Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword or section
Like this
15Activity
×

Table Of Contents

Components of the Sourcefire 3D System
•Real-time Network Awareness (RNA) on page15
Real-time Network Awareness (RNA)
Intrusion Prevention System (IPS)
Real-time User Awareness (RUA)
PEP Traffic Management
Defense Centers
Master Defense Centers
Intrusion Agents
RNA for Red Hat Linux
RNA and IPS for Crossbeam Systems
eStreamer
Logging into the Appliance
Logging into the Appliance to Set Up an Account
Logging Out of the Appliance
Last Successful Login
Specifying Your User Preferences
Changing Your Password
Changing an Expired Password
Configuring Event View Settings
Setting Your Default Time Zone
Specifying Your Home Page
To specify your home page:
Specifying Your Default Dashboard
To specify your default dashboard:
Using the Context Menu
Documentation Resources
Documentation Conventions
Platform Requirements Conventions
Access Requirements Conventions
IP Address Conventions
Setting Up 3DSensors
Setting up Defense Centers
Communication Ports
What’s Next?
Administrator User Tasks
Maintenance User Tasks
Policy & Response Administrator User Tasks
RNA Event Analyst User Tasks
Intrusion Event Analyst User Tasks
•Understanding Dashboard Widgets on page60
Understanding Dashboard Widgets
•Understanding Widget Availability on page61
Understanding Widget Availability
Sourcefire Appliances and Dashboard Widget Availability
Understanding Widget Preferences
Understanding the Predefined Widgets
Understanding the Appliance Information Widget
Understanding the Appliance Status Widget
Understanding the Compliance Events Widget
Understanding the Current Interface Status Widget
Understanding the Current Sessions Widget
Understanding the Custom Analysis Widget
•Configuring the Custom Analysis Widget on page72
Configuring the Custom Analysis Widget
Viewing Associated Events from the Custom Analysis Widget
Understanding the Disk Usage Widget
Understanding the Interface Traffic Widget
Understanding the Intrusion Events Widget
Understanding the Network Compliance Widget
Understanding the Product Licensing Widget
Understanding the Product Updates Widget
Understanding the RSS Feed Widget
Understanding the System Load Widget
Understanding the System Time Widget
Understanding the White List Events Widget
Working with Dashboards
•Creating a Custom Dashboard on page89
Creating a Custom Dashboard
Viewing Dashboards
Modifying Dashboards
•Changing Dashboard Properties on page93
Deleting a Dashboard
Using the Defense Center
Management Concepts
•The Benefits of Managing Your Sensors on page100
The Benefits of Managing Your Sensors
What Can Be Managed by a Defense Center?
Understanding Software Sensors
Managing 3DSensor Software with RNA for Crossbeam
Managing 3DSensor Software with IPS for Crossbeam
Beyond Policies and Events
Using Redundant Defense Centers
Working in NAT Environments
Working with Sensors
Understanding the Sensors Page
Adding Sensors to the Defense Center
Deleting Sensors
Resetting Management of a Sensor
Managing a 3Dx800 Sensor
•Managing 3Dx800 Sensors with a Defense Center on page125
Managing 3Dx800 Sensors with a Defense Center
Deleting a 3Dx800 Sensor from the Defense Center
Resetting Communications on the 3Dx800
Adding Intrusion Agents
Sensor Attributes - Intrusion Agent Page
Managing Sensor Groups
Creating Sensor Groups
Editing Sensor Groups
Deleting Sensor Groups
Editing a Managed Sensor’s System Settings
Viewing a Sensor’s Information Page
Stopping and Restarting a Managed Sensor
Managing Communication on a Managed Sensor
Setting the Time on a Managed Sensor
Managing a Clustered Pair
•Establishing a Clustered Pair on page142
Establishing a Clustered Pair
Separating a Clustered Pair
Configuring High Availability
Using High Availability
Sensor Configurations and User Information
Understanding High Availability
Guidelines for Implementing High Availability
Setting Up High Availability
Monitoring the High Availability Status
Disabling High Availability and Unregistering Sensors
Pausing Communication between Paired Defense Centers
Restarting Communication between Paired Defense Centers
Understanding Event Aggregation
Aggregating Intrusion Events
Aggregating Compliance Events
Limitations on Event Aggregation
Master Defense Center and Defense Center Functional Comparison
Understanding Global Policy Management
Managing Global Intrusion Policies
Using RNA Detection Policies on a Master Defense Center
Using Health Policies on a Master Defense Center
Using System Policies on a Master Defense Center
Master Defense Center Policy Management Limitations
Adding and Deleting Defense Centers
Adding a Master Defense Center
Adding a Defense Center
Deleting a Defense Center
Resetting Management of a Defense Center
Using the Appliances Page
Editing Settings for a Managed Defense Center
•Viewing the Defense Center Information Page on page175
Viewing the Defense Center Information Page
Defense Center Information
Editing the Event Filter Configuration
Editing or Disabling Remote Management Communications
Managing the Health Blacklist
Managing High Availability Defense Centers
Managing Appliance Groups
Creating Appliance Groups
Editing Appliance Groups
Deleting Appliance Groups
Editing Master Defense Center System Settings
Listing Master Defense Center Information
Viewing a Master Defense Center License
Configuring Remote Management Networking
Setting System Time
Blacklisting Health Policies
Understanding Detection Engines
Understanding Detection Resources and 3DSensor Models
Understanding Default Detection Engines
Managing Detection Engines
•Creating a Detection Engine on page193
•Editing a Detection Engine on page194
Creating a Detection Engine
To create a detection engine:
Editing a Detection Engine
Deleting a Detection Engine
To delete a detection engine:
Using Detection Engine Groups
•Creating Detection Engine Groups on page197
•Editing Detection Engine Groups on page198
Creating Detection Engine Groups
Editing Detection Engine Groups
To edit a detection engine group:
Deleting Detection Engine Groups
To delete a detection engine group:
Using Variables within Detection Engines
Assigning Values to System Default Variables in Detection Engines
Creating New Variables for Detection Engines
Deleting and Resetting Variables
Configuring Custom Variables in Detection Engines
Using Portscan-Only Detection Engines
Using Interface Sets
•Understanding Interface Set Configuration Options on page207
Understanding Interface Set Configuration Options
Creating an Interface Set
Creating an Inline Interface Set
Editing an Interface Set
Deleting an Interface Set
Using Interface Set Groups
•Creating Interface Set Groups on page224
Creating Interface Set Groups
Editing Interface Set Groups
Deleting Interface Set Groups
Inline Fail Open Interface Set Commands
Removing Bypass Mode on Inline Fail Open Fiber Interfaces
Forcing an Inline Fail Open Interface Set into Bypass Mode
To force an inline fail open interface set into bypass mode:
Using Clustered 3DSensors
•Using Detection Engines on Clustered 3DSensors on page228
Using Detection Engines on Clustered 3DSensors
•Managing Clustered 3DSensor Detection Engines on page228
Managing Clustered 3DSensor Detection Engines
Using Clustered 3DSensor Detection Engines in Policies
Understanding Interface Sets on Clustered 3DSensors
Managing Information from a Clustered 3DSensor
•Working with Event Reports on page234
•Working with Report Profiles on page234
Working with Report Profiles
Generating Reports from Event Views
Managing Generated Reports
•Viewing Generated Reports on page238
•Downloading Generated Reports on page238
Viewing Generated Reports
Downloading Generated Reports
To download generated reports:
Deleting Generated Reports
Moving Reports to a Remote Storage Location
Running Remote Reports
Understanding Report Profiles
Understanding the Predefined Report Profiles
Modifying a Predefined Report Profile
Creating a Report Profile
Working with Report Information
Report Categories
•Using Report Types on page250
Using Report Types
Generating a Report using a Report Profile
Editing Report Profiles
Deleting Report Profiles
•Understanding Sourcefire User Authentication on page264
Understanding Sourcefire User Authentication
•Understanding Internal Authentication on page266
•Understanding External Authentication on page266
Understanding Internal Authentication
Understanding External Authentication
Understanding User Privileges
Managing Authentication Objects
•Understanding LDAP Authentication on page269
•Creating LDAP Authentication Objects on page269
•Editing LDAP Authentication Objects on page286
Understanding LDAP Authentication
Creating LDAP Authentication Objects
Configuring LDAP Authentication Settings
Configuring Attribute Mapping
Configuring Access Settings by Group
Testing User Authentication
To test user authentication:
LDAP Authentication Object Examples
•OpenLDAP Example on page281
Microsoft Active Directory Server Example
Editing LDAP Authentication Objects
Understanding RADIUS Authentication
Creating RADIUS Authentication Objects
Configuring RADIUS Connection Settings
Configuring RADIUS User Roles
Configuring Administrative Shell Access
Configuring User Roles
Modifying User Privileges and Options
Modifying Restricted Event Analyst Access Properties
Modifying User Passwords
Deleting User Accounts
User Account Privileges
•Creating a System Policy on page321
•Editing a System Policy on page323
Creating a System Policy
Editing a System Policy
Applying a System Policy
To apply a system policy:
Deleting System Policies
Configuring the Parts of Your System Policy
•Configuring the Access List for Your Appliance on page325
Configuring the Access List for Your Appliance
Configuring Audit Log Settings
Configuring Authentication Profiles
Configuring Dashboard Settings
Configuring Database Event Limits
Configuring Detection Policy Preferences
To configure detection policy preferences:
Configuring DNS Cache Properties
Configuring a Mail Relay Host and Notification Address
Configuring Intrusion Policy Preferences
Specifying a Different Language
Adding a Custom Login Banner
Configuring RNA Settings
•Understanding RNA Data Storage Settings on page342
Understanding Vulnerability Impact Assessment Settings
Configuring RNA Subnet Detection Settings
Configuring RUA Settings
Synchronizing Time
Serving Time from the Defense Center
Mapping Vulnerabilities for Services
System Settings Options
Viewing and Modifying the Appliance Information
Understanding Licenses
Understanding Feature Licenses
Verifying Your Product License
Managing Your Feature Licenses
•Adding Feature Licenses on page370
•Viewing Feature Licenses on page372
NetFlow License Columns
RNA Host License Columns
Intrusion Agent License Columns
Virtual 3DSensor License Columns
Configuring Network Settings
Editing Network Interface Configurations
Shutting Down and Restarting the System
Configuring the Communication Channel
•Setting Up the Management Virtual Network on page384
Setting Up the Management Virtual Network
Editing the Management Virtual Network
Configuring Remote Access to the Defense Center
Setting the Time Manually
Blacklisting Health Modules
Specifying NetFlow-Enabled Devices
Managing Remote Storage
Using Local Storage
Using NFS for Remote Storage
Using SSH for Remote Storage
Using SMB for Remote Storage
Updating System Software
Installing Software Updates
Updating a Defense Center or Master Defense Center
Updating Managed Sensors
Updating Unmanaged 3DSensors
Uninstalling Software Updates
Updating the Vulnerability Database
Using Backup and Restore
Creating Backup Files
Creating Backup Profiles
Performing Sensor Backup with the Defense Center
Uploading Backups from a Local Host
Restoring the Appliance from a Backup File
Configuring a Recurring Task
•Automating Backup Jobs on page428
Automating Backup Jobs
Automating Software Updates
•Automating Software Downloads on page431
Automating Software Downloads
Automating Software Pushes
Automating Software Installs
Automating Vulnerability Database Updates
•Automating VDB Update Downloads on page438
Automating VDB Update Downloads
Automating VDB Update Pushes
Automating VDB Update Installs
Automating SEU Imports
Automating Intrusion Policy Applications
Automating Reports
Automating Nessus Scans
•Preparing Your System to Run a Nessus Scan on page450
Preparing Your System to Run a Nessus Scan
Scheduling a Nessus Scan
Synchronizing Nessus Plugins
Automating Nmap Scans
•Preparing Your System for an Nmap Scan
Preparing Your System for an Nmap Scan
Scheduling an Nmap Scan
Automating Recommended Rule State Generation
Viewing Tasks
•Using the Calendar on page459
Using the Calendar
Using the Task List
Editing Scheduled Tasks
Deleting Scheduled Tasks
Deleting a Recurring Task
Deleting a One-Time Task
Viewing Host Statistics
Data Correlator Process Statistics
Intrusion Event Information
Monitoring System Status and Disk Space Usage
Viewing System Process Status
Understanding Running Processes
•Understanding System Daemons on page471
Understanding System Daemons
Understanding Executables and System Utilities
System Executables and Utilities
Viewing IPS Performance Statistics
•Generating IPS Performance Statistics Graphs on page476
Generating IPS Performance Statistics Graphs
IPS Performance Statistics Graph Types
Saving IPS Performance Statistics Graphs
Viewing RNA Performance Statistics
•Generating RNA Performance Statistics Graphs on page479
Generating RNA Performance Statistics Graphs
RNA Performance Statistics Graph Types
Saving RNA Performance Statistics Graphs
Understanding Health Monitoring
•Understanding Health Policies on page484
Understanding Health Policies
Understanding Health Modules
Enabled Health Modules: Default RNA Sensor Health Policy
Configuring Appliance Heartbeat Monitoring
Configuring Automatic Application Bypass Monitoring
Configuring Data Correlator Process Monitoring
Configuring Health Status Monitoring
Configuring Link State Propagation Monitoring
Editing Health Policies
Deleting Health Policies
Using the Health Monitor Blacklist
Blacklisting Health Policies or Appliances
Blacklisting a Health Policy Module
Configuring Health Monitor Alerts
•Preparing to Create a Health Alert on page540
•Creating Health Monitor Alerts on page540
•Editing Health Monitor Alerts on page543
Preparing to Create a Health Alert
Continue with Creating Health Monitor Alerts on page540
Creating Health Monitor Alerts
Interpreting Health Monitor Alerts
Editing Health Monitor Alerts
To edit health monitor alerts:
Deleting Health Monitor Alerts
To delete health monitor alerts:
•Using the Health Monitor on page545
Using the Health Monitor
Interpreting Health Monitor Status
Using Appliance Health Monitors
Health Status Indicator
Interpreting Appliance Health Monitor Status
Viewing Alerts by Status
Running All Modules for an Appliance
Running a Specific Health Module
Generating Health Module Alert Graphs
To generate a health module alert graph:
Generating Appliance Troubleshooting Files
To generate appliance troubleshooting files:
Working with Health Events
Understanding Health Event Views
•Viewing Health Events on page556
Viewing Health Events
•Viewing All Health Events on page556
Viewing Health Events by Module and Appliance
Interpreting Hardware Alert Details for 3D9900 Sensors
Understanding the Health Events Table
Health Event Fields
Searching for Health Events
Health Event Search Criteria
Managing Audit Records
•Viewing Audit Records on page567
Viewing Audit Records
Suppressing Audit Records
Understanding the Audit Log Table
Searching Audit Records
Audit Record Search Criteria
Viewing the System Log
Filtering System Log Messages
System Log Filter Syntax
Using Four-Digit Year Formats on the 3D3800
System Log Filter Examples
•Exporting Objects on page584
Exporting Objects
•Exporting a Custom Table on page584
Exporting a Custom Table
Exporting a Custom Workflow
To export a custom workflow:
Exporting a Dashboard
Exporting a Health Policy
To export a health policy:
Exporting an Intrusion Policy
Exporting a PEP Policy
Exporting an RNA Detection Policy
To export an RNA detection policy:
Exporting a System Policy
Exporting a User-Defined RNA Detector
To export a user-defined RNA detector:
Exporting Multiple Objects
Importing Objects
Viewing the Status of Long-Running Tasks
•Viewing the Task Queue on page600
Viewing the Task Queue
Managing the Task Queue
Glossary
Policy & Response Administrator
RADIUS authentication
Restricted Event Analyst
RNA recommended rules
Index
0 of .
Results for:
No results containing your search query
P. 1
Sourcefire_3D_System_Administrator_Guide_v4.9.1

Sourcefire_3D_System_Administrator_Guide_v4.9.1

Ratings: (0)|Views: 39,198|Likes:

More info:

Published by: dominic_murphy19791242 on Feb 15, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

05/16/2013

pdf

text

original

You're Reading a Free Preview
Pages 13 to 250 are not shown in this preview.
You're Reading a Free Preview
Pages 263 to 292 are not shown in this preview.
You're Reading a Free Preview
Pages 305 to 486 are not shown in this preview.
You're Reading a Free Preview
Pages 499 to 518 are not shown in this preview.
You're Reading a Free Preview
Pages 531 to 637 are not shown in this preview.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->