Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : Intrusion Detection System : Using the Cisco Network Security Database

Using the Cisco Network Security Database

Nov 24,2008 by admin

small font medium font large font
image

Using the Cisco Network Security Database

The Cisco Network Security Database, or NSDB as it is commonly referred to, is Cisco's version of a security vulnerability database. The entries in the NSDB correspond with an event or a signature in the IDS. When researching and investigating alarms, the NSDB is used to make sense of what is going on within your enterprise.

Each IDS Management Console accesses the NSDB in the same manner. In order for you to access the NSDB entry for a signature, perform the following steps:

  1. Access the events in the Event Viewer for IDM or CSPM or drill down to the event in the Director. You can either view the live database or a log file.

  2. Select the record you want information about.

  3. Right-click the record and select NSDB.

  4. The NSDB will open in a Web browser with information about the signature in question (see Figure 4.57).

    Click To expand
    Figure 4.57: The NSDB Screen

If there are related vulnerabilities for a particular signature, there will be links to those vulnerabilities.

You can view the entire database by clicking the Main link in the left pane. This offers a numerical list of all the signatures currently in the database (see Figure 4.58).

Click To expand
Figure 4.58: NSDB Main Menu

Note 

If you are using the Director, you have to specify a browser preference to access NSDB. Open nrConfigure, select Preferences from the File menu and enter the path to the browser, then click OK.


355 times read

Related news
» Signature and Alarm Management Review
by alperen posted on Mar 20,2010
» Managing Alarms
by alperen posted on Mar 17,2010
» IDS Device Manager GUI Interface
by alperen posted on Mar 04,2010
» Signature and Alarm Management
by alperen posted on Mar 10,2010
» Determining the Status of the Managed Device and Blocked Addresses
by admin posted on Nov 26,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.