The dashboards contain various gadgets that provide information on sensors, including sensor health, sensor status, security alerts, and event statistics.
The Dashboard view features two default dashboards:
* Health Dashboard: Contains gadgets with information about selected sensor health, status, licenses, and utilization.
* Events Dashboard: Contains gadgets with graphs and statistics about attackers, victims, and signatures.
You can add and customize your own dashboard and add gadgets based on the items you would like to track within the sensor.
To add a dashboard, choose Home > Dashboards and click Add Dashboards. A blank untitled dashboard appears and is named CCNP Security in this example.
Based on your security standards and requirements, you can customize the metrics that are used to determine the health of the IPS in the Sensor Health pane. This can be done by choosing Configuration Sensor Name > Sensor Management > Sensor Health.
A metric must be selected, or it will not show up in the health status results. You can accept the default configuration or edit the values.
The IPS produces a health and security event when the overall health status of the IPS changes.
Adding Gadgets
With the CCNP Security dashboard successfully added, the next step is to add gadgets to the dashboard. To know which gadgets are available and which to choose, navigate to Home > Dashboards and click Add Gadgets. Double-click a gadget icon or drag and drop a gadget to add it to the dashboard. After the gadgets are added, click Add Gadgets again to hide them.
Cisco IME provides 14 built-in gadgets:
* Sensor Information: Displays the most important sensor information, such as device type, IPS version, analysis engine status, host name, and IP address.
* Sensor Health: Displays two meters: the Sensor Health meter and the Network Security Health meter. They indicate the overall system health and overall network security health, respectively. The meters have three color scales - green, yellow, and red - to depict Normal, Needs Attention, and Critical.
* Licensing: Displays the license status and signature and engine versions of the sensor.
* Interface Status: Displays the status of the interfaces, whether enabled, whether up or down, mode, packets transmitted, and received.
* Global Correlation Reports: Displays the alerts and denied packets resulting from reputation data and traditional detection techniques.
* Global Correlation Health: Displays the status of global correlation and the network participation status, counters, and connection history.
* Network Security: Displays graphs of the event count and the average threat rating and risk rating values, including the maximum threat rating and risk rating values over a configured time period. The sensor aggregates these values and puts them in one of three categories: green, yellow, or red.
* Top Applications: Displays the top ten services ports that the sensor has observed over the past 10 seconds.
* CPU, Memory and Load: Displays the current sensor CPU, memory, and disk usage. If the sensor has multiple CPUs, multiple meters are presented.
* RSS Feed: A generic RSS feed gadget. By default, the data is fed from Cisco securiyt advisories. You can customize and add more RSS feeds.
* Top Attackers: Displays the top number of attacker IP addresses that occured in the last configured time interval. You can configure the top number of attacker IP addresses for 10, 20, and 30. You can configure the time interval to cover the last hour, last 8 hours, or last 24 hours. You can also filter this information.
* Top Victims: Displays the top number of victim IP addresses that occured in the last configured time interval.
* Top Signatures: Displays the top number of signatures that occured in the last configured time interval. You can also filter this information.
* Attacks Over Time: Displays the attack counts in the last configured interval. Each set of data in the graph is the total alert counts that IME recieved during each minute. You can configure the time interval to cover the last hour, last 8 hours, or last 24 hours. You can also filter this information.
The Dashboard view features two default dashboards:
* Health Dashboard: Contains gadgets with information about selected sensor health, status, licenses, and utilization.
* Events Dashboard: Contains gadgets with graphs and statistics about attackers, victims, and signatures.
You can add and customize your own dashboard and add gadgets based on the items you would like to track within the sensor.
To add a dashboard, choose Home > Dashboards and click Add Dashboards. A blank untitled dashboard appears and is named CCNP Security in this example.
A metric must be selected, or it will not show up in the health status results. You can accept the default configuration or edit the values.
The IPS produces a health and security event when the overall health status of the IPS changes.
Adding Gadgets
With the CCNP Security dashboard successfully added, the next step is to add gadgets to the dashboard. To know which gadgets are available and which to choose, navigate to Home > Dashboards and click Add Gadgets. Double-click a gadget icon or drag and drop a gadget to add it to the dashboard. After the gadgets are added, click Add Gadgets again to hide them.
Cisco IME provides 14 built-in gadgets:
* Sensor Information: Displays the most important sensor information, such as device type, IPS version, analysis engine status, host name, and IP address.
* Sensor Health: Displays two meters: the Sensor Health meter and the Network Security Health meter. They indicate the overall system health and overall network security health, respectively. The meters have three color scales - green, yellow, and red - to depict Normal, Needs Attention, and Critical.
* Licensing: Displays the license status and signature and engine versions of the sensor.
* Interface Status: Displays the status of the interfaces, whether enabled, whether up or down, mode, packets transmitted, and received.
* Global Correlation Reports: Displays the alerts and denied packets resulting from reputation data and traditional detection techniques.
* Global Correlation Health: Displays the status of global correlation and the network participation status, counters, and connection history.
* Network Security: Displays graphs of the event count and the average threat rating and risk rating values, including the maximum threat rating and risk rating values over a configured time period. The sensor aggregates these values and puts them in one of three categories: green, yellow, or red.
* Top Applications: Displays the top ten services ports that the sensor has observed over the past 10 seconds.
* CPU, Memory and Load: Displays the current sensor CPU, memory, and disk usage. If the sensor has multiple CPUs, multiple meters are presented.
* RSS Feed: A generic RSS feed gadget. By default, the data is fed from Cisco securiyt advisories. You can customize and add more RSS feeds.
* Top Attackers: Displays the top number of attacker IP addresses that occured in the last configured time interval. You can configure the top number of attacker IP addresses for 10, 20, and 30. You can configure the time interval to cover the last hour, last 8 hours, or last 24 hours. You can also filter this information.
* Top Victims: Displays the top number of victim IP addresses that occured in the last configured time interval.
* Top Signatures: Displays the top number of signatures that occured in the last configured time interval. You can also filter this information.
* Attacks Over Time: Displays the attack counts in the last configured interval. Each set of data in the graph is the total alert counts that IME recieved during each minute. You can configure the time interval to cover the last hour, last 8 hours, or last 24 hours. You can also filter this information.
No comments:
Post a Comment