content












Cisco Secure Intrusion Detection System








12.2
Alarm Reporting



12.2.10
Alarm Source
report





The Alarm Source report has the
following configurable filters: 

Time RangeThe time range filter
enables the network security administrator to generate a report
within a specified time range.

Time ZoneDrop-down menu that
enables you to select the appropriate time zone.
Since dawn of timeThe default
selection that will query the database for the oldest possible
record.
LastThis filter enables you
to query the database based on alarms received within the last
hour, day, minute, or second.
Start/EndDrop-down menus that
enable you to specify a time range in which to query the
database for alarms.




Destination DirectionThe source
direction filter enables the network security administrator to generate a report based on the destination of the attack.

Destination DirectionDrop-down
menu that enables you to select the keyword IN or OUT as the
direction.




SignaturesThe signatures filter
enables the network security administrator to generate a report
based on all signatures, specific signatures, or signature
categories.

All SignaturesAll known CIDS
signatures.
General SignaturesSelection
box that enables you to select a specific signature or
multiple signatures.
Signature CategoriesSelection
box that enables you to select a specific signature category
for multiple categories. Figure
lists the categories from which to select.




Source IP AddressThe Source IP
address filter enables the security administrator to generate a
report based on the source IP address of the attack.

Any AddressAll destination
addresses are included.
Single AddressA specific IP
address is specified. The IP address is specified by choosing
a value for each IP address octet from a drop-down menu.
Address RangeA range of IP
addresses are included from the given Start Address to the End
Address. The Start and End IP addresses are specified by
choosing a value for each IP address octet from a drop-down
menu.




Destination IP AddressThe
Destination IP address filter enables the security administrator
to generate a report based on the destination IP address of the
attack.

Any AddressAll destination
addresses are included.
Single AddressA specific IP
address is specified. The IP address is specified by choosing
a value for each IP address octet from a drop-down menu.
Address RangeA range of IP
addresses are included from the given Start Address to the End
Address. The Start and End IP addresses are specified by
choosing a value for each IP address octet from a drop-down
menu.



Note: Zero is currently not
included as a valid range for any octet.

Alarm LevelThe alarm level filter
enables the network security administrator to generate a report
based on the alarm severity level.

Alarm LevelSelection box that
enables you to select a specific alarm severity level. The
possible values are Low, Medium, and High.




Alarm CountThe Alarm Count filter
enables the network security administrator to generate a report
based on the number of alarms.

Alarm CountA numeric value
must be entered in the Alarm Count text box.




SensorThe Sensor filter enables
the network security administrator to generate a report based on a
CIDS Sensor name.

SensorSelection box that
enables you to select a specific Sensor name or multiple
Sensor names. The possible values are Sensor names known to
CSPM.



  









Wyszukiwarka

Podobne podstrony:
content
content
content
content
content
content
content
content
content
function domnode get content
content
content
content
content
content
content

więcej podobnych podstron