM Action was set to None; Custom Action was executed and undone by Timer • Action was undone when Custom Undo executed by Undo Action button • Custom Action was undone by Timer (Standard ASM Action was set to None) • Custom Undo Action was executed by Undo Action button (Standard ASM
Automated Security Manager Help • ASM Action was set to None; Custom action executed • ASM Action was set to None; Custom Action failed NOTE: This status only appears when the ASM Action is set to None. Otherwise, the custom actions are noted in the Details column. Blank Custom Action Only Blank Port Excluded Blank Search in Progress Search has begun, but not completed Blank Action in Progress Action for this entry has begun, but not completed.
Automated Security Manager Help • Port Query Pending Blank Search Pending Search for this entry is in the search queue. Blank Action Pending Action for this entry is in the action queue.. Blank Port Query Pending Port query for this entry is in the port query queue.. Date/Time The date and time when the incident was recorded in the Activity Monitor. Sender ID This is a unique identifier associated with the intrusion detection system that detected the security event.
Automated Security Manager Help in the Activity Monitor has a status of Search Pending. Search Time (sec) The amount of time in seconds that it took for ASM to search for the source of the threat. Right−Click Menu A right−mouse click on a column heading or anywhere in the table body (or a left mouse click on the Table Tools button when visible in the upper left corner of the table) opens a popup menu that provides access to a set of Table Tools that can be used to manage information in the table.
Automated Security Manager Help Removes the selected entries event/action in the Activity Monitor. When the entry removed is the last one for a particular incident, the associated Detail Log information is also deleted. Clean Up Incidents Opens the Clean Up Incidents window, where you can select incidents to delete from the Activity Monitor table.
Automated Security Manager Configuration Window This feature lets you configure Automated Security Manager (ASM) to automatically respond to a variety of attacks on your network. ASM uses Enterasys Dragon Intrusion Defense System (IDS) to identify threats to your network security and data integrity.
Automated Security Manager Help Day and Time Ranges This view lets you identify specific time intervals that may be pertinent when applying threat responses. NOTE: The Day and Time Ranges view can be accessed from the ASM Configuration window (as shown below) or from the Qualifier Tabs in the Create Rule window. Click areas in the window for more information.
Automated Security Manager Help Name This is a name that you can assign when defining a time interval. Time These controls let you select the time interval for this day and time range. Days of the Week These controls let you select the days when the Time interval will be applied. Day/Time Ranges This table lists the Day/Time Ranges that have been defined. Buttons Select All/Deselect All Checks all of the days in the Days of the Week area.
Automated Security Manager Help Add to List Adds the current Days and Times definition to the Day/Time Ranges list. Remove from List Deletes a Days and Times definition selected in the Day/Time Ranges list. Edit Entry Opens the Edit Day/Time Entry window where you can adjust the current settings for a Days and Times definition selected in the Day/Time Ranges list. Used In Select a Day/Time Range in the list, and click the Used In button to open a window that displays which ASM rules are using the range.
Automated Security Manager Help Dragon has four default notification rules: netsight−atlas−asm−attacks, netsight−atlas−asm−compromise, netsight−atlas−asm−informational, and netsight−atlas−asm−misuse. Each of Dragon's notification rules has a corresponding event category in ASM: ASM_ATTACKS, ASM_COMPROMISE, ASM_INFORMATIONAL, and ASM_MISUSE. For ASM's response to a serious threat to be timely and effective, it is important that ASM only be notified of serious threats.
Automated Security Manager Help MS−BACKDOOR3 MS−SQL:HAXOR−TABLE MS−SQL:PWDUMP MS−SQL:WORM−SAPPHIRE MS:BACKDOOR−BADCMD MS:BACKDOOR−DIR SMB:SAMBAL−SUCCESS SSH:X2−CHRIS SSH:HIGHPORT SSH:X2−CHRIS−REPLY Event Category List This list contains all of the Event Categories that have been defined for ASM. The list can be set back to the default categories by clicking Restore Defaults.
Automated Security Manager Help number than all the others. If you want ASM to respond to these Event Categories last (since they are deemed to be the least important), the Precedence should be set to be a higher number than all the others. Buttons Add to List Adds the Event Category, typed into the associated field, to the list. Remove from List Removes a selected Event Category from the list.
Automated Security Manager Help Notifications This list shows all of the notifications that have been created. Buttons Create Opens the Create Notification window. This window takes one of several forms, depending on the type of notification being created (E−Mail, Syslog, SNMP Trap, Script, Dragon, or Group). Remove Attempts to remove notifications selected in the Notifications list from the list. Notifications cannot be removed if they are currently in use by a rule.
Automated Security Manager Help (E−Mail, Syslog, SNMP Trap, Script, Dragon, or Group). Used In Select a Notification in the list, and click the Used In button to open a window that displays which ASM rules are using the notification. Policies This view lets you add or remove Policies. Policies serve two purposes: they are used to compare against roles currently applied to a port and they can also be applied as a response to a threat.
Automated Security Manager Help Policy List This list contains the Policies that have been defined for ASM. Buttons Add to List Adds the Policy name, typed into the associated field, to the list. Remove from List Removes a selected Policy from the list. Import Opens a file browser where you can select a .pmd file to import role names created in NetSight Policy Manager. Used In Select a Policy in the list, and click the Used In button to open a window that displays which ASM rules are using the policy.
Automated Security Manager Help NOTE: Sender Identifier names are case sensitive. Sender Identifier Name The name of a Sender Identifier. Sender Identifier List This list contains the Sender Identifiers that have been defined for ASM. Buttons Add to List Adds the Sender Identifier, typed into the associated field, to the list. Remove from List Removes a selected Sender Identifier from the list.
Automated Security Manager Help Select a Sender Identifier in the list, and click the Used In button to open a window that displays which ASM rules are using the identifier. Sender Names This view lets you add or remove Sender Names that will be used to define the ASM search scope when Dragon notifies ASM of a threat.
Automated Security Manager Help The Sender Name. Sender Name List This list contains the Sender Names that have been defined for ASM. Buttons Add to List Adds the Sender Name, typed into the associated field, to the list. Remove from List Removes a selected Sender Name from the list. Used In Select a Sender Name in the list, and click the Used In button to open a window that displays which ASM rules are using the name.
Automated Security Manager Help Subnet Name This is any name that you want to identify this subnet. Threat Subnet Enter the subnet that you want the ASM search scope to use when Dragon notifies ASM of a threat. Mask This is the mask that will be used to further define the associated subnet address. The format that is used for the Mask is determined by the current Network Mask setting (CIDR or Dot−Delimited) selected in the Console Options − Data Display view.
Automated Security Manager Help Adds the Threat Subnet and Mask, typed into the associated fields, to the list. Remove from List Removes a selected Threat Subnet and Mask from the list. Edit Entry Opens the Edit Threat Subnet window where you can adjust the current settings for the selected Threat Subnet definition. Used In Select a Threat Subnet in the list, and click the Used In button to open a window that displays which ASM rules are using the subnet. VLANs This view lets you add or remove VLANs.
Automated Security Manager Help VLAN Name The VLAN name. VLAN ID The VLAN ID. VLAN List This list contains the VLANs that have been defined for ASM. Buttons Add to List Adds the VLAN Name/VLAN ID, typed into the associated field(s), to the list (VLAN names are limited to 32 characters). Remove from List Removes a selected VLAN from the list.
Automated Security Manager Help Import Opens a file browser where you can select a .pmd file to role names created in NetSight Policy Manager. Used In Select a VLAN in the list, and click the Used In button to open a window that displays which ASM rules are using the VLAN. Search Variables ASM lets you select specific sources to be used when searching for the source of network threats.
Automated Security Manager Help Search Scope Definitions This view lets you select the devices that will be searched when Dragon notifies ASM of a threat. You can set the search scope to Basic to create a single group to be searched or to Advanced to create more than one group of devices to search. NOTE: ASM searches are performed by the NetSight Server, using the profile for the server, not the profile for the ASM client user.
Automated Security Manager Help Basic Search Scope With Basic Search Mode selected the Search Scope Definitions view lets you include or exclude selected devices/device groups from to define the specific devices that will be searched when Dragon notifies ASM of a threat. You can include or exclude specific devices, according to Device Type, Location, Contact, and Subnet. Click areas in the window for more information.
Automated Security Manager Help search scope or click Exclude to designate your selection(s) as being specifically excluded in the search scope. You can repeatedly select devices/device groups individually and click Include/Exclude or use multiple selection techniques (Control−click or Shift−Click) to select or de−select multiple Devices/Device Groups in a single operation.
Automated Security Manager Help specific location−−for example, all the routers in a particular building. When a device type (Routers) and a location group (Building2) are both selected, then only the devices contained in both groups (Routers in Building2) will be included in the search scope. Resulting Devices The resulting list of devices that will be searched when Dragon notifies ASM of a threat.
Automated Security Manager Help Search Scopes This panel lists the Search Scopes that can be associated with Search Scope Rules, which ultimately determine the devices that will be searched when Dragon notifies ASM of a threat. New Search Scopes can be added using the Create button or existing Search Scopes can be selected and modified by clicking Edit. Search Scope Rules This panel lists the Search Scope Rules.
Automated Security Manager Help Buttons Create (Group) Opens the Create Search Scope Group window where you can create groups of devices that will be searched when Dragon notifies ASM of a threat. Edit (Group) Select a Search Scope in the table and click Edit to open the Edit Search Scope Group window where you can edit the set of devices included. in the group. Move Up/Move Down Search Scope Rules are evaluated from top to bottom in the order in which they appear in the table.
Automated Security Manager Help Exclude Specific Ports This view lets you select specific ports that you want to exempt from the actions by ASM to prevent shutting down critical ports. Click areas in the window for more information.
Automated Security Manager Help MAC Address Count This feature lets you distinguish between single−user ports and multi−user ports (routers). When checked ASM will expand its query to determine the number of MAC addresses connected through each port. The number of MAC addresses found appears in the MAC Address Count column of the Groups and Devices table. Groups & Devices The device tree shows the devices and port elements that have been modeled in the Console database.
Automated Security Manager Help Get Port Info Queries the Port Elements and device(s) selected in the tree to obtain a list of available ports. Import Opens a file browser to allow importing a .pmd file from Policy Manager to allow excluding Frozen ports. Exclude Selected Ports Adds the selected port(s) to the Excluded Ports table. Remove Removes port(s) selected in the Excluded Ports table.
Automated Security Manager Help Enabled When checked, the action associated with the rule will be executed in response to an intrusion threat. Rule Name This is the name assigned to the rule. Groups and Devices The devices/device groups on which a threat is suspected of ingressing the network. Day and Time Ranges The day and time ranges defined for the rule.
Automated Security Manager Help The event categories defined for the rule. Sender Identifiers The sender identifiers defined for the rule. Policies Port policies defined for this rule. Depending on how the rule is created, these are policies that may be overridden by this rule. Action to Take Identifies the action executed in response to the threat (None, Apply Policy, Disable Port, Apply PVID) when the rule matches the event criteria.
Select Statistics Window This window lets you select the data elements that will appear in the Statistics area of the ASM Activity Monitor window. It contains two sets of columns, one for Current statistics and another for Since statistics. Current statistics will show the information about entries currently contained in the Activity Monitor table. Since statistics will show the summation of information accumulated since the last counter reset.
Automated Security Manager Help Action Undo Failed The number of entries in the table where a standard or custom undo has failed. Action Taken and Undone The number of entries in the table where a standard or custom action was taken and then undone by a timer, or Undo Action button Incidents The total number of incidents in the table. Average Search time (sec) For incidents in the table, the average time per incident spent searching.
Authorization/Device Access Users/Groups Tab Use this tab to specify users who are authorized to access the NetSight database, and assign those users to authorization groups that define their access privileges to application features. Access privileges (called Capabilities) are associated with authorization groups. Based on their membership in a particular authorization group, users are granted specific capabilities in the application.
Automated Security Manager Help Automatic User Membership The Automatic User Membership feature lets you specify an authorization group for users that log in without having been previously assigned to a group. This lets you control the capabilities for these users. Users that are automatically added to a group by this feature are indicated by a Yes in the Automatic Member column of the Authorized Users table.
Automated Security Manager Help Authorization Group The authorization group where the user is a member. Automatic Member Yes indicates that the associated user was not a previously authorized user and, as a result was automatically added to the Automatic User Membership − Authorization Group. No indicates that the associated user is an authorized user that was created by the NetSight Administrator. Authorization Groups Table This table lists all of the groups that have been created.
Automated Security Manager Help User name The name used for this authorized user. Domain/Host name The user's domain/hostname that will be used to authenticate to the NetSight database. Authorization Group Use the drop−down list to select the authorization group where this user will be a member. Add/Edit Group Window This window lets you define a new group or edit an existing group. Click areas in the windows for more information.
Automated Security Manager Help Group Name This is the name given to the group. When adding a group, you can enter any text string that is descriptive of the members of this group. Capabilities Tab Expand the Capabilities tree in this tab and select the specific capabilities to be granted to users that are members of this group. The capabilities are divided into suite−wide and application−specific capabilities. Access to a particular capability is granted when it is checked in the tree.
Automated Security Manager Help Settings Tab The Settings tab configures how SNMP requests will be handled for users that are members of this group. Allow Users to Configure SNMP Redirect in Options Lets users that are members of this group edit the Suite−wide Option setting for Client/Server SNMP Redirect.
Authorization/Device Access Profiles/Credentials Tab NetSight applications access devices to control certain device functions (SNMP sets) and retrieve information for device properties views, FlexViews and periodic polling (SNMP gets). This tab lets you manage credentials that define the access privileges required for SNMPv1, SNMPv2, and SNMPv3, and profiles that use the credentials for various access levels.
Automated Security Manager Help Default Profile: This drop−down list lets you specify a profile that will be used by default to access a device. Profiles Table This table lists all of the profiles that have been created. The public_v1_Profile is automatically created during Console installation and cannot be deleted. Name This is the name assigned when the profile was created. Version This is the SNMP protocol version for the profile. Profiles can be configured for SNMPv1, SNMPv2c, or as SNMPv3.
Automated Security Manager Help This table lists all of the credentials that have been created in the NetSight database. The public_v1 credential is automatically created during Console installation and cannot be deleted. Name This column lists names assigned to credentials that have been created in the NetSight database. Version This is the SNMP protocol version for the credential. Credentials can be configured for SNMPv1, SNMPv2c, or as SNMPv3.
Automated Security Manager Help Click areas in the windows for more information. Profile Name A unique name (up to 32 characters) that you assign to this profile. When editing an existing profile, you can select a profile from the table to modify its settings. However, you cannot change the name of an existing profile. SNMP Version This is the SNMP protocol version for the profile. Profiles can be configured for SNMPv1, SNMPv2c, or as SNMPv3.
Automated Security Manager Help • Max Access − used for write operations (set ) that require administrative access. Security Level Each access level can be assigned a security level: • AuthPriv − Highest security level requiring authentication and privacy (encrypted information). • AuthNoPriv − Requires authentication, but unencrypted information. • NoAuthNoPriv − Neither authentication nor privacy required.
Automated Security Manager Help Credential Name A unique name (up to 32 characters) that you assign to this access credential. You can define a new credential or select a name from the table to modify settings for an existing credential. You cannot edit the name of an existing credential. SNMP Version This is the SNMP protocol version for the credential. Credentials can be configured for SNMPv1, SNMPv2, or as SNMPv3.
Automated Security Manager Help Add/Edit Credential Window 136
Authorization/Device Access Profile/Device Mapping Tab This tab lets you define the specific Profiles to be used by users in each Authorization Group when communicating with network devices. The view consists of a device tree in the left panel where you select devices, and a table in the right panel that lists the current device profile assignments. The Table Editor button activates the editing row where profile selections are made. Click areas in the window for more information.
Automated Security Manager Help the profile used by the NetSight Administrator group. The Profile listed/selected for each Authorization Group column will be used by that group when communicating with the associated device and, as a result, defines the level of access granted to users that are members of that Authorization Group. Table Editor Row This row is visible when the Show/Hide Table Editor button is toggled to make the Table Editor visible.
Authorization/Device Access Manage SNMP Passwords Tab This tab lets you collectively manage the credentials that have been set on your network's devices. When a particular credential is selected from the drop−down list above the table, the table lists the devices where that credential/password is set. When an SNMPv1 or SNMPv2 credential is selected, you can define a New Community Name for access to the devices in the table.
Automated Security Manager Help Authentication/Privacy The new SNMPv3 passwords that will be used for access to the associated device(s). Show Passwords in Clear Text When checked, the passwords are shown in text. When unchecked, the passwords are shown as a string of asterisks. Credentials Table This table lists all of the devices where the selected credential can be used. Device The list of devices where the currently selected credential can be used to access the device.
Backup Database Window Use the Backup Database window to save the currently active database to a file on the NetSight Server workstation. If the NetSight Server is local, you can specify a directory path where you would like the backup file stored. If the server is remote, the database will be saved to the default database backup location. You can access this window by clicking the Backup button in the Database tab of the Server Information window. Click the graphic for more information.
Clean Up Incidents Window The Clean Up Incidents window lets you delete incidents from the Activity Monitor table based on incident status. Use the checkboxes to select the statuses of the incidents you want to delete. For more information on each status, see the Icon/Status section of the Activity Monitor Help topic. The Clean Up Incidents window is accessed by clicking the Clean Up Incidents button in the Activity Monitor window.
Configure Server Window The Configure Server window allows you to configure various NetSight Server parameters. The window has a right−panel view that changes depending on what you have selected in the left−panel tree. You can access this window by clicking the Configure button in the Server Information window. You must be assigned the appropriate user capabilities to access and use this window.
Automated Security Manager Help Total Allowed The maximum number of client connections allowed for this plugin application. Select this field and use the arrows to change the number, if desired. Clients Currently Connected The total number of clients currently connected to the NetSight Server. Number of Clients Allowed The maximum number of concurrent client connections allowed by the NetSight Server. Use the arrows to change the number, if desired.
Create/Edit Notification Window This window lets you create or edit notifications that are activated with your response to network threats. The window takes several forms depending on the type of notification being created or edited. Use the drop−down menu at the top of the window to select the type of notification you want to create. The appropriate fields are automatically provided.
Automated Security Manager Help Specify information to include in E−Mail message These check boxes let you select elements of the event information to be added to your E−Mail notification message. The Select All button places a check in all of the boxes and the Deselect All button removes checks from all of the boxes. The information is added to your message as unformatted, space−delimited text.
Automated Security Manager Help Buttons Test This button allows sending a test syslog message to simulate a notification sent in response to a network threat. SNMP Trap This window lets you configure notifications that send a SNMP Trap that will be triggered with your response to network threats. Click areas of the window for more information. Name The name assigned to this notification. Type Set the Type to SNMP Trap for this window.
Automated Security Manager Help This is the password (between 1 and 64 characters in length) that will be used to determine Privacy. This field is disabled for Privacy Type, None. Trap Receiver The IP address for a trap receiver (the system where devices will send traps). Valid trap receivers are systems running a SNMPTrap Service. Script This window lets you identify a script that will be executed with your response to network threats. Click areas in the window for more information.
Automated Security Manager Help The Program to run field does not allow using options. For example, you cannot enter myscript.bat –i −m in the Program to run field. TIP: To execute a script with options, create a script without options that executes another script that has options (Windows only). For example: 1. Create a script named, asm_script.bat with an entry to call myscript.bat such as: C:\Program Files\My Custom Files\myscript.bat –i %1 −m %2". 2.
Automated Security Manager Help Device IP dev Device Port port Rule Name rname Action action Details dtls SNMP Parameters (note 1) SNMPv1, SNMPv2 Parameter SNMPv3 Keyword Parameter Keyword SNMP Read snmp="v1" ro SNMP Read snmp="v1" rw SNMP Read, SNMP Write, SNMP SU/ Max Acess snmp="v3" user seclevel authtype authpwd privtype privpwd SNMP Read Incident snmp="v1" su incident Note 1: When any SNMP parameter is selected, the snmp=value indicates the SNMP version and the subsequent paramet
Automated Security Manager Help Example: Sender Name, Sender ID, Threat MAC, and SNMP Write are selected and the device is configured for SNMPv1 credentials, the information passed to the script might look like: my_sender_name dragon_id 00.00.1d.11.22.33 v1 public And, for a script named myscript.bat, the resulting script command would be executed as: C:\Program Files\Enterasys Networks\NetSight Console\server\plugins\AutoSecMgr\scripts\my_script.bat my_sender_name dragon_id 00.00.1d.11.22.
Automated Security Manager Help Privacy Type DES or None, selected from this drop−down list. These settings are disabled if Authentication Type None is selected. Privacy Password This is the password (between 1 and 64 characters in length) that will be used to determine Privacy. This field is disabled for Privacy Type, None. Group This window lets you combine notifications in a group to provide multiple notifications when ASM responds to a network threat. Click areas in the window for more information.
Automated Security Manager Help Group 153
Create/Edit Rule Window The features and fields in the Create Rule and Edit Rule windows are identical, except for their title. These windows are used to define new rules or modify existing rules to be used as Automated Security Manager responses to network security threats. The Edit Rule window opens with information for the rule selected in the Rule Definitions view, while the Create Rule window opens with blank or default settings.
Automated Security Manager Help Name The name given to this rule. The name can be any character string, excluding spaces, up to 64 characters. Rule Conditions The following attributes are compared against the device(s) located by the ASM search and the event information reported by the IDS to determine the applicability of the specified action. When the information from the search and the event information match these attributes, then the action specified below will be applied.
Automated Security Manager Help different actions based on the device/device group selected here. For example, if you are creating a rule with an action that applies a policy, you do not want to select a device/device group for a device type that does not support policies. Or as another example, in some rules, you may want to apply different actions or more or less permanent actions for certain subnets containing critical network resources.
Automated Security Manager Help • Match Selected − The event category is compared against one or more categories selected from the list. • Exclude Selected − The event category matches if it is not one of the categories selected from the list. Sender Identifiers This tab lets you select one or more unique identifiers, associated with the intrusion detection systems that detected the security event, to determine whether or not to apply an action.
Automated Security Manager Help • Match Any − This is an unconditional match for a currently applied policy. • Match Selected − A match occurs when the currently applied policy is one of policies selected in the list. • Exclude Selected − A match occurs when the currently applied policy is not one of the policies selected in the list.
Automated Security Manager Help • Match Selected − The currently applied VLAN is compared against one or more VLANs selected from the list. • Exclude Selected − The currently applied VLAN is not one of the VLANs selected from the list. Day and Time Ranges This tab lets you select one or more of your previously defined intervals, covering specific days and times, to determine whether or not to apply an action. Specify Action to take...
Automated Security Manager Help Multi−User Authentication When the action for a rule is set to Apply Policy and the threat is located on a port on a device that supports Multi−User Authentication (e.g., Matrix DFE), you can apply a policy to a specific MAC address or IP address. This lets you isolate a single user instead of affecting all of the users on the port. You can apply a user−specific policy to an IP address or MAC address instead of changing the port policy.
Automated Security Manager Help NOTE: When a custom action script does not specify the path for its output, the output is placed in the \Enterasys Networks\NetSight Console\server\jboss\bin directory. Notification You can specify a notification to be part of the rule's action. For example, you can specify an E−Mail notification to be sent in response to a threat. Check Notification and select the desired notification from the drop−down list.
Automated Security Manager Help notifications. In this window, you can select a Notification to edit, or click Create to open the Create Notification window.
Create/Edit Search Scope This window lets you create and name groups of devices that will be searched when Dragon notifies ASM of a threat. It operates the same way as the settings for the Basic Search Scope Definitions, but allows you to create multiple search scope groups so that you can search several non−contiguous groups of devices. You can include or exclude specific devices, according to Device Type, Location, Contact, and Subnet.
Automated Security Manager Help Groups &Devices This panel shows the device tree for devices modeled in the Console database. You can expand branches of the tree to select Devices/Device Groups to be searched when Dragon notifies ASM of a threat. After making a selection, click Include to designate your selection(s) as being included in the search scope or click Exclude to designate your selection(s) as being specifically excluded in the search scope.
Automated Security Manager Help in both groups (Routers in Building2) will be included in the search scope. Resulting Devices The resulting list of devices that will be searched when Dragon notifies ASM of a threat. The table is dynamically updated according to your device/device group selections and include/exclude arguments. Send Notification... This checkbox allows you to select a notification to be performed in the event no port is found for the Threat IP.
Create/Edit Search Scope Rule This view lets you create rules that determine which search scope will be used when a specific threat arrives. Each search scope rule defines a set of conditions (sender id, threat subnet, etc.) and a search scope to use when the conditions are met. You can access this window from the ASM Configuration window's Search Scope Definitions panel. Select the Advanced Search Mode, then click the Create or Edit button in the Search Scope Rules section.
Automated Security Manager Help • Match Selected − The Sender ID is compared against one or more Sender Identifiers selected from the list. • Exclude Selected − The Sender ID matches if it is not one of the Sender Identifiers selected from the list. Use the Edit List button to open a window where you can add or remove sender identifiers to use in your rule definitions.
Edit Notifications Window This window lists all the notifications you have created, and lets you edit or remove a notification, or create a new one. Click areas in the window for more information. Name The name assigned to this notification in the Create/Edit Notification window. Type The type of notification, as selected in the Create/Edit Notification window. Summary The variables configured for this notification in the Create/Edit Notification window.
Automated Security Manager Help Edit Entry Opens the Edit Notification window for the notification selected in the list. Used In Select a notification in the list, and click the Used In button to open a window that displays which ASM rules are using the notification.
E−Mail Configuration Window The E−Mail Configuration window lets you create an E−Mail recipient list to use when configuring E−Mail notification settings. The window is accessed from the Edit Mail List button in the Create/Edit Notification window. Click the graphic for more information. Defined Mail Lists Displays the currently defined mail lists. Use the New List button to add a mail list name to the list.
Automated Security Manager Help E−Mail Configuration Window 171
Error removing Notification(s) Window This window automatically opens if you attempt to remove one or more notifications that are currently in use by ASM. The table lists the specific notification(s) that caused the error and where each notification is being used.
Event View NetSight's Event View lets you view alarm, event, and trap information for the NetSight Console, network devices, and other NetSight applications. Each tabbed view in the Event panel lets you scroll through the most recent 10,000 entries in the logs that are configured for that view. A Console tab, showing Console events and a Traps tab that captures traps from devices modeled in the NetSight database are provided when NetSight Console is initially installed.
Automated Security Manager Help application (HPOV, NetSight Element Manager, etc.), you must shut it down before launching Console. Syslog Tab This tab maintains a record of all the BOOTP messages received for devices modeled in the NetSight database. Console Tab Table Acknowledge This column can be checked which lets you hide items that have been acknowledged. Click the check box to acknowledge the item and then click the Show Acknowledged Events button to hide or show the checked items.
Automated Security Manager Help selected event or trap. Buttons Show/Hide Acknowledged Events This button hides or shows items in the table that have been acknowledged by a check in the Acknowledge column. Event View Manager This button opens the Event View Manager window where you can change the elements in the selected table or define additional tabs for the Event View panel. Open Event Log This button lets you open an event log file located on the NetSight Server or Client.
Event Details Window The Event Details window shows additional information about an event or trap selected in the Event View. It combines information about the event as defined in the trapd.conf file and specific information about the source of the event. It is accessed by choosing Event Details from the right−click menu in the Event View. Click areas in the window for more information. Timestamp Shows the date and time when an event, or trap occurred.
Automated Security Manager Help Client Only applicable to Console events and shows the hostname of the source of the event. Severity Indicates the potential impact of the event or trap. For traps, this field shows the Severity as defined in the trapd.conf file. Category For traps, this field shows the category defined in the trapd.conf file. For other tabs, it indicates the source of the of the information, either a Console Poller, local log, syslog, trap log, Error (java exceptions), etc.
Event Log Viewer NetSight Options set limits on the size of log files that record events on your network. When the limit is reached, the information is saved to a log file. This viewer is where you can view historic alarm, event, and trap information for the NetSight Console, network devices, and other NetSight applications. Sample Event Log Viewer Severity Indicates the potential impact of the event or trap. For traps, this column shows the Severity as defined in the trapd.conf file.
Automated Security Manager Help User Associates an event with the user that performed the action that triggered the event. Type Identifies the type of information for this row (event, or trap). Event Shows the type of event or trap. For traps, this column shows the name of event as defined in the trapd.conf file. Information Shows an summary explanation of the event, or trap.
Event View Manager Window The Event View Manager window lets you add your own tabs to the Event View panel to create custom tables that provide the information needed to manage your network. With it, you can add tables and modify existing tables to capture and combine alarm, event and/or trap information from various sources. The top panel lists the current tabs, while the bottom two panels let you define sources for the information in your custom tables.
Automated Security Manager Help • Title − The name that appears on the tab in the Event panel. • Log Managers − A comma−separated list of the Log Managers that contribute entries to the view. Available Log Managers • Name − This is the name assigned to the Log Manager. • Type − Defines the source of the log information: Server or Local. • Poll Interval − Streaming logs are constantly updated. Polled logs are updated at the specified interval.
Automated Security Manager Help This button applies the current Event Configurations, but leaves the Event View Manager window open to allow additional configuration.
New Log Manager Window The New Log Manager window lets you create local log managers to use when configuring Event Views. It is opened from the New button in the Available Log Managers area in the Event View Manager window. Click areas in the window for more information. Log Manager Name: The name of this log manager. Log File: The path and filename of the log being managed by this log manager.
Log Manager Parameters Window This window displays parameters for a selected log manager. It is opened from the Edit button when a log manager is selected in the Available Log Managers area in the Event View Manager window. The window looks different depending on the type of log manager you have selected: server or local.
Automated Security Manager Help Poll Interval This field is only active when the Syslog or Traps Log Manager is selected. This is the time interval (in seconds) between retrieving information from the log. Buttons Edit Path Opens the Edit Log Path window where you can edit the path to the requested syslog file. The path must be a full path residing on the server. This button is only available when the Syslog Log Manager is selected.
Custom Pattern Configuration Window This window lets you create a pattern that will be used to interpret information from a non−standard syslog file. A sample line is shown un−parsed in the Sample Log Line. The Pattern line contains Fields and Delimiters that determine how each data element in the sample line will be parsed and placed in a column in the Event View. The Parsed table shows how the results will be presented in the Event View panel.
Automated Security Manager Help • Console 1.x Pattern − Parses files generated by Console 1.x • Console 2.0 Pattern − Parses files generated by Console, and its current plugins. Fields This table lists the field types that identify the column in which a particular element of parsed information should be placed. Selecting a field type full pattern is enclosed within angle brackets (< , >) to signify beginning and end. A newline (\n) is assumed at the end in this case, but could be made required.
Automated Security Manager Help Displays the the selected Fields and Delimiters that determine how each data element in the sample line will be parsed and placed in a column in the Event View. Sample Log Line This is a sample of raw log information. Parsed This table shows how the information will be presented in the Events tab. Cells are filled with the sample line information as field types are selected and delimited.
New/Edit (Event) View Window This window lets you define the name and any columns that you want to add to a new or existing Event View. It is opened from either the Add or Edit button in the Views area in the Event View Manager window. Click areas in the window for more information. Name The name for the Event View. This is the name that will appear on the tab for this view in the Event View panel.
Automated Security Manager Help New/Edit (Event) View Window 190
Open Log File Window This window lets you select a log file from either the client or server for viewing in the Event Log Viewer window. It also lets you select the format that will be used to parse the information that is presented in the Event Log Viewer. You can access this window from the Open Event Log button in the lower−right corner of the Event View. You can open an event log from the local Console Client or from the NetSight Server.
Automated Security Manager Help Open Event Log on Server This browser opens with the default path set to the \Enterasys Networks\NetSight Console\server\logs directory.
Automated Security Manager Help Open Event Log on Server 193
Incident Test Tool This tool lets you test and debug the search scopes and actions to verify ASM's response to an event. Click areas in the window for more information. Two levels of testing can be performed: • Test response by sending an SNMP trap to ASM − this level uses Console's SNMPTrap Service to receive the trap and notify ASM of the threat. This is the more comprehensive test because it simulates exactly the workings of an actual trap.
Automated Security Manager Help • Test response by directly invoking ASM − this level bypasses the SNMP trap mechanism, sending the trap directly to ASM. ASM processes the threat as if it were received as a real SNMP trap message. If ASM is in Search and Respond mode, the configured action will be applied. Specify parameters of test incident to be sent to ASM These parameters are used with both levels of testing. Your settings here define a simulated threat that will be sent to ASM.
Automated Security Manager Help Buttons Send Incident to ASM Sends the test (inform) message that you've configured to ASM. If you've configured your ASM Rules correctly, the message information should appear in the ASM Monitor.
ASM Log Entry Details Window This window displays detailed information about a specific trap/action entry selected in the Automated Security Manager Activity Monitor. Activities related to the selected Activity Monitor entry are listed chronologically, by default, with newer activities at the bottom. You can change the arrangement by clicking a heading to sort the table in ascending or descending order.
Automated Security Manager Help Timestamp Shows the date and time when the event occurred. Source Shows the IP address of the host that was the source of the event. Client Shows the hostname of the source of the event. User Associates an event with the user that performed the action that triggered the event. Type Identifies the type of information for this row (event, or trap). Event Shows the type of event or trap. Information Shows an summary explanation of the event, or trap.
Menu Bar The ASM menu bar provides access to tools and functions that help you maintain the security of your network. ASM menus are available in several forms, designed for your convenience when accessed in a given situation. Many of the options available from menus are also available as buttons the toolbar. Icons associated with these menu options indicate when the same option is available from a toolbar.
Automated Security Manager Help File Database > Import v1.5 ASM Database Opens a file browser where you can select a Netsight Console version 1.5 database and import ASM components into your Console 2.2 database. A confirmation dialog warns that you will overwrite ASM components in the current database. Refer to How to Import a Database for more information about importing ASM components into a database.
Automated Security Manager Help is dynamically updated as you set or change/define settings, always presenting the appropriate options as your configuration progresses. As you move through the steps, the selections that you make along the way determine the selections that are appropriate for the following steps.
Automated Security Manager Help Opens your system's Web browser and takes you to the Enterasys Global Support Web page. Check for Updates Allows you to update Automated Security Manager with the latest version of release notes and critical changes. Refer to Web Update for more information. Getting Started Opens the Getting Started Help information to introduce first−time users to the features in NetSight Automated Security Manager.
Open Log File Window This window lets you select a log file from either the client or server for viewing in the Event Log Viewer window. It also lets you select the format that will be used to parse the information that is presented in the Event Log Viewer. You can access this window from the Open Event Log button in the lower−right corner of the Event View. You can open an event log from the local Console Client or from the NetSight Server.
Automated Security Manager Help Open Event Log on Server This browser opens with the default path set to the \Enterasys Networks\NetSight Console\server\logs directory.
Automated Security Manager Help Open Event Log on Server 205
Options Window The Options window allows you to set options for NetSight functions on a suite−wide and per−application basis. The Options window has a right−panel view that changes depending on what you have selected in the left−panel tree. Each view allows you to set different options. You can access the Options window using Tools > Options in the menu bar.
Automated Security Manager Options Automated Security Manager Options (Tools > Options) lets you define your preferences for ASM operations. The right−panel view changes depending on what you have selected in the left−panel tree. Expand the Automated Security Manager folder to view all the different options you can set. Click Option headings for more information.
Automated Security Manager Help Apply Sets the currently defined settings and keeps the Options window open. OK Sets the options and closes the window. Cancel Cancels any changes you have made and closes the window. Help Displays this Help topic. Action Limits This view lets you set limits for Automated Security Manager's threat responses. Click areas in the view for more information.
Automated Security Manager Help Max Number of Outstanding Actions This parameter limits the number of outstanding (pending execution) actions. Max Number of Action per Threat This parameter sets a limit on the number of actions that can be executed for a given threat. Both pending and executed actions are counted toward the maximum. When the limit is reached, no further actions will be executed for the threat. Dialog Boxes This view lets you configure whether certain dialog boxes are shown or ignored.
Automated Security Manager Help Show Edit Mode Required Dialog The Edit Mode Required dialog appears if you try to make changes in the ASM Configuration window without first selecting Edit Mode. Deselecting this checkbox means that the dialog will not appear and you will automatically be put in Edit Mode. Dragon EMS This view lets you integrate management of your Dragon EMS host systems into the Application menu in Automated Security Manager. Click areas in the view for more information.
Automated Security Manager Help NOTE: Dragon EMS host names are case sensitive. Dragon EMS Host/IP The Dragon EMS hostname or IP address. Dragon EMS List This list contains the Dragon EMS hosts that have been defined for Automated Security Manager. Buttons Add to List Adds the Dragon EMS host, typed into the associated field, to the list. Remove from List Removes a selected Dragon EMS host from the list.
Automated Security Manager Help SNMP The SNMP view lets you specify options that define the ASM's SNMP polling parameters. Click areas of the window for more information. Number of SNMP Retries The number of attempts that will be made to contact a device when an attempt at contact fails. The default setting is 3 retries, which means that ASM retries a timed−out request three times, making a total of four attempts to contact a device.
Restore Database Window Use the Restore Database window to restore the initial database or restore a saved database. Both functions will cause all current client connections and operations in progress to be terminated. You can access this window by clicking the Restore button in the Database tab of the Server Information window. Click the graphic for more information.
Server Information Window The Server Information window lets you view and configure certain NetSight Server functions, including management of client connections, database backup and restore, locks, and licenses. It also provides access to the server log and server statistics. To access this window, select Tools > Server Information from the menu bar. You must be assigned the appropriate user capabilities to access and use this window.
Automated Security Manager Help Current Client Connections This table lists all of the currently connected clients for this server, with the most recent connection at the top. The list is automatically updated when clients connect or disconnect. User: The name of the user that has connected to the server as a client. Authorization Group The authorization group the user belongs to. Client Type The type of client, which will be NetSight Console or a NetSight plugin application such as Inventory Manager.
Automated Security Manager Help Disconnects the selected client. The client being disconnected receives a message saying that their connection will be terminated in 30 seconds. You must be assigned the appropriate user capability to disconnect clients. Client Connection Log The client connection log displays a list of all client connect and disconnect activities, and allows you to track the history of a particular client connection.
Automated Security Manager Help Clears the log. If you want to retain a copy of the log that you are clearing, you must manually copy the date−stamped file in the \Enterasys Networks\NetSight Console\server\logs\admin.log. Database Tab This tab allows you to manage the password and connection URL for the database, and perform database backup and restore operations. You must be assigned the appropriate user capabilities to perform these functions.
Automated Security Manager Help you modify that password, and also view and modify the connection URL for the database. Password Click Change to display a window where you can enter a new password. The password is masked unless you select the checkbox to Show Password. You must restart both the NetSight Server and client after you change the database password. Connection URL Displays the URL the NetSight Server uses when connecting to the database.
Automated Security Manager Help User: The name of the user who initiated the lock. Authorization Group The authorization group the user belongs to. Client Type The type of client: Console or a NetSight plugin application. Client Host The client host machine. Duration The amount of time the lock has been held. Description A description of the lock. Refresh Button Refreshes the table and obtains updated lock information. Revoke Button Removes the selected lock.
Automated Security Manager Help Server Log Tab The Server Log displays all the events for the server. Server Log entries are listed by date and time, with newer entries listed at the bottom. A new Server Log is created every day. If the NetSight Server is local, you can view previous logs using the File tab. You can perform Find and Filter operations on Server Log entries to target specific entries of interest.
Automated Security Manager Help Use the drop−down list to select the number of lines you would like displayed in the log. Find: Enter the text or numeric value you want to find. Case Sensitive Select this checkbox to search based on an exact match of the upper or lowercase of the text entered in the Find field. Match Whole Word Select this checkbox to search based on an exact match of the whole word or numeric value entered in the Find field.
Automated Security Manager Help Display: Use the drop−down list to select the number of lines you would like displayed in the log. Filter: Enter the text or numeric value you want to use as a filter. Case Sensitive Select this checkbox to search based on an exact match of the upper or lowercase of the text entered in the Filter field. Match Whole Word Select this checkbox to search based on an exact match of the whole word or numeric value entered in the Filter field.
Automated Security Manager Help above the entries you can see the status of whether the entries are filtered or not filtered. Filter Button Performs the filter and displays the results. Clear Filter Button Removes any filters currently in effect. Refresh Button Displays and updates log entries, and removes any filters. The Server Log does not refresh automatically. If the Server Log is open and new entries are written to the log, you must click Refresh to update the log.
Automated Security Manager Help Select this button to view the current day's log. The name of the log and the path to where it is located is displayed in the field to the right. Previous Log Select this button to view a previous day's log. Click the Open button to open a file selection window where you can select the log you want to view. The file names are dated, in the format YYYY_MM_DD_events.log. The NetSight Server must be local in order to view previous logs.
Automated Security Manager Help Server License Limitations Information on the selected server license: • whether the server accepts connections from remote clients. • the maximum number of devices that can be managed by the server. • the maximum number of unique client hosts allowed to connect to the server. Installed Server Plugin The name of the installed server plugin application. Version The version of the server plugin application. License The license number of the server plugin application.
Automated Security Manager Help generate a product license. Refer to the instructions included with the License Entitlement ID that was sent to you.) Click Update. The license file will be updated with the new license text. Buttons Configure Opens the Configure Server window where you can configure various NetSight Server parameters such as the maximum number of concurrent client connections supported by the NetSight Server.
NetSight Server Statistics Window Use this window to view NetSight Server statistics. You can access the window by clicking the Server Stats button in the Server Information window. Click the graphic for more information. CPU The percentage of CPU being used by the NetSight Server. Object Heap Memory in Use The amount of object heap memory (in kilobytes) being used by the server. Heap memory refers to the amount of free memory available to the program.
snmptrapd.conf Text Editor Window This window lets you edit the content of the snmptrapd.conf file to define credentials that will be used by Console when receiving Inform messages. The File and Edit menus and toolbar provide facilities for editing and saving the snmptrapd.conf file. The SNMPTrap Service must be restarted after editing the file. For more information about Trap and Inform messages, refer to Traps and Informs. Sample snmptrapd.
Automated Security Manager Help myauthpassword MD5 or SHA − authentication type and authentication password (optional parameter − do not use when authentication is not used) myprivpassword DES − encryption type and encryption password − (optional parameter − do not use when encryption is not used or leave the encryption password blank if it is the same as the authentication password). Any time that the snmptrapd.conf file is changed, the SNMPTrap Service must be restarted.
Automated Security Manager Help either Remote Desktop or a third−party program, you can restart snmptrapd as follows: a. Go to the Taskbar Notification Area of the remote desktop. b. Locate the Services Manager and right click the icon ( ). g. Log out and close the telnet session. e. Type the command: NsSnmptrapd start f. Press Enter. g. Log out and close the telnet session. c. Select SNMP Trap > Restart.
Specify Program for Action/Undo Window When creating a rule, this window lets you: • customize the response to an event by selecting a program to be executed (Specify Program for Action) • specify an action that will be taken when a rule action is undone (Specify Program for Undo) In either case, the information you configure is the same for both windows, only the title of the window is different. The window is accessed from the ASM Configuration Window's Rule Definitions view.
Automated Security Manager Help myscript.bat such as: C:\Program Files\My Custom Files\myscript.bat –i %1 −m %2". 2. Uncheck all but the Threat IP and Threat MAC checkboxes and select Unformatted without spaces (you don't want to send any keyword (thip= or thmac=) to your script.). The variable %1 returns and %2 returns the If you are using PERL script, you might want to use a different argument variable, such as $ARGV[0] (First argument) or @ARGV (all arguments).
Automated Security Manager Help Action action Details dtls SNMP Parameters (note 1) SNMPv1, SNMPv2 Parameter SNMPv3 Keyword Parameter Keyword SNMP Read snmp="v1" ro SNMP Read snmp="v1" rw SNMP Read, SNMP Write, SNMP SU/ Max Acess snmp="v3" user seclevel authtype authpwd privtype privpwd SNMP Read snmp="v1" su Incident incident Note 1: When any SNMP parameter is selected, the snmp=value indicates the SNMP version and the subsequent parameters contain the values assigned for the credentials
Automated Security Manager Help And, for a script named myscript.bat, the resulting script command would be executed as: C:\Program Files\Enterasys Networks\NetSight Console\server\plugins\AutoSecMgr\scripts\my_script.bat my_sender_name dragon_id 00.00.1d.11.22.
Toolbar The ASM toolbar provides easy access to some of the more commonly used Automated Security Manager menu functions. Some Toolbar buttons may not be available, depending on your current selection within ASM. Pausing with your mouse pointer over toolbar icons displays tool tips showing each button's function. The Toolbar offers the following shortcuts to frequently used menu selections: Click areas in the window for more information.
Automated Security Manager Help Toolbar 236
Updates Available Window NetSight applications provide an easy way to download product updates using a web update operation accessed from Help > Check for Updates in the menu bar. The Updates Available window displays any new updates that are available for download, and lets you initiate the download operation. You must be assigned the appropriate user capability to access this view. Click the graphic for more information.
Automated Security Manager Help Details Opens the NetSight Updates Details window where you can see details on what each update includes.
Usage Window This window lets you view where rule variables are in use by ASM rules. The title of the window changes depending on the rule variable you have selected. The window lists the selected variables and the rule definition where each variable is used. The Usage window is accessed by clicking the Used In button in the Rule Variables views in the ASM Configuration window. Sample Usage Window.
Reference Information The References help folder contains information that is referenced by other help topics. Double−click the References help folder in the left panel to open the folder and navigate to topics describing a particular window.
Disable Log Entry Details If you experience ASM performance problems while under extreme network load, you can improve performance by disabling Log Entry Details. The Log Entry Details window displays information about a specific trap/action entry in the Automated Security Manager Activity Monitor, and can be useful for debugging purposes. The window is launched by double−clicking an entry in the Activity Monitor table. To disable Log Entry Details, edit your ASM properties file as follows: 1.
Automated Security Manager Help 802.1x Authentication (PAE) Port Access Entity module for managing IEEE 802.1X. Check this MIB to find other occurrences of an IP address or MAC address within your search scope. The values returned by searching this MIB are often duplicates of the values returned from other MIBs, so checking this MIB is usually not necessary. Enterasys MAC Locking Provides configuration and status objects pertaining to per port MAC Locking.
Automated Security Manager Help the Node/Alias (ctAlias) MIB. IGMP Standard MIB module for IGMP Management, it contains an IGMP Interface Table, having one row for each interface on which IGMP is enabled, and an IGMP Cache Table with one row for each IP multicast group for which there are members on a particular interface. Check this MIB to find other occurrences of an IP address or MAC address within your search scope.
Automated Security Manager Help Check this MIB to find other occurrences of an IP address or MAC address within your search scope. The values returned by searching this MIB are often duplicates of the values returned from other MIBs, so checking this MIB is usually not necessary. IP CIDR Route The IP CIDR Route Table obsoletes and replaces the ipRoute Table current in MIB−I and MIB−II and the IP Forwarding Table.
NetSight − Supported MIBs A B C D E F G H I J L M N O P Q R S T U V W Z A ACCOUNTING−CONTROL−MIB ADSL−LINE−MIB ADSL−TC−MIB AGENTX−MIB APPC−MIB APPLETALK−MIB APPN−TRAP−MIB APPLICATION−MIB APPN−DLUR−MIB APPN−MIB ATM−ACCOUNTING−INFORMATION−MIB ATM−MIB ATM−TC−MIB B BGP4−MIB BRIDGE−MIB C cabletron−traps cabletron−traps−irm CHARACTER−MIB chassis−mib CLNS−MIB COFFEE−POT−MIB community−mib COPS−CLIENT−MIB ctatm−config−mib ct−broadcast−mib ct−cmmphys−mib ct−container−mib ctELS100−NG−mib c
Automated Security Manager Help ctron−dcm−mib ctron−deciv−router−mib ctron−device−mib ctron−dhcp−mib ctron−dlsw−mib ctron−download−mib ctron−elan−mib ctron−environment−mib ctron−ethernet−parameters ctron−etwmim−mib ctron−fddi−fnb−mib ctron−fddi−stat−mib ctron−fnbtr−mib ctron−frontpanel−mib ctron−if−remap−2−mib ctron−if−remap−mib ctron−igmp−mib ctron−ip−router−mib ctron−ipx−router−mib ctron−mib−names ctron−nat−mib ctron−oids ctron−orp−hsim−mib ctron−portmap−mib ctron−power−supply−mib
Automated Security Manager Help D DECNET−PHIV−MIB DIAL−CONTROL−MIB DIRECTORY−SERVER−MIB DISMAN−EVENT−MIB DISMAN−EXPRESSION−MIB DISMAN−NSLOOKUP−MIB DISMAN−PING−MIB DISMAN−SCHEDULE−MIB DISMAN−SCRIPT−MIB DISMAN−TRACEROUTE−MIB dlm−mib DLSW−MIB DNS−RESOLVER−MIB DNS−SERVER−MIB DOCS−BPI−MIB DOCS−CABLE−DEVICE−MIB DOCS−IF−MIB dot5−log−mib dot5−phys−mib DOT12−IF−MIB DOT12−RPTR−MIB DS0BUNDLE−MIB DS0−MIB DS1−MIB DS3−MIB DSA−MIB E EBN−MIB els100−s24tx2m−mib enterasys−802do enterasys−8021x−e
Automated Security Manager Help F fast−ethernet−mib FLOW−METER−MIB FRAME−RELAY−DTE−MIB FDDI−SMT73−MIB FR−ATM−PVC−SERVICE−IWF−MIB FRNETSERV−MIB FIBRE−CHANNEL−FE−MIB FR−MFR−MIB G garp−mib H HCNUM−TC HOST−RESOURCES−TYPES HOST−RESOURCES−MIB HPR−IP−MIB HPR−MIB I IANA−ADDRESS−FAMILY−NUMBERS−MIB IANAifType−MIB IANA−LANGUAGE−M IANA−RTPROTO−MIB IANATn3270eTC−MIB IEEE802dot11−MIB IEEE8021−PAE−MIB IEEE8023−LAG−MIB IF−INVERTED−STACK IF−MIB IGMP−STD−MIB INET−ADDRESS−MIB INTEGRATED−SERVICES−GUA
Automated Security Manager Help L lan−emulation−client−mib M MAU−MIB MIP−MIB Modem−MIB MTA−MIB MIOX25−MIB N netlink−specific−mib NETWORK−SERVICES−MIB network−diags−mib NHRP−MIB NOTIFICATION−LOG−MIB O OSPF−MIB OSPF−TRAP−MIB P P−BRIDGE−MIB PINT−MIB PPP−SEC−MIB PARALLEL−MIB PPP−BRIDGE−NCP−MIB Printer−MIB PerfHist−TC−MIB PPP−IP−NCP−MIB PTOPO−MIB PIM−MIB PPP−LCP−MIB Q Q−BRIDGE−MIB L 249
Automated Security Manager Help R RADIUS−ACC−CLIENT−MIB RADIUS−ACC−SERVER−MIB RADIUS−AUTH−CLIENT−MIB RADIUS−AUTH−SERVER−MIB RDBMS−MIB repeater−mib−2 repeater−rev4−mib RFC1065−SMI RFC1155−SMI RFC1213−MIB RFC1269−MIB RFC1271−MIB RFC1285−MIB RFC1316−MIB RFC1381−MIB RFC1382−MIB RFC1414−MIB RFC−1212 RFC−1215 ripsap.txt RIPv2−MIB RMON2−MIB RMON−MIB roamabout−mib.
Automated Security Manager Help U UDP−MIB UPS−MIB ups2−mib usm−target−tag−mib V VRRP−MIB v2h124−24−mib.
Traps and Informs SNMP Notification messages (Traps and Informs) provide the mechanism for one SNMP application to notify another SNMP application that something has occurred or been noticed. The SNMPv3 protocol mandates that all notification message be rejected unless the SNMPv3 user sending the notification already exists in the remote SNMP agent's user database.
Automated Security Manager Help myUser security user name myauthpassword MD5 myprivpassword DES or SHA − authentication type and authentication password (optional parameter − do not use when authentication is not used) − encryption type and encryption password − (optional parameter − do not use when encryption is not used or leave the encryption password blank if it is the same as the authentication password). SNMPv3 Informs Inform notifications require two−way communication.
Automated Security Manager Help myauthpassword MD5 or SHA − authentication type and authentication password (optional parameter − do not use when authentication is not used) myprivpassword DES − encryption type and encryption password − (optional parameter − do not use when encryption is not used or leave the encryption password blank if it is the same as the authentication password). Restart the SNMPTrap Service Any time that the snmptrapd.conf file is changed, the SNMPTrap Service must be restarted.
