Manualshelf

Specifications

ManualsBrandsCabletron Systems ManualsComputer equipmentETWMIM
31323334353637383940
Getting Started with
Automated Security Manager
Automated Security Manager (ASM) can help you manage responses to serious network security threats. This
topic takes you through the configuration steps needed to receive events from Dragon Intrusion Defense
System, then create ASM rules and apply them, either automatically or through manual confirmation, to
respond to network security threats.
Before you begin:
You should have an SNMPv3 Credential defined in Console with AuthPriv access.
You should know:
The IP Address or hostname of the system where you are running Dragon
The username and password that allows administrator access to Dragon
The IP Address or hostname of the system where you are running ASM
Getting started consists of the following tasks:
Populate the Console database. Refer to the Console Help to Discover, Import, or manually Add
network elements that you want to protect with ASM.
TIP: Spend some time creating Device Groups that are meaningful for your network. Although
Console provides pre−defined folders, you'll find that creating your own unique device
groups will make it easier to define ASM Search Scopes later. For example, you could create
new groups for your network elements organized by geographic region, data center,
building, floor, etc., then drag and drop devices into these new groups.
Configure Console's SNMPTrap Service − This involves identifying user credentials that will be used
with SNMPv3 trap messages.
Configure the IDS − The IDS must be set to recognize specific events and provide notification
messages to Automated Security Manager (ASM). (The following instructions provide examples of
basic configuration for the Dragon Intrusion Defense System. If you are using a different IDS, refer to
that product's documentation to configure the corresponding features.)
For this topic, we'll configure a predictable event and test the ability of Dragon to notify ASM. More
complex configuration is beyond the scope of this topic.
Configure Automated Security Manager − The Automated Security Manager Configuration Window
takes you step−by−step through creating Rules that respond to events sent from the IDS.
Trigger a Test Trap − Attempt to access the Dragon host using the community name PRIVATE.
Configure Console's SNMP Trap Service
Dragon uses Inform messages to notify Console of a threat, which means that Console's SNMPTrap Service
(snmptrapd) must know the user credentials of the sending agent (on the Dragon device) before the message
can be received. If this information is not provided, trap messages will be dropped by SNMPTrap Service. To
learn more about Traps and Informs, read the Traps and Informs help topic. The user credentials configured
here must match the user credentials configured on Dragon.
Getting Started with Automated Security Manager 30