Configuring the Analysis Engine [Cisco IPS 4200 Series Sensors]

Table Of Contents

Analysis Engine

About the Analysis Engine

Configuring the Virtual Sensor

Overview

Supported User Role

Field Definitions

Virtual Sensor Panel

Edit Virtual Sensor Dialog Box

Assigning Interfaces to the Virtual Sensor

Configuring Global Variables

Overview

Supported User Role

Field Definitions

Analysis Engine

This chapter explains the function of the analysis engine and how to assign interfaces to the virtual sensor. It contains the following sections:

•About the Analysis Engine

•Configuring the Virtual Sensor

•Configuring Global Variables

About the Analysis Engine

The analysis engine performs packet analysis and alert detection. It monitors traffic that flows through specified interfaces and interface pairs.

Configuring the Virtual Sensor

This section describes how to configure the virtual sensor, and contains the following topics:

•Overview

•Supported User Role

•Field Definitions

•Assigning Interfaces to the Virtual Sensor

Overview

The sensor can receive data inputs from one or many monitored data streams. These monitored data streams can either be physical interface ports or virtual interface ports. For example, a single sensor can monitor traffic from in front of the firewall, from behind the firewall, or from in front of and behind the firewall concurrently. And a single sensor can monitor one or more data streams. In this situation a single sensor policy or configuration is applied to all monitored data streams.

A virtual sensor can monitor multiple segments, and it lets you apply a different policy or configuration for each virtual sensor within a single physical sensor. You can set up a different policy per monitored segment under analysis.

Note IPS 5.0 only supports one virtual sensor, vs0.

You can assign interfaces or interface pairs to the virtual sensor and you can change the description of the virtual sensor, but you cannot add a virtual sensor or change the virtual sensor name.

Supported User Role

The following user roles are supported:

•Administrator

•Operator

•Viewer

You must be Administrator or Operator to configure the virtual sensor.

Field Definitions

This section lists the field definitions for the virtual sensor, and contains the following topics:

•Virtual Sensor Panel

•Edit Virtual Sensor Dialog Box

Virtual Sensor Panel

The following fields and buttons are found on the Virtual Sensor panel.

Field Descriptions:

•Name—The Name of the virtual sensor.

There is only one virtual sensor in IPS 5.0 and it is named "vs0."

•Assigned Interfaces (or Interface Pairs)—The interfaces or interface pairs that belong to this virtual sensor.

•Description—The description of the virtual sensor.

Button Functions:

•Apply—Applies your changes and saves the revised configuration.

•Reset—Refreshes the panel by replacing any edits you made with the previously configured value.

Edit Virtual Sensor Dialog Box

The following fields and buttons are found in the Edit Virtual Sensor dialog box.

Field Descriptions:

•Virtual Sensor Name—The name of the virtual sensor.

There is only one virtual sensor in IPS 5.0 and it is named "vs0."

•Description—The description of the virtual sensor.

•Available Interfaces (or Pairs)—The list of available interfaces or interface pairs that you can assign to the virtual sensor.

•Assigned Interfaces (or Pairs)—The list of interfaces or interface pairs that you have assigned to the virtual sensor.

Button Functions:

•Add—Adds the selected interface or interface pair to the Assigned Interfaces (or Pairs) list.

•Remove—Removes the selected interface or interface pair from the Assigned Interfaces (or Pairs) list.

Assigning Interfaces to the Virtual Sensor

To assign or remove an interface or interface pair from the virtual sensor, follow these steps:

Step 1 Click Configuration > Analysis Engine > Virtual Sensor.

The Virtual Sensor panel appears.

Step 2 Click Edit.

The Edit Virtual Sensor dialog box appears.

Step 3 To assign an interface or interface pair to the virtual sensor, select the interface or interface pair from the Available Interfaces (or Pairs) list, and click Add.

Step 4 To remove an interface or interface pair from the virtual sensor, select the interface or interface pair from the Assigned Interfaces (or Pairs) list, and click Remove.

Step 5 To change the description from "default virtual sensor," type a new description in the Description field.

Tip To discard your changes and close the Edit Virtual Sensor dialog box, click Cancel.

Step 6 Click OK.

The interface appears in the list on the Virtual Sensor panel.

Tip To discard your changes, click Reset.

Step 7 Click Apply to apply your changes and save the revised configuration.

Configuring Global Variables

This section describes how to configure global variables, and contains the following topics:

•Overview

•Supported User Role

•Field Definitions

Overview

You can configure global variables inside the analysis engine component. There is only one global variable: Maximum Open IP Log Files.

Supported User Role

The following user roles are supported:

•Administrator

•Operator

•Viewer

You must be Administrator or Operator to configure global variables.

Field Definitions

The following fields and buttons are found on the Global Variables panel.

Field Descriptions:

•Maximum Open IP Log Files—Maximum number of concurrently open IP log files.

The valid range is from 20 to 100. The default is 20.

Button Functions:

•Apply—Applies your changes and saves the revised configuration.

•Reset—Refreshes the panel by replacing any edits you made with the previously configured value.


	Configuring the Analysis Engine
	Download this chapter Configuring the Analysis Engine Feedback Table Of Contents Analysis Engine About the Analysis Engine Configuring the Virtual Sensor Overview Supported User Role Field Definitions Virtual Sensor Panel Edit Virtual Sensor Dialog Box Assigning Interfaces to the Virtual Sensor Configuring Global Variables Overview Supported User Role Field Definitions Analysis Engine This chapter explains the function of the analysis engine and how to assign interfaces to the virtual sensor. It contains the following sections: •About the Analysis Engine •Configuring the Virtual Sensor •Configuring Global Variables About the Analysis Engine The analysis engine performs packet analysis and alert detection. It monitors traffic that flows through specified interfaces and interface pairs. Configuring the Virtual Sensor This section describes how to configure the virtual sensor, and contains the following topics: •Overview •Supported User Role •Field Definitions •Assigning Interfaces to the Virtual Sensor Overview The sensor can receive data inputs from one or many monitored data streams. These monitored data streams can either be physical interface ports or virtual interface ports. For example, a single sensor can monitor traffic from in front of the firewall, from behind the firewall, or from in front of and behind the firewall concurrently. And a single sensor can monitor one or more data streams. In this situation a single sensor policy or configuration is applied to all monitored data streams. A virtual sensor can monitor multiple segments, and it lets you apply a different policy or configuration for each virtual sensor within a single physical sensor. You can set up a different policy per monitored segment under analysis. Note IPS 5.0 only supports one virtual sensor, vs0. You can assign interfaces or interface pairs to the virtual sensor and you can change the description of the virtual sensor, but you cannot add a virtual sensor or change the virtual sensor name. Supported User Role The following user roles are supported: •Administrator •Operator •Viewer You must be Administrator or Operator to configure the virtual sensor. Field Definitions This section lists the field definitions for the virtual sensor, and contains the following topics: •Virtual Sensor Panel •Edit Virtual Sensor Dialog Box Virtual Sensor Panel The following fields and buttons are found on the Virtual Sensor panel. Field Descriptions: •Name—The Name of the virtual sensor. There is only one virtual sensor in IPS 5.0 and it is named "vs0." •Assigned Interfaces (or Interface Pairs)—The interfaces or interface pairs that belong to this virtual sensor. •Description—The description of the virtual sensor. Button Functions: •Apply—Applies your changes and saves the revised configuration. •Reset—Refreshes the panel by replacing any edits you made with the previously configured value. Edit Virtual Sensor Dialog Box The following fields and buttons are found in the Edit Virtual Sensor dialog box. Field Descriptions: •Virtual Sensor Name—The name of the virtual sensor. There is only one virtual sensor in IPS 5.0 and it is named "vs0." •Description—The description of the virtual sensor. •Available Interfaces (or Pairs)—The list of available interfaces or interface pairs that you can assign to the virtual sensor. •Assigned Interfaces (or Pairs)—The list of interfaces or interface pairs that you have assigned to the virtual sensor. Button Functions: •Add—Adds the selected interface or interface pair to the Assigned Interfaces (or Pairs) list. •Remove—Removes the selected interface or interface pair from the Assigned Interfaces (or Pairs) list. Assigning Interfaces to the Virtual Sensor To assign or remove an interface or interface pair from the virtual sensor, follow these steps: Step 1 Click Configuration > Analysis Engine > Virtual Sensor. The Virtual Sensor panel appears. Step 2 Click Edit. The Edit Virtual Sensor dialog box appears. Step 3 To assign an interface or interface pair to the virtual sensor, select the interface or interface pair from the Available Interfaces (or Pairs) list, and click Add. Step 4 To remove an interface or interface pair from the virtual sensor, select the interface or interface pair from the Assigned Interfaces (or Pairs) list, and click Remove. Step 5 To change the description from "default virtual sensor," type a new description in the Description field. Tip To discard your changes and close the Edit Virtual Sensor dialog box, click Cancel. Step 6 Click OK. The interface appears in the list on the Virtual Sensor panel. Tip To discard your changes, click Reset. Step 7 Click Apply to apply your changes and save the revised configuration. Configuring Global Variables This section describes how to configure global variables, and contains the following topics: •Overview •Supported User Role •Field Definitions Overview You can configure global variables inside the analysis engine component. There is only one global variable: Maximum Open IP Log Files. Supported User Role The following user roles are supported: •Administrator •Operator •Viewer You must be Administrator or Operator to configure global variables. Field Definitions The following fields and buttons are found on the Global Variables panel. Field Descriptions: •Maximum Open IP Log Files—Maximum number of concurrently open IP log files. The valid range is from 20 to 100. The default is 20. Button Functions: •Apply—Applies your changes and saves the revised configuration. •Reset—Refreshes the panel by replacing any edits you made with the previously configured value.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks