Internet Security Systems Proventia A1204 User Manual Download | Manualshive

Page: 24 / 42

background image

Chapter 2: Configuring and Viewing Appliance Settings

16

Configuring Packet Captures

Introduction

The Proventia A604, A1204, and A1204F appliances can capture attack packets that you
can view and analyze from the SiteProtector management console. The system associates
these captured packets with specific events, which can benefit a forensic investigation.

Where configured

You configure packet captures on the SiteProtector management console.

Overview

To configure packet captures, you must first set the LOGDB response in the Policy Editor
to the LogwithRaw response name. The LOGDB response displays the detected event on
the monitoring console. Together with the Display response, raw data from the
LogWithRaw response is translated into a format that appears in the Event Details
window on the management console. There are two packet capture files:

FirstPacket.enc

and

LastPacket.enc

. These packet capture files display as icons in the Event Details

window, under the Attribute value.

Reference:

For more information about using the Policy Editor, see the

ISS Response,

Policy, and Event Collector Help

.

Setting the
LogwithRaw
response

To set the LOGDB response to LogwithRaw:

1. In the SiteProtector Site Manager, select the appliance.

2. Select

Apply

Policy

.

The Select Policy window opens.

3. Select the policy, and then click

Derive New

.

4. In the Policy Editor window, select the tab for the type of event to which you are

assigning responses.

5. In the signature pane, click the signature to which you want to assign responses.

6. The response list in the right pane displays the responses that are currently assigned

to this signature.

7. Select the check box next to the LOGDB response type.

8. Select the

LogwithRaw

response name.

9. From the

File

menu, select

Save

.

A confirmation message appears.

10. Click

OK

.

11. From the

File

menu, select

Exit

.

12. Select the policy, and then click

OK

.

The policy opens.

13. Verify that the policy is correct, and then click

OK

.

Viewing packet
captures

To view packet captures:

1. In the SiteProtector SiteManager, select the

Network

Sensor

Analysis

tab.

A list of events by tag name appears.

2. Select a row, and then right-click the tag name.

«
...
22
23
24
25
26
...
»

Summary of Contents for Proventia A1204

Page 1: ...TM A604 A1204 and A1204F Appliance User Guide...

Page 2: ...raSPARC are trademarks or registered trademarks of Sun Microsystems Inc in the United States and other countries All SPARC trademarks are used under license and are trademarks or registered trademarks...

Page 3: ...the Network Configuration Settings 7 Changing the Host Configuration Settings 8 Changing the Date and Time Settings 9 Changing the Time Zone Setting 10 Viewing Appliance Host Network Configuration Da...

Page 4: ...iv Contents...

Page 5: ...ging configuration settings reinstalling the appliance software Audience This guide is intended for current and new users of the appliances First version of this guide The Proventia A604 A1204 and A12...

Page 6: ...this guide Use this guide together with the Proventia A604 A1204 and A1204F Appliance Quick Start Card Related publications For additional information see the following publications SiteProtector Hel...

Page 7: ...A file name folder name path name or other information that you must type exactly as shown Save the User txt file in the Addresses folder Type IUSR__SMA in the Username box Constant width italic A fil...

Page 8: ...rmation The following table provides email addresses and telephone numbers for technical support requests Location Hours Americas 24 hours a day All other locations Monday through Friday 9 00 A M to 6...

Page 9: ...tion This chapter describes the Proventia A604 A1204 and A1204F appliances It also contains instructions for logging on to the local configuration interface In this chapter This chapter contains the f...

Page 10: ...estions Installing and configuring an appliance ISS delivers appliances with pre installed software See the Quick Start Card that is provided with the appliance for instructions on installing the appl...

Page 11: ...to the serial port on the rear panel of the appliance Specify 8 data bits no parity and 1 stop bit 8 N 1 Set the computer to VT 100 terminal emulation mode at 9600 bps Set flow control to None Select...

Page 12: ...Chapter 1 Introduction to Proventia A604 A1204 and A1204F Appliances 4...

Page 13: ...ation Settings 7 Changing the Host Configuration Settings 8 Changing the Date and Time Settings 9 Changing the Time Zone Setting 10 Viewing Appliance Host Network Configuration Date Time and Time Zone...

Page 14: ...onfiguration interface and log in as described in Setting Up a Local Configuration Interface and Logging In on page 3 2 Select Change Admin Password from the Configuration menu and then press ENTER 3...

Page 15: ...he network configuration settings 1 Set up a local configuration interface and log in as described in Setting Up a Local Configuration Interface and Logging In on page 3 2 On the Configuration menu se...

Page 16: ...d SNMP responses You must specify the IP address of the appliance s mail server when you define the Email response on the management console The appliance must have network access to the mail server F...

Page 17: ...nd time settings 1 Set up a local configuration interface and log in as described in Setting Up a Local Configuration Interface and Logging In on page 3 2 On the Configuration menu select Set Date and...

Page 18: ...Local Configuration Interface and Logging In on page 3 2 On the Configuration menu select Set Timezone and then press ENTER 3 Select the continent or ocean in which the appliance is located and then p...

Page 19: ...eway of the appliance management interface the hostname domain name and name server if provided during initial installation of the appliance the current date time and time zone settings of the applian...

Page 20: ...ration interface and log in as described in Setting Up a Local Configuration Interface and Logging In on page 3 2 On the Configuration menu select Agent Status and then press ENTER The appliance displ...

Page 21: ...al configuration interface and log in as described in Setting Up a Local Configuration Interface and Logging In on page 3 2 On the Configuration menu select Agent Status and then press ENTER The appli...

Page 22: ...cannot communicate with the appliance Procedure To allow SiteProtector access 1 Set up a local configuration interface and log in as described in Setting Up a Local Configuration Interface and Logging...

Page 23: ...ce and log in as described in Setting Up a Local Configuration Interface and Logging In on page 3 2 On the Configuration menu select Configure RSKill and then press ENTER The RSKill Configuration scre...

Page 24: ...ute value Reference For more information about using the Policy Editor see the ISS Response Policy and Event Collector Help Setting the LogwithRaw response To set the LOGDB response to LogwithRaw 1 In...

Page 25: ...pairs and then look at the Attribute value An icon appears under the Attribute value to indicate that packet data has been captured 5 Double click the icon A text file appears in the right pane This...

Page 26: ...affect the Network_Quiet high and Network_Normal low audit events The Network_Quiet event indicates that the level of network activity is unusually quiet The packets per sampling interval has dropped...

Page 27: ...he Sensor Properties window select the Advanced Parameters tab 5 Select the parameter name and then click Edit The Advanced Value window appears 6 Edit the value setting and then click OK 7 Repeat Ste...

Page 28: ...most circumstances you do not need to change these parameters However you may want to customize the parameters if you change the name of the adapter or change the segment that the adapter is monitori...

Page 29: ...In the SiteProtector SiteManager select the Sensor Analysis tab A list of events appears 2 Select an event and then right click it 3 Select View event details The Event Details window appears 4 In th...

Page 30: ...local configuration interface and log in as described in Setting Up a Local Configuration Interface and Logging In on page 3 2 On the Configuration menu select Shutdown Reboot A604 or A1204 and then...

Page 31: ...the Local Configuration Interface Introduction Log out of the local configuration interface when you are finished viewing or changing the appliance s settings Procedure To log out of the local config...

Page 32: ...Chapter 2 Configuring and Viewing Appliance Settings 24...

Page 33: ...Introduction This chapter describes techniques for troubleshooting appliance problems and includes the procedures for reinstalling the appliance software In this chapter This chapter contains the fol...

Page 34: ...fy that the appliance is running If your appliance is not running contact ISS Customer Support at support iss net Reinstalling the appliance To reinstall the appliance 1 If there is a bezel cover on t...

Page 35: ...nded and Name Server recommended for the appliance and then press ENTER Note The appliance uses domain names and DNS information to send Email and SNMP responses If you do not provide this information...

Page 36: ...sponse next in this topic Configuring the RSKILL response To configure the RSKILL response 1 Do you want to configure the RSKill response If yes type y and then go to Step 2 If no type n and then go t...

Page 37: ...plays a message when the configuration is complete 6 Go to Applying settings and logging out next in this topic Applying settings and logging out To apply settings and log out 1 Press ENTER to continu...

Page 38: ...e ISS Customer Support with additional troubleshooting options You may need to change these settings to help resolve problems with the appliance software Caution ISS recommends that you contact Techni...

Page 39: ...cedures vii in this manual vii customizing no packet alert settings 19 d date and time changing settings for 9 DHCP server 15 28 domain names 8 11 27 e Email responses 8 27 g gateway MAC address 15 28...

Page 40: ...g the network and host 27 logging in and changing the password 26 required procedures 26 restarting the agent 13 RSKILL response v 15 26 28 s shutting down or rebooting the appliance 22 SiteProtector...

Page 41: ...d iii Licensee has promptly and properly installed all corrections new versions and updates made available by ISS to Licensee Further more this limited warranty shall not apply to nonconformities aris...

Page 42: ...arty or its suppliers that is marked as confidential Each party acknowledges that during the term of this Agreement it will be exposed to Confidential Information of the other party The obligations of...

Reviews:

No comments

Related manuals for Proventia A1204

Brand: Yamaha Pages: 6

Brand: Yamaha Pages: 4

Brand: Yamaha Pages: 22

Brand: Yamaha Pages: 49

Brand: Queclink Pages: 9

Brand: Oracle Pages: 24

HHM Series HHM2411

Brand: TDK Pages: 2

Marconi OMS 1200

Brand: Ericsson Pages: 136

Brand: Digi Pages: 116

HIRESCHMANN IT MAMMUTHUS MTM8003-FAN

Brand: Belden Pages: 84

Mercury FireWire 400

Brand: OWC Pages: 2

Brand: C-Smartlink Pages: 7

Brand: mikroElektronika Pages: 2

Brand: Icy Box Pages: 2

Brand: LevelOne Pages: 11

Brand: OPTO 22 Pages: 28

Brand: 3Com Pages: 53

Brand: iNetVu Pages: 20

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands