Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
361362363364365366367368369370
OmniAccess SafeGuard OS Administration Guide
370
Chapter 10: Detecting and Isolating Malware Security Threats
Before configuring malware mirroring, configure policy-based mirroring as described in
Configuring Policy-Based Mirroring on page 323. To enable malware mirroring, use the
malware action mirror command in Global Configuration mode:
malware action mirror [disable | enable seconds]
If a second malware event occurs while the system is mirroring an existing event, the
mirroring timer restarts for the host. Mirroring can be enabled or disabled at run time
;
disabling stops all outstanding mirroring, enabling only affects future malware events.
The following example enables mirroring on port 9 of a OmniAccess 1000 SafeGuard.
Each event will be mirrored for 90 seconds:
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #monitor policy-based destination m1 0/9
(SafeGuardOS) (config) #malware action mirror enable 90
(SafeGuardOS) (config) #exit
(SafeGuardOS) #
To verify the setting for mirroring, see Displaying Malware Actions on page 373.
Displaying Malware Configurations
Following are Privileged Exec Show commands to display malware and malware-policy
related configurations:
Syntax Description disable Malware traffic is not mirrored.
enable Malware traffic is mirrored for all ports for
future events.
seconds The amount of time that traffic is mirrored.
Valid values are from 15 to 180 seconds. The
default is 60 seconds.
Command Use
show dns file Displays DNS server IP addresses.
show policy malware Displays either the named malware policy or all
malware policies.
show policy name-resolution Displays either the DNS names or the refresh interval.
show user-role Displays either a single user-role or all user-roles.
show malware action Displays the system action for malware detection.