Manualshelf

Specifications

ManualsBrandsCabletron Systems ManualsComputer equipmentETWMIM
41424344454647484950
Enter a Name for your new Alarm and click Save.f.
Deploy your new trap configuration.
Click DEPLOYMENT in the left panel.a.
Click Deploy to activate your trap configuration.b.
7.
Configuring Automated Security Manager
The following steps create an action rule to recognize any trap from the Dragon host device and record the
event in the ASM Activity Log.
In ASM, select Tools > ASM Configuration from the menu bar.1.
In the Groups and Devices tree, select My Network and click Include. Click Continue.2.
Click Continue in the Excluded Port Types view.3.
Click Continue in the Excluded Ports view.4.
Click Create in the Rule Definitions view. The Create Rule window opens.5.
Enter a Name for the new rule and click Apply, then Close.6.
Leave the remaining settings set to their default values. This will allow matching any event category,
recording the event in the ASM Activity Monitor, but no action will be taken.
7.
Click Save in the ASM Configuration window.8.
Keep the ASM Activity Monitor window open so you can view the log while triggering a test trap
message.
9.
Trigger a Test Trap
To test the connection between Dragon and ASM, we will use MIB Tools to attempt to access the Dragon host
using the community name PRIVATE.
In the ASM Activity Monitor window, make sure that the Operation Mode is set to either Search and
Respond or Search Only.
1.
In Console main window, right click on the Dragon device in the left−panel tree and select MIB Tools
from the menu.
2.
Select Use SNMPv1 from the Select Protocol drop−down list in the upper right of the MIB Tools
window and enter PRIVATE as the Community Name. Click Contact.
You should see one or more traps recorded in the ASM Activity Monitor. If this does not occur,
review the preceding steps checking for errors.
3.
What's Next
If you were able to successfully trigger and record a trap in ASM, then you're ready to configure additional
Dragon events and enable ASM to provide responses to protect the integrity of your network.
In the preceding exercise we triggered a trap message to ASM for a specific event (logging on using the
community name, PRIVATE). ASM recognized the trap because it was able to match the character string
defined by the Enterasys Networks' Threat Notification MIB object,
etsysThreatNotificationThreatCategory
, in this case ASM_ATTACKS, with a corresponding Event
Category defined in ASM. To be recognized by ASM, the text string in the event messages sent by an IDS
must match exactly with an Event Category name defined in ASM. (Event categories are defined in ASM
Configuration − Rule Variables.)
Automated Security Manager Help
Configuring Automated Security Manager 34