Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

Index

IN-33

User Guide for Cisco Security Manager 4.4

OL-28826-01

upgrading to permanent license 10-16

event

lists

52-4

add/edit 52-5

syslog class

add/edit

52-6

syslog message ID

add/edit

52-6

Event Action Filters page 39-7

Event Action Override dialog box 39-14

Event Action Overrides page 39-13

event actions, IPS

configuring filter rules

39-4

configuring network information 39-14

configuring OS maps 39-18

configuring overrides 39-13

configuring settings 39-21

configuring target value ratings 39-15

example filter rule 66-58

filter rule attributes 39-9

filter rules policy 39-7

filter rules tips 39-6

overview 39-1

possible actions 39-2

process overview 39-1

Event Management page 11-22

Event Manager service

configuring

66-27

managing 66-27

monitoring event store disk space 66-31

monitoring status 66-28

selecting devices to monitor 66-31

starting and stopping 66-27

status icon colors 66-28

events

archiving (backing up) the event data store

66-32

configuring firewall devices (ASA, FWSM) 66-25

configuring IPS devices 66-26

copying 66-48

CS-MARS 69-32

looking up 69-27

looking up policies based on related events 69-31

Netflow support for policy lookup 69-33

viewing access rule events 69-28

viewing IPS signature events 69-30

ensuring time synchronization 66-25

Event Viewer

clearing filters

66-44

context menu 66-45

filtering by column 66-41

filtering by events 66-43

filtering overview 66-39

looking up policies based on related events 66-48

refreshing event table 66-40

selecting time range 66-39

text searches (quick filter) 66-44

using time slider with filtering 66-40

examining details 66-47

examples of analysis

mitigating botnet activity

66-56

monitoring and mitigating botnet activity 66-52

monitoring botnet activity using ASDM 66-56

monitoring botnet activity using Event

Viewer

66-53

monitoring botnet activity using Report

Manager

66-55

monitoring identity-aware firewall policies 13-27

monitoring TrustSec policies 14-14

overview 66-50

removing false positive IPS events 66-58

understanding botnet syslog events 66-53

user access to server blocked 66-50

performing operations on 66-45

properties 66-16

recovering the event data store 66-32

saving to a file 66-48

understanding Event Viewer access control 66-3

viewing 66-1

previous next