Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring ISG-IDP as a Sensor on the Infranet Controller (NSM Procedure)

    When ISG-IDP is configured, ISG-IDP notifies the Infranet Controller when an attack event is detected from any endpoint. To avoid overwhelming the SSH connection between the Infranet Controller and the Infranet Enforcer, the number of attack notifications is limited to 10 per second. If additional attacks are detected, the Infranet Enforcer holds an additional 10 notifications in a queue.

    To configure ISG-IDP on the Infranet Controller:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the Infranet Controller device on which you want to configure ISG-IDP.
    3. Click the Configuration tab. In the configuration tree, select UAC > Infranet Enforcer. The corresponding workspace appears.
    4. Select the name of the Enforcer on which you want to configure IDP.
    5. Select the Use IDP Module check box.
    6. Select IDP for this IC’s sessions only to restrict ISG-IDP to report attacks from end points whose authentication table entries are present on ISG-IDP.

      Do not select this option, if you want attack alerts for attacks generated by unknown users to be published to IF-MAP.

    7. Select 1-Info through 5-Critical from the IDP Severity Filter drop-down list. The severity filter allows you to specify the level of attacks that the Infranet Enforcer reports to the Infranet Controller. For example, if you select 3, only level 3 attacks or greater is reported.
    8. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.

    Published: 2012-11-28