It would be nice to see attacks picked up by the IDS and then events from CSA showing what happened subsequently on the host level. The timing on the systems have to be synchronized, of course, but since CSA is a new aquisition, when will it be possible to correlate their events with other Cisco devices? Would Netforensics handle something like this?
Limited correlation of IDS and CSA is available in SecMon 1.2. You can, for example, create an event rule that specifies "Originating Device = CSAMC1 OR Originating Device = Sensor1". This rule will fire whenever SecMon receives a CSAMC message that originates from a CS Agent running on the CSAMC box, or an event is received from the specified IDS sensor.
Likewise if you create a rule with a "Severity = High" clause, this rule can fire when high severity messages are received from a CSAMC device or an IDS device.
At this The CiscoWorks Security Information Management (CWSIM), Cisco and Netforensics integration product, will be able to do this in more detail.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...