© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.06-1 Using CSA Analysis Generating Behavior Analysis Reports.

Презентация:

Advertisements

Похожие презентации

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis.

Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Behavior Investigation.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Generating Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Windows-Only Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring UNIX-Only Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Working with Variables and Application Classes.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Rule Basics.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Creating Application Classes Working with Variables and Application Classes.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary Event Management is an important component of network administration that deals.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Deployment Investigation.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Building an Agent Kit.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Managing Hosts and Deploying Software Updates.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Rules Common to Windows and UNIX.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring System Correlation Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary CSA MC includes rules for file management, network access, registry control,

Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Behavior Analysis Reports

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the various types of behavior analysis reports Describe how to view behavior analysis reports Identify the information provided by File event reports Identify the information provided by Registry event reports Identify the information provided by COM event reports Identify the information provided by Network event reports Identify the information provided by Summary reports

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Types of Behavior Analysis Reports File event reports Registry event reports COM event reports Network event reports Summary reports

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Viewing Behavior Analysis Reports

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v File Event Reports

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Registry Event Reports

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v COM Event Reports

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Network Event Reports

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary Reports

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary Behavior Analysis reports are created after Behavior Analysis is performed on an application. File event reports display the information about all the events occurring in a file and its related entities. Registry event reports help in analyzing the events related to registry keys that were accessed, and the process that initiated this access event. COM event reports provide information about the process that accessed the COM component. Network event reports help an administrator keep track of the various protocols that access the network. Summary reports provide information about the overall status of the network and also include information about all the individual entities.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v