|
|
Table Of Contents
A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - Y -
Index
A
accessing
Cisco ICS web console 3-1
DCS server A-4
OfficeScan servers 4-16
reports
from the Outbreak Reports window 8-4
the latest report for a task 8-3
accounts
administrator accounts
managing 9-5
root account
about 9-6
creating during installation 2-4
user account
about 9-6
creating 9-6
ACL Licenses 9-9
ACLs
precedence 6-5
acronyms E-1
active
OPACL
viewing 6-11
outbreak management tasks 6-10
ActiveUpdate server
download source 5-4
ActiveX controls 1-5
Adaptive Security Appliances with Advanced Inspection and Prevention Modules
minimum software version 1-8
adding
devices
multiple 4-5
selecting device type 4-4
groups 4-10
OfficeScan servers 4-15
administrator accounts
managing 9-5
root account
about 9-6
user accounts
about 9-6
creating 9-6
administrator guide 1-8
alerts
red
creating an automatic outbreak management task 6-8
yellow
creating an automatic outbreak management task 6-8
alert severity level 10-2, C-1
alternate update source
creating 5-5
antivirus installations
managing 4-15
antivirus locator
automatic
component deployment 5-8
damage cleanup A-3
host cleanup on watch list A-3
host removal from watch list A-3
log deletion 10-9
outbreak management tasks 6-2
creating 6-8
default settings 3-5
lifetime 6-3
red alerts 6-8
yellow alerts 6-8
report generation 8-3
available licenses 9-11
AV locator 4-16
AV Software folder
DCS servers A-4
OfficeScan servers 4-16
B
backing up the database 9-12
by schedule 9-13
default backup path 9-13
manual 9-14
specifying backup location 9-13
viewing the last backup 9-12
blocking mode
when creating a manual task 6-7
boot sector viruses 1-5
BU 1-6
business unit
C
certificates
managing 9-6
untrusted 9-7
Cisco ICS
about 3-2
commonly used ports
port 22 (SSH) 1-8
port 23 (Telnet) 1-8
port 443 (HTTPS) 1-8
port 80 (HTTP) 1-8
commonly used protocols
HTTP 1-8
HTTPS 1-8
SSH 1-8
Telnet 1-8
components 1-3
database 9-12
default settings 3-5
getting started 3-1
installation
procedure 2-2
licenses
importing license file during installation 2-4
importing new license file 9-11
preparing 2-1
Master Service 1-8
overview 1-1
root account
preparing 2-1
server licenses 9-8
services
Flexlm License Manager 1-8
Master Service 1-8
services, ports, and protocols 1-8
technology overview 1-1
uninstallation
notes 2-5
procedure 2-5
web console 3-1
header menu 3-2
logging off 3-2
main menu 3-2
navigating 3-2
timeout 3-1
valid URLs 3-1
webserver information
preparing 2-1
Cisco Incident Control Server
Cisco Systems
networking solutions 3-2
ordering products and services 3-2
products and services 3-2
technical support and documentation 3-2
cleaned hosts
viewing on watch list 7-3
cleaning up hosts
automatic A-3
manual A-3
removal from watch list A-3
settings A-2
COM and EXE file infectors
components
about 1-3
Damage Cleanup engine 1-4
Damage Cleanup template 1-4
OPACL 1-4
OPSig 1-4
spyware cleanup template 1-4
updating 5-1
configuring
devices 4-12
exception list 6-9
global settings 9-1
notifications 9-1
routers 4-14
interface settings 4-14
SMTP server settings for notifications 9-4
switches 4-12
interface settings 4-12
VLAN settings 4-13
connection status event logs 10-1
querying 10-5
connection status events
severity levels C-3
controlled pattern release
copying
device settings 4-15
CPR 1-6
creating
outbreak management tasks
automatic 6-8
manual 6-6
user accounts 9-6
CSV files 10-8
D
damage cleanup
automatic A-3
logs 10-1
manual A-3
removing hosts from watch list A-3
settings A-2
Damage Cleanup engine
description 1-4
damage cleanup incident logs 10-4
querying 10-3
damage cleanup outbreak logs
querying 10-7
Damage Cleanup Services
Damage Cleanup template
description 1-4
database backup 9-12
by schedule 9-13
default backup path 9-13
manual 9-14
specifying a backup location 9-13
viewing the last backup 9-12
DCS
about A-1
accessing a server A-4
automatic cleanup A-3
components
configuring scheduled download 5-3
deploying 5-7
scheduled download behavior 5-3
damage cleanup logs 10-1
manual cleanup A-3
querying damage cleanup logs 10-3
removal from watch list after cleaning A-3
removing a server A-4
server
registering A-2
specifying A-2
settings
modifying A-3
solutions provided by A-2
using A-1
default settings
automatic deployment
default settings 3-6
automatic device connection verification
default settings 3-6
automatic outbreak management tasks 3-5
database backup path 9-13
exception list 3-5
monitored network 3-6
OPACL mode 3-5
overview 3-5
report settings 3-6
scheduled download 3-6
deleting
logs
automatic 10-9
manually 10-9
reports 8-4
deploying
components 5-7
automatic 5-8
manual 5-8
deployment event logs 10-1
querying 10-5
deployment events
severity levels C-2
device information file 4-5
device licenses
ACL 9-9
expiration 9-10
IPS High-end 9-9
IPS Low-end 9-9
renewing 9-10
types 9-9
device list tree
adding groups 4-10
components 3-4
configuring routers 4-14
configuring switches 4-12
copying device settings 4-15
deploying components 5-8
managing groups 4-10
navigating 3-4
removing devices 4-8
removing groups 4-11
searching for antivirus installations 4-15
searching for devices 4-11
using 3-3
Device List window
using 4-2
using the device list tree 3-3
devices
adding
IOS IPS devices 4-4
IPS devices 4-4
multiple 4-5
routers 4-4
selecting device type 4-4
switches 4-4
configuring 4-12
copying settings 4-15
details 4-9
IOS IPS 4-2
IPS
number with current OPSig 6-11
number with out-of-date OPSig 6-11
IPS devices 4-2
managing 4-1
removing 4-8
routers 4-1
configuring 4-14
searching for 4-11
supported 1-7
switches 4-1
configuring 4-12
types 4-1
using the Device List window 4-2
verifying connectivity
by schedule 9-5
manual 4-9
documentation
administrator guide 1-8
online help 1-8
readme 1-8
downloading
components 5-2
by schedule 5-3
manual 5-4
proxy servers 5-5
source 5-4
E
end date and time
OPACL 6-11
error severity level 10-2, C-1
event log errors
notifications 9-2
events
about 10-2
event types
notifications 9-1
exception list
configuring 6-9
default settings 3-5
expiration
device licenses 9-10
licenses
event notifications 9-2
OPACL 6-5
exporting
watch lists 7-4
exporting logs 10-8
F
files
CSV 10-8
license
importing 9-11
Setup.exe 2-2
to add multiple devices
creating 4-5
File Transfer Protocol
Flexlm License Manager 1-8
full version license 9-8
G
generating
reports
automatic 8-3
manual 8-2
getting started with Cisco ICS 3-1
global settings
configuring 9-1
database backup 9-12
managing administrator accounts 9-5
managing licenses 9-8
notifications 9-1
Syslog servers 9-4
verifying device connectivity by schedule 9-5
groups
adding 4-10
AV Software folder
DCS servers A-4
OfficeScan servers 4-16
managing 4-10
removing 4-11
H
header menu 3-2
about Cisco ICS 3-2
Cisco networking solutions 3-2
Cisco products and services 3-2
logging off 3-2
ordering Cisco products and services 3-2
technical support and documentation 3-2
high level risk rating 1-6
host event logs 10-1
querying 10-5
host events
severity levels C-3
host logs 10-7
hosts
automatic cleanup A-3
automatic removal from watch list A-3
cleaning
manual A-3
cleaning up
automatic A-3
host removal from watch list A-3
settings A-2
monitoring for watch list inclusion 7-2
removing from watch list 7-4
viewing on watch list 7-3
HTML 1-5
HTTP proxy settings 5-5
HTTP server
TCP port number used when installing 2-4
HyperText Markup Language
HyperText Transfer Protocol
HyperText Transfer Protocol Secure
I
ICMP 6-9
blocking traffic with an OPACL 6-12
default website 2-3
virtual website 2-3
importing
license file 9-11
incident control system 1-2
elements 1-2
in action 1-2
incident logs 10-2
incidents
about 10-2
severity levels C-3
incident types
notifications 9-1
infected hosts
viewing on watch list 7-3
info severity level 10-2
initiated date and time
viewing a summary of all outbreak management tasks 6-11
installation
preparing for 2-1
procedure 2-2
importing license file 2-4
port number selection 2-3
root account creation 2-4
webserver selection 2-3
installing
Cisco ICS 2-2
port number selection 2-3
webserver selection 2-3
Microsoft .NET Framework 1.1 2-2
Microsoft Data Access Components 2-2
Internet Control Message Protocol
Internet Information Server
Intrusion Detection System Service Module
minimum software version 1-8
Intrusion Prevention System Sensors
minimum software version 1-7
IOS IPS devices 4-2
ip ips sdf location command B-6
IPS devices 4-2
number with current OPSig 6-11
number with out-of-date OPSig 6-11
IPS High-end Licenses 9-9
IPS Low-end Licenses 9-9
J
Java malicious code 1-5
joke programs 1-5
K
Kiwi Syslog Daemon 1-8
known threats 6-2
L
license file 9-11
licenses
ACL 9-9
device
expiration 9-10
renewing 9-10
types 9-9
expiration
event notifications 9-2
importing license file during installation 2-4
IPS High-end 9-9
IPS Low-end 9-9
license file importing 9-11
license summary table 9-11
managing 9-8
preparing 2-1
server
trial and full version 9-8
viewing information 9-11
lifetime
outbreak management tasks 6-3
logging in to
Cisco ICS web console 3-1
DCS web console A-4
OfficeScan server web console 4-16
logging mode
selecting 6-7
from the OPACL Settings window 6-13
when creating an automatic task 6-8
logging off 3-2
logs
about 10-1
alert severity level 10-2
connection status event logs
querying 10-5
damage cleanup incident logs
querying 10-3
viewing 10-4
damage cleanup outbreak logs
querying 10-7
deleting logs
automatic 10-9
for a specific outbreak management task 10-10
deleting logs manually 10-9
deployment event logs
querying 10-5
error severity level 10-2
event logs
querying 10-5
viewing 10-6
exporting logs 10-8
host event logs
querying 10-5
host logs
viewing 10-7
incident logs
querying 10-2
incidents, events, and severity levels 10-2
info severity level 10-2
maintaining logs 10-8
notice severity level 10-2
OPACL matching incident logs
querying 10-2
viewing 10-4
OPACL matching outbreak logs
querying 10-7
OPSig matching incident logs
querying 10-2
viewing 10-3
OPSig matching outbreak logs
querying 10-7
outbreak event logs
querying 10-5
outbreak logs
querying 10-7
viewing 10-7
server update event logs
querying 10-5
severity levels 10-2
connection status events C-3
deployment events C-2
detailed description C-1
host events C-3
incidents C-3
outbreak events C-2
server update events C-2
system events C-1
Syslog servers 9-4
system event logs
querying 10-5
task tracking outbreak logs
querying 10-7
types 10-1
connection status event 10-1
damage cleanup 10-1
deployment event 10-1
host event 10-1
OPACL matching 10-1
OPSig matching 10-1
outbreak event 10-1
server update event 10-1
system event 10-1
using 10-1
low level risk rating 1-6
M
macro viruses 1-5
main menu 3-2
maintaining
logs 10-8
automatic deletion 10-9
deleting for a specific outbreak management task 10-10
deleting manually 10-9
Malware Tester utility 3-8
messages D-15
managing
administrator accounts 9-5
antivirus installations 4-15
certificates 9-6
groups 4-10
licenses 9-8
outbreaks 6-1
Syslog servers 9-4
managing devices 4-1
manual
component deployment 5-8
component download 5-4
damage cleanup A-3
database backup 9-14
device connectivity verification 4-9
log deletion 10-9
outbreak management tasks 6-2
creating 6-6
lifetime 6-3
report generation 8-2
Master Service 1-8
medium level risk rating 1-6
Microsoft .NET Framework 1.1 2-1, 8-2
Microsoft Data Access Components 2.8 2-1, 8-2
minimum system requirements 1-6
mode
OPACL
about 6-4
blocking and logging 6-13
modifying 6-13
selecting with automatic tasks 6-8
selecting with manual tasks 6-7, 6-8
modifying
active OPACLs and Pre-ACLs 6-15
DCS settings A-3
existing outbreak management tasks 6-12
notifications 9-2
OPACL mode 6-13
monitored network
about 7-2
default settings 3-6
including the entire network 7-2
specifying 7-2
multiple devices
adding 4-5
creating a device information file 4-5
N
navigating the device list tree 3-4
navigating the web console 3-2
network-based threats 1-5
network viruses 1-5
viewing in OPACL 6-10
notice severity level 10-2, C-1
notifications
configuring 9-1
incident and event types 9-1
selecting and modifying 9-2
SMTP settings 9-4
token variables 9-3
example message 9-4
O
OfficeScan
accessing a server 4-16
managing installations 4-15
official pattern release
online help 1-8
opening 3-2
OPACL
about 6-4
description 1-4
exception list 6-9
expiration 6-5
matching logs 10-1
mode
about 6-4
blocking and logging 6-13
modifying 6-13
modifying active 6-15
precedence with other ACLs 6-5
stopping 6-11
troubleshooting D-4
verifying deployment 6-5
version on Cisco ICS server 6-11
viewing active 6-11
viewing network viruses 6-10
viewing the end date and time 6-11
OPACL matching
event notifications 9-1
OPACL matching incident logs 10-4
querying 10-2
OPACL matching outbreak logs
querying 10-7
OPACL mode
about 6-2
default setting 3-5
selecting with automatic tasks 6-8
selecting with manual tasks 6-7, 6-8
operating systems
hardware 1-7
system requirements 1-7
web browser 1-7
webserver 1-7
OPP 1-6
OPPs 1-6
OPR 1-6
OPSig
about 6-6
downloading and deploying 6-6
verifying deployment 6-6
description 1-4
downloads
event notifications 9-2
matching logs 10-1
number of IPS devices with current 6-11
number of IPS devices with out-of-date 6-11
troubleshooting D-5
version on Cisco ICS server 6-11
OPSig matching
event notifications 9-1
OPSig matching incident logs 10-3
querying 10-2
OPSig matching outbreak logs
querying 10-7
ordering Cisco products and services 3-2
outbreak event logs 10-1
querying 10-5
outbreak events
severity levels C-2
outbreak logs 10-7
outbreak management 6-1
outbreak management reports
about 8-1
accessing from the Outbreak Reports window 8-4
accessing the latest for a task 8-3
creating and viewing 8-2
deleting 8-4
generating
automatic 8-3
manual 8-2
viewing 8-3
outbreak management task
download schedule precedence 5-4
outbreak management tasks
about 6-1
automatic
red alerts 6-8
yellow alerts 6-8
creating automatic 6-8
creating manual 6-6
exception list 6-9
known threats 6-2
lifetime 6-3
log deletion 10-10
modifying existing tasks 6-12
OPACL mode
about 6-2
OPACLs 6-2
OPSigs 6-2
outbreak logs
querying 10-7
start
event notifications 9-2
stop
event notifications 9-2
stopping 6-13
stopping a running task 6-14
terms and concepts 6-2
types 6-2
viewing a summary of all tasks 6-10
viewing the initiated date and time 6-11
Outbreak Prevention Access Control List
outbreak prevention policy
Outbreak Prevention Signature
outbreak reports
generation
event notifications 9-2
Outbreak Reports window 8-4
outbreaks
about outbreak management tasks 6-1
known threats 6-2
managing 6-1
OPACL mode
about 6-2
OPACLs 6-2
OPSigs 6-2
outbreak management task lifetime 6-3
outbreak management task terms and concepts 6-2
outbreak management task types 6-2
P
port number selection during installation 2-3
ports
commonly used 1-8
port 22 (SSH) 1-8
port 23 (Telnet) 1-8
port 443 (HTTPS) 1-8
port 80 (HTTP) 1-8
exception list defaults 3-5
port 25 (SMTP) 9-4
port 514 (Syslog server) 9-4
Pre-ACL
about 6-5
modifying active 6-15
precedence with other ACLs 6-5
precedence of download schedules 5-3
preparing
for installation 2-1
licenses 2-1
proxy server information 2-1
root account 2-1
webserver information 2-1
Problems D-4
protecting the network 3-7
protocols
commonly used 1-8
proxy server information
preparing 2-1
proxy servers
downloading components 5-5
selecting protocol 5-5
public key D-5
Q
querying
connection status event logs 10-5
damage cleanup incident logs 10-3
damage cleanup outbreak logs 10-7
deployment event logs 10-5
event logs 10-5
host event logs 10-5
incident logs 10-2
OPACL matching incident logs 10-2
OPACL matching outbreak logs 10-7
OPSig matching incident logs 10-2
OPSig matching outbreak logs 10-7
outbreak event logs 10-5
outbreak logs 10-7
server update event logs 10-5
system event logs 10-5
task tracking outbreak logs 10-7
R
readme 1-8
red alerts
creating an automatic outbreak management task 6-8
registering
product registration during installation 2-4
removing
DCS server A-4
devices 4-8
groups 4-11
hosts from watch list 7-4
renewing
device licenses 9-10
replicating
device settings 4-15
reports
about 8-1
accessing from the Outbreak Reports window 8-4
accessing the latest for a task 8-3
creating and viewing 8-2
deleting 8-4
generating
automatic 8-3
manual 8-2
generation
event notifications 9-2
installing components for report generation 2-2
viewing 8-3
report settings
default settings 3-6
risk index 7-2
watch lists
risk index 7-3
risk ratings
levels 1-6
high 1-6
low 1-6
medium 1-6
overview 1-6
root account
about 9-6
creating during installation 2-4
preparing 2-1
routers 4-1
Cisco Integrated Services Routers
minimum software version 1-7
configuring 4-14
interface settings 4-14
minimum software version 1-7
running
outbreak management tasks
stopping 6-14
S
scheduled download
default settings 3-6
schedules
components download
behavior 5-3
database backup 9-13
downloading components 5-3
verifying device connectivity 9-5
searching
devices 4-11
OfficeScan server installations 4-15
servers
DCS
accessing A-4
adding A-2
removing A-4
specifying A-2
server update event logs 10-1
querying 10-5
server update events
severity levels C-2
services 1-8
settings
configuring router interface 4-14
configuring switch interface 4-12
configuring switch VLAN 4-13
copying device 4-15
Setup.exe 2-2
severity levels
about 10-2
connection status events C-3
deployment events C-2
detailed description C-1
host events C-3
incidents C-3
outbreak events C-2
server update events C-2
system events C-1
Simple Mail Transfer Protocol
SMTP 9-4
ports 9-4
snapping in an OfficeScan server 4-16
software versions supported
Adaptive Security Appliances with Advanced Inspection and Prevention Modules 1-8
Intrusion Detection System Service Module 1-8
Intrusion Prevention System Sensors 1-7
routers 1-7
Cisco Integrated Services Routers 1-7
switches 1-7
source
component download 5-4
specifying
database backup location 9-13
DCS servers A-2
monitored network 7-2
spyware A-2
spyware cleanup template
description 1-4
SSL
enabling when installing 2-3
stopping
an OPACL 6-11
outbreak management tasks 6-13
summary
all outbreak management tasks 6-10
license information 9-11
switches 4-1
configuring 4-12
interface settings 4-12
VLAN settings 4-13
minimum software version 1-7
Syslog servers 9-4
ports 9-4
recommended 1-8
system event logs 10-1
querying 10-5
system events
severity levels C-1
system requirements 1-6
supported devices 1-7
T
task tracking outbreak logs
querying 10-7
adding ports to the exception list 6-9
blocking traffic with an OPACL 6-12
technical support and documentation 3-2
testing OPACL and OPSig matching 3-8
messages with the Malware Tester utility D-15
threats
ActiveX controls 1-5
boot sector viruses 1-5
COM and EXE file infectors 1-5
grayware and spyware A-2
high risk 1-6
Java malicious code 1-5
joke programs 1-5
known 6-2
low risk 1-6
macro viruses 1-5
medium risk 1-6
network-based 1-5
overview 1-5
spyware A-2
Trojans 1-5
about A-1
VB script, JavaScript, and HTML viruses 1-5
worms 1-5
token variables
notifications 9-3
example message 9-4
Transmission Control Protocol
TrendLabs 1-2
risk rating levels 1-6
high 1-6
low 1-6
medium 1-6
risk ratings overview 1-6
Trend Micro
ActiveUpdate server
download source 5-4
OfficeScan
accessing a server 4-16
managing 4-15
public key D-5
TrendLabs 1-2
trial version license 9-8
Trojans 1-5
about A-1
types of devices 4-1
U
UDP
adding ports to the exception list 6-9
blocking traffic with an OPACL 6-12
uninstallation
procedure 2-5
uninstalling
Cisco ICS 2-5
notes 2-5
untrusted certificates 9-7
updating
about 5-1
component deployment 5-7
automatic 5-8
manual 5-8
component download 5-2
by schedule 5-3
manual 5-4
source 5-4
components 5-1
downloading components
proxy servers 5-5
using and alternate update source 5-5
verifying 5-2
URL
web console 3-1
user accounts
about 9-6
creating 9-6
User Datagram Protocol
using
logs 10-1
V
VB script, JavaScript, and HTML viruses 1-5
verifying
device connectivity
by schedule 9-5
manual 4-9
OPACL deployment 6-5
viewing
active OPACL 6-11
a summary of all outbreak management tasks 6-10
device details 4-9
host logs 10-7
hosts on a watch list 7-3
license information 9-11
network viruses in OPACL 6-10
number of hosts in watch list 6-11
OPACL end date and time 6-11
reports 8-3
task initiated date and time 6-11
the last database backup 9-12
viewing damage cleanup incident logs 10-4
viewing event logs 10-6
viewing OPACL matching incident logs 10-4
viewing OPSig matching incident logs 10-3
viewing outbreak logs 10-7
viruses
boot sector 1-5
macro 1-5
network 1-5
VB script, JavaScript, and HTML 1-5
W
watch lists
about 7-1
automatic cleanup A-3
automatic removal A-3
exporting 7-4
manual cleanup A-3
monitored network
about 7-2
including the entire network 7-2
removing hosts 7-4
risk index 7-2
the monitored network
specifying 7-2
viewing number of hosts 6-11
viewing the Watch List window 7-3
Watch List window
viewing 7-3
web console
accessing
OfficeScan 4-16
accessing Cisco ICS 3-1
device list tree 3-3
components 3-4
header menu 3-2
about Cisco ICS 3-2
Cisco networking solutions 3-2
Cisco products and services 3-2
logging off 3-2
online help 3-2
ordering Cisco products and services 3-2
technical support and documentation 3-2
installing with SSL 2-3
main menu 3-2
navigating 3-2
timeout 3-1
using 3-1
valid URLs 3-1
webserver
Apache 2-3
minimum requirements 1-7
IIS 2-3
default website 2-3
minimum requirements 1-7
virtual website 2-3
information
preparing 2-1
selection during installation 2-3
worms 1-5
Y
yellow alerts
creating an automatic outbreak management task 6-8
Posted: Fri Apr 7 10:14:38 PDT 2006
All contents are Copyright © 1992--2006 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.