Using CSA Analysis

Generating Behavior Analysis Reports

© 2006 Cisco Systems, Inc. All rights reserved.

HIPS v3.0—6-1

Objectives
At the end of this lesson, you will be able to meet these objectives:
• Identify the various types of behavior analysis reports • Describe how to view behavior analysis reports • Identify the information provided by File event reports • Identify the information provided by Registry event reports • Identify the information provided by COM event reports • Identify the information provided by Network event reports • Identify the information provided by Summary reports

© 2006 Cisco Systems, Inc. All rights reserved.

HIPS v3.0—6-2

Types of Behavior Analysis Reports
• File event reports • Registry event reports • COM event reports • Network event reports • Summary reports

© 2006 Cisco Systems, Inc. All rights reserved.

HIPS v3.0—6-3

Viewing Behavior Analysis Reports

© 2006 Cisco Systems, Inc. All rights reserved.

HIPS v3.0—6-4

File Event Reports

© 2006 Cisco Systems, Inc. All rights reserved.

HIPS v3.0—6-5

Registry Event Reports

© 2006 Cisco Systems, Inc. All rights reserved.

HIPS v3.0—6-6

COM Event Reports

© 2006 Cisco Systems, Inc. All rights reserved.

HIPS v3.0—6-7

Network Event Reports

© 2006 Cisco Systems, Inc. All rights reserved.

HIPS v3.0—6-8

Summary Reports

© 2006 Cisco Systems, Inc. All rights reserved.

HIPS v3.0—6-9

Summary
• Behavior Analysis reports are created after Behavior Analysis is performed on an application. • File event reports display the information about all the events occurring in a file and its related entities. • Registry event reports help in analyzing the events related to registry keys that were accessed, and the process that initiated this access event. • COM event reports provide information about the process that accessed the COM component. • Network event reports help an administrator keep track of the various protocols that access the network. • Summary reports provide information about the overall status of the network and also include information about all the individual entities.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-10

© 2006 Cisco Systems, Inc. All rights reserved.

HIPS v3.0—6-11

Sign up to vote on this title
UsefulNot useful