Home 
 Company 
 Products 
 Services 
 Resources 
 Partners 
 Contact 
 
 
Datasheets  |  Downloads  | 
 
 

 
 

APD version 2 walk-through

The APD version 2 walk-through document is designed to give users an idea of the operation of the ADP version 2 product.

Authorisation

Whenever an administrator tries to access the application he/she is asked for authentication via a username and password.

User management interface

Users can be added and roles be assigned to different users to allow for the seperation of responsibilities within an organisation (eg. security analyst and device management).

Dashboard

The dashboard shows the current state of the devices (in the sample case, some of the configuration data is unknown while green lights show that the component is operational within the design margins). The dashboard also shows a graph with the events in the last 24 hours. The event graph leads to a more detailed event analysis page while the performance history link leads to the device configuration history page

Configuration history

The device configuration history tracks the performance of sensors and the console.
The configuration manager can manipulate the time period to extract historical data over any time period.

Event graph

The event graph show the events over a variable period of time (the default is the last 24 hours). The graph also shows the traffic split up by different action that was taken so that the analyst can immediately see if any events (such as alerts) warrent specific attention.

The event graph also contains a number of predefined statistical queries such as top ten attacking IP's and top ten services attacked etc.

Reporting

The Snort reports interface allows analysts to prepare statistical management reports in PDF format, over a flexible period of time.

Device management

The Device Management interface lists the devices that are currently being managed with this console and the Device Administrator can view device configuration detail for each device from here.

Device detail

The detailed Device Management interface provides detail device configuration for each device.
The individual rule overrides over the group settings for each devices is done in this interface.

Device Mode

The Device Mode interface is shown as an example of detailed device configuration.
The Device Mode interface is used to specificy whether the device is in IPS or IDS mode and inline or in traditional "tap" configuration.

Groups

Devices can be aggregated into logical groups for management purposes and duplication be avoided by using common group settings. The administrator can at any point however override any group setting on a per device basis.

Device configuration data as well as rule (signature + action) settings can be done on a group basis.

Signatures

The Signature mangement interface is used to view the logical groups of signatures.

Signature Detail

Individual signatures can be reviewed in the Detail Signature interface.

Event Detail

The events interface lists all the events for all sensors in the database.
Filters can be used to reduce the number of events to only those from specific sensors or that fit specific criteria.

Filter Detail

The filter interface is used to define more logical restrictive criteria for events so that the process of security analysis is simplified.

Event Detail Summary

The Event Detail Summary shows in summary the details of the event. The IP header, TCP header and payload can be reached from here.

Incidents

Events can be added to specific incidents and thus be logically grouped and managed.

 

 
 
  Privacy | Terms | Legal | login 
Copyright © 2004 CounterSnipe Technologies LLC.. All Rights Reserved