How do I create a rule in VigilEnt Security Adapter for Cisco Secure IDS?
VigilEnt Security Agent for Cisco Secure IDS
To create a rule follow the steps below:
- Click Tools | Rules Editor. The Cisco Secure IDS Rules Editor is displayed.
- Right-click Rules, and select Create. The Rule Name dialog box is displayed.
- Enter a Name for the new rule.
- Click OK. The new rule appears in the Rules pane.
- Add criteria to the new rule:¬†
- Right-click Criteria, select Create new condition on, and select an item on which to create a condition. The appropriate dialog box is displayed for the selected criterion.
- Enter the Values for the criteria and click OK. The condition appears in the Criteria pane.
- Repeat Step¬†a and¬†Step b¬†for each condition that will need to be included in the rule.
- Determine whether all conditions are to be satisfied, or if any one of the conditions is to be satisfied to generate an alert.
- Right-click Criteria and select All conditions satisfied or Any condition satisfied.
- Add the VigilEnt Security Manager (VSM)¬†hosts where alerts will appear when the conditions of the selected rule are met.
- Right-click Alerts and select Add host. The VSM Hosts dialog box is displayed.
- Enter the Name of the computer running VSM.
- Enter the Port number on which the VSM host is listening.
- Click OK. The VSM host appears in the Alerts pane.
For information about how to add a condition to VigilEnt Security Agent for Cisco IDS, refer to the following knowledge base article.