Specifications
How To Send a Test Incident to ASM
This tool lets you test and debug the search scopes, and actions to verify ASM's response to an event. You can
perform a basic test that sends a inform message directly to ASM, bypassing the SNMPTrap Service or you
can configure a more comprehensive test to test the complete path (IDS to SNMPTrap Service/Console to
ASM), simulating exactly the workings of an actual inform message. This more comprehensive test requires
that the SNMP message be correctly specified (including authentication credentials) and that Console's
SNMPTrap Service is running.
NOTES:
Your client system must have SNMP access to the server to use the Test response by
sending an SNMP trap to ASM level of testing.
1.
The NetSight SNMPTrap Service (snmptrapd) must be configured with Security User
credentials and/or Engine IDs for devices from which Console's SNMPTrap Service
(snmptrapd) will accept SNMPv3 Notification messages. Without this information,
notification messages are dropped by SNMPTrap Service. The traps do not appear in
the Events view and ASM will not receive notification. Refer to How to Configure the
SNMPTrap Service to learn more about configuring SNMPTrap Service.
2.
To test a response by sending threat information directly to
ASM:
Select Test a response by sending threat information directly to ASM.1.
Set the parameters under the heading Specify parameters of test incident for the test incident that
will be sent to ASM:
Sender ID − This is a unique identifier associated with the intrusion detection system that
detected the security event.
•
Sender Name − The sender name being tested. This is a unique name associated with the
intrusion detection system that detected the event. Sender Names are case sensitive.
•
Threat Category − The event category being tested. ASM's default event categories
categories are ASM_ATTACK, ASM_COMPROMISE, ASM_INFORMATIONAL, and
ASM_MISUSE. Event Category Names are case sensitive.
•
Signature − A signature provides a unique identifier for the threat being tested.•
Threat IP − This is the address where the threat was detected and where ASM will apply an
action if one is configured for this threat.
•
2.
Click Send Incident to ASM. Your incident should appear in the table in the ASM Monitor window.3.
To perform a more comprehensive test:
Select Test response by sending an SNMP trap to ASM.1.
Set the parameters for the basic test (Specify parameters of test incident to be sent to ASM).2.
Set the parameters under the heading Specify additional parameters for sending SNMP trap.
SNMPv3 User Name − The user name of the simulated user.•
Authentication Type − The authentication method used for the inform (MD5 or SHA)
message.
•
Authentication Password − The authentication password of the simulated user.•
Privacy Type − The encryption method used for the inform (DES or None) message.•
Privacy Password − The encryption password for the simulated user.•
3.
How To Send a Test Incident to ASM 69