|
Table Of Contents
Supported Devices and Software Versions for Cisco Security MARS Local Controller 4.2.x and 5.2.x
Supported Local Controller Appliances
Appliance Models Supported with 5.2.x
Appliance Models Supported with 4.2.x
Supported Reporting and Mitigation Devices
Interoperable Supporting Services
Supported Devices and Software Versions for Cisco Security MARS Local Controller 4.2.x and 5.2.x
Revised: June 6, 2007
This document includes:
• Supported Local Controller Appliances
• Supported Reporting and Mitigation Devices
• Interoperable Supporting Services
Supported Local Controller Appliances
The software that supports the Local Controller appliance varies depending on the model of the appliance:
• Appliance Models Supported with 5.2.x
• Appliance Models Supported with 4.2.x
Appliance Models Supported with 5.2.x
Cisco Security MARS version 5.2.x supports the following Cisco Security MARS Local Controller appliances:
•Cisco Security MARS 110 (CS-MARS-110-K9)
•Cisco Security MARS 110R (CS-MARS-110R-K9)
•Cisco Security MARS 210 (CS-MARS-210-K9)
Appliance Models Supported with 4.2.x
Cisco Security MARS version 4.2.x supports the following Cisco Security MARS and Protego Networks MARS Local Controller appliances:
•Cisco Security MARS 20 (CS-MARS-20-K9)
•Cisco Security MARS 20R (CS-MARS-20R-K9)
•Cisco Security MARS 50 (CS-MARS-50-K9)
•Cisco Security MARS 100 (CS-MARS-100-K9)
•Cisco Security MARS 100e (CS-MARS-100E-K9)
•Cisco Security MARS 200 (CS-MARS-200-K9)
•Protego Networks PN-MARS 20
•Protego Networks PN-MARS 50
•Protego Networks PN-MARS 100
•Protego Networks PN-MARS 100e
•Protego Networks PN-MARS 200
Supported Reporting and Mitigation Devices
Table 1 lists the devices supported upon release of Cisco Security MARS Local Controller 4.2.x and 5.2.x. It also identifies what protocols are used to retrieve configuration and event data, as well as the protocol used to mitigate attacks (if that device supports mitigation).
Note Release 5.2.4 reporting and mitigation device support is identical to Release 4.2.2 reporting and mitigation device support.
The Added to GUI As column identifies how you add the device type using the Cisco Security MARS web interface. The classifications used are defined as follows:
•HW. Indicates that you add the device directly as a hardware-based security device.
•HW-switch. Indicates that you add the device as a module after you define a base switch.
•HW-router. Indicates that you add the device as a module after you define a base router.
•HW-ASA. Indicates that you add the device as a module after you define a Cisco Adaptive Security Appliance.
•host. Indicates that you add this device as a host operating system.
•SW-host. Indicates that you add this device as a software application after you define a base host.
•ODS. Indicates that you add this device as an on-demand security service.
Table 1 Supported Reporting and Mitigation Devices for Cisco Security MARS Local Controller 4.2.x
Device Type /Vendor Supported Versions Protocol: Configuration Retrieval Protocol: Event Retrieval Protocol: Mitigation Add to GUI As CSV Keyword Router / Switch DevicesCisco Router
Cisco IOS 11.x, 12.2
FTP, SNMP, SSH, Telnet
Syslog (from device),
NetFlow v1, v5
SNMP
HW
IOS
Cisco Router Module
Cisco IOS 12.2
FTP, SNMP, SSH, Telnet
Syslog (from device),
NetFlow v1, v5
SNMP
HW-switch
SWITCH-IOS
Cisco Switch
CatOS 6.x
IOS 12.2
FTP, SNMP, SSH, Telnet
Syslog (from device),
NetFlow v1, v5, v71
SNMP
HW
SWITCH-CATOS
Extreme ExtremeWare
6.x
SNMP
Syslog (from device)
SNMP
HW
EXTREME
Generic Router
Unknown
SNMP
Syslog (from device)
—
HW
Firewall DevicesCisco PIX
6.0, 6.1, 6.2, 6.3
FTP, SSH, Telnet
Syslog (from device)
—
HW
PIX
Cisco PIX
7.0
FTP, SSH, Telnet
Syslog (from device)
—
HW
PIX7X
Cisco Adaptive Security Appliance (ASA)
7.0.1
FTP, SSH, Telnet
Syslog (from device)
—
HW
ASA
Cisco Firewall Services Module (FWSM)
1.1, 2.2, 2.3, 3.1
FTP, SSH, Telnet
Syslog (from device)
—
HW-switch (IOS 12.2 or CatOS)
FWSM
Cisco IOS Firewall Feature Set
12.2(T) and later
FTP, SNMP, SSH, Telnet
Syslog (from device)
—
Juniper Netscreen
ScreenOS 4.0, 5.0
SNMP, SSH, Telnet
Syslog (from device)
—
HW
NETSCREEN
Check Point Opsec NG and Firewall-1
NG FP3,
NG AI (R55), NGX AI (R60) up to build 244SSLCA, CLEAR, ASYMSSLCA
(OPSEC-CPMI)
OPSEC-LEA (from Log Server or Management Server)
—
SW-host
Nokia Firewall (running Check Point)
NG FP3, NG AI (R55), NGX (R60)
SSLCA, CLEAR, ASYMSSLCA
(OPSEC-CPMI)
OPSEC-LEA (from Log Server or Management Server)
—
SW-host as ChcekPoint
VPN DevicesCisco VPN 3000 Concentrator
4.0.3, 4.7
SNMP
Syslog (from device)
—
HW
Network IDSCisco Network IDS
3.1
SSH, Telnet
POP (from device)
—
HW
Cisco IDSM
3.1
SSH, Telnet
POP (from device)
—
HW-switch
Cisco Network IDS
4.0
SSL
RDEP (from device)
—
HW
CiscoIDS4x
Cisco IDSM
4.0
SSL
RDEP (from device)
—
HW-switch
CiscoIDS4x
Cisco Intrusion Prevention System (IPS), IDSM-2 module
5.0, 5.1
SSL
SDEE (from device)
—
HW
CiscoIPS5x
Cisco IPS ASA module
5.0, 5.1
—
SDEE (from device)
—
HW-ASA
CiscoIPS5x
Cisco IOS IPS (software only)
12.3(8)T or later.
FTP, SNMP, SSH, Telnet
SDEE (from device)
—
HW-switch,
HW-router
IntruVert IntruShield
1.5
—
SNMP (from Management Server)
—
SW-host
Juniper Netscreen IDP
2.1
—
SNMP (from Management Server)
—
SW-host
Symantec ManHunt
3.x
—
SNMP (from Device)
—
SW-host
ISS RealSecure Sensor
6.5, 7.0
—
SNMP (from Device)
—
SW-host
Snort
2.0
—
Syslog (from Device)
—
SW-host
Enterasys Dragon
6.x
—
Syslog (from Manager)
—
SW-host
Host IDSCisco Security Agent
4.0, 4.5
SNMP (from CSA MC)
—
SW-host
McAfee Entercept
2.5, 4.0
—
SNMP (from Management Server)
—
SW-host
ISS RealSecure Host Sensor
6.5, 7.0
—
SNMP (from Device)
—
SW-host
Anti-virusSymantec Anti Virus
9.x
—
SNMP (from Management Server)
—
SW-host
Cisco Incident Control System (Cisco ICS), Trend Micro Outbreak Prevention Service (OPS)
1.0
—
Syslog (from CICC Server)
—
SW-host
McAfee ePolicy Orchestrator
3.5
SNMP (from Management Server)
SW-host
Network Associates VirusScan
8.x
—
SNMP (from Management Server)
—
SW-host
Vulnerability AssessmenteEye REM
1.0
MS SQL
JDBC (from REM server)
—
SW-host
Qualys QualysGuard
3.x
—
HTTPS (using XML via API)
—
ODS
Foundstone Foundscan
3.0
MS SQL
JDBC (from Management Sever)
—
SW-host
Host OSesSee Configuring Generic, Solaris, Linux, and Windows Application Hosts.
Windows
NT, 2000, 2003
—
Syslog (from SNARE agent) or MS-RPC event pull
—
host
WINDOWS,
WindowsNT
Windows2000
Windows2003
Solaris
8.x, 9.x, 10.x
—
Syslog (from Device)
—
host
SOLARIS
Redhat Linux
7.x, 8.x
—
Syslog (from Device)
—
host
LINUX
Web ServersMicrosoft Internet Information Server
Any
—
Syslog (from SNARE agent)
—
SW-host
Sun iPlanet
Any
—
HTTP (from Cisco Security MARS Agent)
—
SW-host
Apache
Any
—
HTTP (from Cisco Security MARS Agent)
—
SW-host
Web Proxy DevicesNetwork Appliance NetCache
Generic
—
HTTP
—
HW
Database ServersOracle Database
9i, 10g, Generic
TCP
SQLNet (from Host)
—
SW-host
AAA ServersCisco Secure Access Control Sever (ACS)
3.3, 4.x2
—
Syslog (from pnLog Agent)
—
SW-host
Cisco Secure ACS Solutions Engine
3.3, 4.x
—
Syslog (from pnLog Agent running on remote logging host)
—
SW-host
Syslog Servers and SNMP DevicesSee Configuring Generic, Solaris, Linux, and Windows Application Hosts.
Generic Devices
Any
—
SNMP (from Device)
Syslog (from Device)
—
SW-host
1 NetFlow v7 supports only Catalyst 5000 switches with Sup III and the NFFC and NFFC II cards, which reached end of support in May 2005.
2 Cisco Secure ACS 4.x support is provided via the pnLog Agent, not through the syslog format found in Cisco Sucre ACS.
Interoperable Supporting Services
Supporting services are defined as those network services that extended functionality of Cisco Security MARS. Table 2 lists those proven, tested, and version specific services.
Table 2 Interoperable Supporting Services for Cisco Security MARS Local Controller 4.2.x
Device Type /Vendor Supported Versions Protocol: Configuration Retrieval Protocol: Event Retrieval Protocol: Mitigation Add to GUI As CSV Keyword Cisco ProductsCisco Security Manager
3.0
—
HTTPS (policy lookup, not event data)
—
SW-host
—
NFS ServersSupport for Cisco Security MARS configuration and event backups. See Configuring and Performing Appliance Data Backups.
Microsoft Windows Services for UNIX (SFU)
See http://technet.microsoft.com/en-us/interopmigration/bb380242.aspx
and
3.5
NFS (MARS archive mount, not retrieval of NFS server logs)
—
—
—
—
Linux NFS
2, 31
NFS (MARS archive mount, not retrieval of NFS server logs)
—
—
—
—
1 Full support of NFS v4 is not provided, as it may require an additional authentication method.
Posted: Wed Jun 6 08:57:27 PDT 2007
All contents are Copyright © 1992--2007 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.