|
|
Like reports, notifications provide you with specific information about what is happening on your Policy Enforcement Points and the hosts that are running components of Cisco Secure Policy Manager. The View Notifications panel maintains a list of the audit events generated by the different Policy Enforcement Points and the agents and subsystems that compose Cisco Secure Policy Manager, which helps you diagnose problems with the security system. It also maintains audit events that inform you about the current status of attacks, system integrity issues, and expected, normal activities of your network.
An audit trail provides accountability for networking activity. By specifying what audit events to generate, you can configure Policy Enforcement Points and Cisco Secure Policy Manager components to provide the level of network accountability that your organization requires. Network accountability refers to generating audit event records for each security-relevant event that occurs during a session, including information about whether the session is accepted or rejected. Audit event records provide information about the session, such as when it starts and ends, what protocol is used, what port communications occur on, or what security options are applied to the incoming and outgoing network packets.
Cisco Secure Policy Manager also provides audit events about the day-to-day operation of the security system, such as changes to routing rules that Policy Enforcement Points use for network packet delivery. By reviewing such audit events, you can monitor the integrity of your network security. Each time such an audit event is generated, Cisco Secure Policy Manager can send a message and event description to the GUI client. These notifications keep you current on the activities that your organization deems important to evaluate for possible problems and suspicious network activity.
Within the View Notifications panel, you can perform the following tasks:
You can perform the following tasks from the View Notifications panel. For step-by-step procedures on performing a specific task, refer to the corresponding section.
When defining the settings for a notification, an administrator can specify that a particular notification must be confirmed before that notification is deleted from the View Notifications list. This feature provides additional accountability in the review of network activity. It ensures that an administrator reads the notification entry before that entry can be deleted. It also overrides the automatic removal of notifications from the list because the current number of entries exceeds the allowed maximum number.
To confirm a notification entry, perform the following task:
Result: The View Notifications panel appears in the View pane.
Step 2 To select the audit event message that you want to confirm, click that message in the View Notifications list.
This list displays only those notifications that have been generated by the Policy Enforcement Points and the Cisco Secure Policy Manager hosts running on your network.
Step 3 To confirm that you have reviewed the selected entry, click Confirm.
After you confirm an entry, it is subject to automatic removal from the list. This removal occurs when the number of entries exceeds the allowed maximum number as specified in the Restrict list to box.
Step 4 To confirm additional notification entries, repeat Steps 2 and 3.
Step 5 To accept your changes and close the View Notifications panel, click OK.
Step 6 To save any changes that you have made, click Save on the File menu.
You can manually delete any entry in the View Notifications list. After you have reviewed a notification, you may not need to keep it in this list. The oldest entries will automatically be removed from the list when the number of entries exceeds the maximum value specified in the Restrict list to box.
To delete a notification entry manually, perform the following task:
Result: The View Notifications panel appears in the View pane.
Step 2 In the View Notifications list, click the audit event message that you want to delete.
This list displays only those notifications that have been generated by the Policy Enforcement Points and the Cisco Secure Policy Manager hosts running on your network.
Step 3 To delete the selected entry, click Delete.
Result: The entry is removed from the View Notifications list.
Step 4 To delete additional notification entries, repeat Steps 2 and 3.
Step 5 To accept your changes and close the View Notifications panel, click OK.
Step 6 To save any changes that you have made, click Save on the File menu.
After a Policy Enforcement Point or a Cisco Secure Policy Manager host generates a specific notification, you can refine the way the GUI client behaves when other notifications of that type are generated. You can also refine the method used to notify users who are logged on to the GUI client when a notification is generated.
To refine the notification settings for the GUI client, perform the following task:
Result: The View Notifications panel appears in the View pane.
Step 2 To select the audit event message type for which you want to refine the notification settings, click that message type in the View Notifications list.
This list displays only those notifications that have been generated by the Policy Enforcement Points and the Cisco Secure Policy Manager hosts running on your network.
Step 3 To select a notification method, click the option that matches the notification method that you prefer under Event Notification Method.
These options specify what the GUI client does when a notification of the selected type is generated.
 |
Note For the Status line message and beep and Popup window options to operate correctly, you must be logged on to the GUI client. Such notifications are delivered to all instances of the GUI client that are connected to the same primary server. If no GUI clients are connected when notifications are generated, the notifications are queued and then delivered to the next GUI client that connects to that primary server. However, you can only confirm and delete such notifications using an administrative account with full access privilege. |
Step 4 To define secondary notifications for additional events, repeat Steps 2 and 3.
Step 5 To accept your changes and close the View Notifications panel, click OK.
Step 6 To save any changes that you have made, click Save on the File menu.
At any time, you can review the current list of notifications that have been configured to appear in the GUI client.
To review those notifications sent to the GUI client, perform the following task:
Result: The View Notifications panel appears in the View pane.
Step 2 To review an audit event message, double-click that audit event message in the View Notifications list.
This list displays only those notifications that have been generated by the Policy Enforcement Points and Cisco Secure Policy Manager hosts on your network.
Step 3 To accept your changes and close the View Notifications panel, click OK.
Step 4 To save all changes to the Policy Database, click Save on the File menu.
At any time, you can sort the current list of notifications that have been configured to appear in the GUI client.
To sort those notifications sent to the GUI client, perform the following task:
Result: The View Notifications panel appears in the View pane.
Step 2 To sort the list of notifications, click the column heading that you want to sort by in the View Notifications list.
This following columns can be used to sort.
To toggle between ascending and descending sort order, click the column heading again.
Step 3 To accept your changes and close the View Notifications panel, click OK.
Step 4 To save all changes to the Policy Database, click Save on the File menu.
Posted: Wed May 31 08:57:27 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.