Internal Networks
Internal
Networks
What is the purpose of identifying internal networks, you
ask? Well, you want to log all the alarms, right? You want the events to make
sense to you, right? How much use would your logs be if everything was
considered an external address marked with "OUT"? So, to be able to
differentiate from internal and external networks and hosts, Cisco has given you
the ability to configure internal networks into the mix so the events are easier
to understand. In this section, you will define your Internal Protected networks
that the sensor is protecting. CSPM uses this to parse the events in Event
Viewer. Any address space that is not identified in this section is considered
an external address designated as "OUT". The internal addresses are designated
as "IN" (see Figure 7.23).
Adding Internal Networks
To add networks that are labeled as internal networks (IN),
follow these steps:
-
Select the sensor you want to configure. The first tab
showing should be the Properties tab. If it is not, select the
Properties tab.
-
Select the Internal Networks subtab and
click Add.
-
Enter all of the networks and subnet masks
you want to be identified as internal (IN) addresses for logging purposes.
-
Once you have finished adding networks, click OK, then save and update your configuration.
-
From the Command tab, click Approve Now to push the new configuration to your
sensor.
152 times read
|
|
|
Did you enjoy this article?
(total 0 votes)
|
Sections
Comments (0 posted)
Syndication
