How do I create a rule in VigilEnt Security Adapter for Cisco Secure IDS? (NETIQKB30597)

  • 7730597
  • 02-Feb-2007
  • 08-Sep-2008

Resolution

goal
How do I create a rule in VigilEnt Security Adapter for Cisco Secure IDS?

fact
VigilEnt Security Agent for Cisco Secure IDS

fix

To create a rule follow the steps below:

  1. Click Tools | Rules Editor. The Cisco Secure IDS Rules Editor is displayed.

  2. Right-click Rules, and select Create. The Rule Name dialog box is displayed.

  3. Enter a Name for the new rule.

  4. Click OK. The new rule appears in the Rules pane.

  5. Add criteria to the new rule:Ā 

    1. Right-click Criteria, select Create new condition on, and select an item on which to create a condition. The appropriate dialog box is displayed for the selected criterion.

    2. Enter the Values for the criteria and click OK. The condition appears in the Criteria pane.

    3. Repeat StepĀ a andĀ Step bĀ for each condition that will need to be included in the rule.

    4. Determine whether all conditions are to be satisfied, or if any one of the conditions is to be satisfied to generate an alert.

    5. Right-click Criteria and select All conditions satisfied or Any condition satisfied.

  6. Add the VigilEnt Security Manager (VSM)Ā hosts where alerts will appear when the conditions of the selected rule are met.

    1. Right-click Alerts and select Add host. The VSM Hosts dialog box is displayed.

    2. Enter the Name of the computer running VSM.

    3. Enter the Port number on which the VSM host is listening.

    4. Click OK. The VSM host appears in the Alerts pane.


note

ForĀ informationĀ aboutĀ howĀ toĀ editĀ anĀ existingĀ ruleĀ inĀ VigilEntĀ SecurityĀ AgentĀ forĀ CiscoĀ IDS,Ā referĀ toĀ theĀ followingĀ knowledgeĀ baseĀ article.

https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB30598

For information about how to add a condition to VigilEnt Security Agent for Cisco IDS, refer to the following knowledge base article.

https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB30599Ā 

Additional Information

Formerly known as NETIQKB30597