How do I create a rule in VigilEnt Security Agent for Cisco Secure IDS? (NETIQKB26283)

  • 7726283
  • 02-Feb-2007
  • 08-Sep-2008

Resolution

goal
How do I create a rule in VigilEnt Security Agent for Cisco Secure IDS?

fact
VigilEnt Security Agent for Cisco Secure IDS 1.0

fact
VigilEnt Security Agent for Cisco Secure IDS 1.0 SP2

fix

The Rules Editor helps you create a rule set against which VigilEnt Security Agent for Cisco Secure IDS checks network packets. If a packet or pattern meets the qualifications for a rule in
the set you create, an alert is generated.

To create a new rule, follow these steps:

  1. Click Tools | Rules Editor. The Cisco Secure IDS Rules Editor is displayed.

  2. Right-click Rules and select Create. The Rule Name dialog box is displayed.

  3. Rule Name ? Enter a name for the new rule.

  4. Click OK. The new rule appears in the Rules pane.

  5. Add criteria to the new rule:
    1. Right-click Criteria, select Create new condition on, and select an item on which to create a condition. The appropriate dialog box is displayed for the selected criterion.

    2. Enter the values for the criteria and click OK. The condition appears in the Criteria pane.

    3. Repeat Step 1a through Step 1b for each condition that you want to include in the rule.

    4. Determine whether you want all conditions to be satisfied, or any one of the conditions to be satisfied to generate an alert. Right-click Criteria and select All conditions satisfied or Any condition satisfied.

  6. Add the VigilEnt Security Manager (VSM) hosts where alerts will appear when the conditions of the selected rule are met:
    1. Right-click Alerts and select Add host. The VigilEnt Security Manager Hosts dialog box is displayed. 
    2. VSM Host Name ? Enter the name of the computer running VigilEnt Security Manager. 
    3. Port Number ? Enter the port number on which the VigilEnt Security Manager host is listening.
    4. Click OK. The VigilEnt Security Manager host appears in the Alerts pane.


Additional Information

Formerly known as NETIQKB26283