Home

netasq event analyzer v. 1.0 web portal user guide

image

Contents

1. Q I Contains report books about General threats antivirus antispam on HTTP SMTP and Content Filtering FTP E Antispam for SMTP and POP3 URL filters for web browsing Firewall Contains report books that show the accepted and blocked services a EE ger eme Cs system E a 7 a 5 Ga S ons E I Vulnerabilities Contains report books that show the vulnerabilities SEISMO has detected Copyright NETASQ 2010 27 86 5 USER GUIDE 4 RUNNING MENU ITEMS By clicking on a type of report the list of available report books will appear in the central zone of the web portal as displayed in the following screenshot Q EVENT ANALYZER Configuration Serveur Web Firewall Taille Modification Cr ation T 1238844 29 04 2010 01 05 09 31 05 2010 15 07 23 E NETASQ Reports 4f F
2. Sets the number of records to display in the web part content area o NOTE Page Size This value is only relevant for the Highlights or Information content areas It is related to the number of records to display for each page If the contents to display exceed the specified number the web part content area will provide links to manage several pages Selects the appearance of the web part content area by choosing one Only or None Selects the direction of the web part content area by choosing one of of the following values Default Title and Border Title Only Border the following values Not Set Left to right or Right to left Sets a value for the height of the web part content area O NOTE Copyright NETASQ 2010 This value is only relevant for a Display content area Indeed for Highlights and Information contents the height of the web part depends on the number of records to display 62 86 T SQY o NOTE For the Height and Width parameters the pixel unit can be changed to other units by using the drop down list displayed below USER GUIDE 6 WEB PARTS MANAGEMENT Ti Ti y j 5 ib Ti r in E E F El Click on the Apply button to check the changes wARNING In certain cases the Apply button will not immediately display the new appearance You must click on OK and then Finish in order to see the result
3. Subject Text Enter your text Attachment Destination uh lt gt T O NOTE The Save task button is only accessible on administrator accounts Fill in the task definition parameter according to the table below e Description Set the name of the task This field will help to identify the task when will use it the task scheduler This is the directory that will store the customized report that will be created by the task Destination directory Click on the browse icon and select the directory e M M MM M M M i M M M M Destination file Seta name for the report file that will be generated M M M From the drop down list choose a suffix to add to the report file name Suffix Omne If you plan to use this task periodically we recommend that you use a suffix that will allow the end user to identify the report by its date Copyright NETASQ 2010 24 86 NETASQ 5 USER GUIDE 4 RUNNING MENU ITEMS Destination directory is of the shared folders you can view the Menus panel see below By default these shared folders and sub directories can be used because all new files created in these directories can be acc
4. Cubes O Source Ignore for all n Content Filtering Cube Correlation Cube O Destination Ignore for all ne ion Cu tid Cubes Output Format HTML ny IPS Cubes n Proxy Cubes 3 NETASQ Utilities amp 3l Database Status Scheduled Tasks amp Tasks Web Part Configuration Content Builder Web Server Administration Termin Internet 100 O NOTE The list of available parameters depends on the report type the user has chosen Set the parameter values used in selecting the log records o RECOMMENDATION Logs may be difficult to analyze if a huge volume of log records has been selected Moreover in order to save server performance the selection is limited to 100 000 records So we strongly recommend that you define the selection parameters specifically Finish selecting logs for the cube according to your objective run the cube export the cube to a file or Save it as a task Copyright NETASQ 2010 34 86 NET SO USER GUIDE 4 RUNNING MENU ITEMS The table below explains the use of the different types of cube results Cube result Usage R The end user will be able to analyze logs through the web portal He un cube may also save the result on his local disk Exported file The selected log records are put in pdf file without any formatting The administrator can create a task for further log analyses with 2 main reasons cube res
5. Start Date and Time 7 2 2010 1 00 00 Specify the Start Date and Time The task will saved until you decide to delete it later 5 3 4 3 Daily The task will run everyday starting at the specified date and time Frequency Daily Start Date and Time 7 2 2010 1 00 00 C End Date Run the Scheduled Task every 1 Day s Specify the Start Date and Time Specify an End Date if necessary Define whether the task must be run everyday or every X days via the field Run the Scheduled Task every x Day s Copyright NETASQ 2010 57 86 NETASO USER GUIDE 5 TASK SCHEDULING 5 3 4 4 Weekly The task will run each week starting at the specified day and time 1 Frequency Weekly Start Date and Time 7 2 2010 1 00 00 AM Date Run the Scheduled Task every 1 Weekf s on Monday Saturd Tu esday Sunday Wednesd ay Thursday Friday Specify the Start Date and Time Specify an End Date if necessary Define whether the task must be run every week or every X weeks via the field Run the Scheduled Task every x Week s Specify which day s of the Week you need to run this scheduled task by selecting the check boxes representing the days of the week as appropriate 5 3 4 5 Monthly The task will run each month starting at the specified date and time In this example Monthly will be selected Frequency Monthly Start Da
6. 5 USER GUIDE NETASQ EVENT ANALYZER V 1 0 WEB PORTAL USER GUIDE Date Version Author July 2010 NETASQ Reference naengde_nea web portal 5 i USER GUIDE Copyright NETASQ 2010 All rights reserved Any reproduction adaptation or translation of this current document without prior written permission is prohibited except where expressly allowed by copyright laws NETASQ applies a method of continual development and as such reserves the right to modify and improve any product described in the document without prior notice Under no circumstances shall NETASQ be held liable for any loss of data or revenue or any special damage or incident resulting from or indirectly caused by the use of the product and its associated documentation The contents of this document relate to the developments in NETASQ s technology at the time of its writing With the exception of the mandatory applicable laws no guarantee shall be made in any form whatsoever expressly or implied including but not limited to implied warranties as to the merchantability or fitness for a particular purpose as to the accuracy reliability or the contents of the document NETASQ reserves the right to revise this document to remove sections or to remove this whole document at any moment without prior notice To ensure the availability of products which may vary according to your geographical locations contact your nearest
7. NET SQY By clicking on the We secure IT Jogo in the top left corner of the NETASQ Event Analyzer Web Portal you can go back to the Home Page and display the result The Web Part appears in a new Web Parts tab in the right panel o NOTE 6 5 DELETING A WEB PART Deleting a web part allows the administrator to remove a web part object The area will be permanently removed from the web part tab To access the NETASQ Event Analyzer web part deletion Click on the menu Web Part Configuration Click on the Edit button The following screen will appear in the right panel The web part area to be removed should be previously unpublished To remove web part area from the publication please refer to the section 6 4 Publishing a Web part 2 Select the web part area to delete E Click on the black arrow to the right of the content area to delete Click on the Delete command The administrator will be prompted to confirm Message from webpage mxm a You are about to permanently delete this Web Part Are you sure you WE wantto do this To delete this Web Part click To keep this Web Part click Cancel Copyright NETASQ 2010 65 86 NETASQ b USER GUIDE 6 WEB PARTS MANAGEMENT E Click on ok to confirm the web part area deletion Click on Finish to finish deleting the the web part area Web Part Configuration Web Parte New Edit Copyright NETASQ 201
8. x Field u Description A SA SEES Defines a name for the task This name will be used to identify the Task Name task for scheduling purposes Sets the pathname of the file that embeds the commands to be run Run Command The file of run commands may be a VBS script bat exe file Copyright NETASQ 2010 50 86 5 5 USER GUIDE 5 TASK SCHEDULING Click on the Save button The task will be available in the task node for scheduling management purposes 5 2 4 Editing a task Editing a task allows an administrator to modify the task behavior To access the task edition Click on the menu Scheduled Tasks amp TasksN Tasks BB in the left menu select the task to edit Web Server Configuration edi Menus Scheduled Tasks Tasks E Scheduled Tasks 4 ga NETASQ Event Analyzer Scheduled Dashboards E 2 Purge Alerts Tables SE Tasks amp Continue if first of the month HINETASQ Mobility Daily Dashboard al METASQ Mobility Monthly Dashboard Y 5 Spams Content Filtering Daily Dashboard 9 METASQ Spams Content Filtering Monthly Dashboa MINETASQ Threats Content Filtering Daily Dashboard SNET ASQ Threats Content Filtering Monthly Dashboa 5 LIRL Content Filtering Daily Dashboard A 5 URL Content Filtering Monthly Dashboard _
9. Firewall Daily 100514 pdf 1016 242 15 05 2010 01 01 32 31 05 2010 15 07 26 LO Firewall Daily 100515 pdf 724903 16 05 2010 01 00 41 31 05 2010 15 07 26 Firewall Daily 100516 pdf 727 581 17 05 2010 01 00 35 31 05 2010 15 07 26 gt According to the data that have been treated two types of reports may be displayed Daily report which shows hourly events that have been raised through NETASQ product logs Monthly report which shows daily events that have been raised through NETASQ product logs Click the report book you want to view It will appear in the central zone as displayed below 5 Q EVE EVENT ANALYZER Configuration Serveur Web ff f NETASQ Reports E Jj ka Generated Reports Content Filtering gt Signets x Firewall d Options ag IPs Mobili Eie MINE obility 3 ty Dashboar 2 internal Users gt f A Proxy es d 68 External Destnators 2 4 us Vulnerabilities Ep mema severs Customized Reports 8 NETASQ Detailed Analysis amp g NETASQ Utilities Planifications amp Taches Configuration des Web Parts Edition des Flux Administration Serveur Web Report printed on Thurscay 29 2010 at 01 04 M 4 3 CUSTOMIZED REPORTS The customization of the NETASQ Event Analyzer reports helps the end user achieve two main goals To examine log information for the purpos
10. If the user name and the password match an allowed login the following screen will appear r f NETASQ Event Analyzer Web Portal Menus Microsoft Internet Explorer fourni par Netasq y v 6 http 10 2 4 8 dvweb Default aspx NoInit 1 sien x 217 Fichier Edition Affichage Favoris Outils w d e NETASQ Event Analyzer Web Portal Menus NET SQ Q EV NETASQ ENT ANALYZER tA 1 27 Page gt 9 Outils Ay Web Server Configuration Your Server Administrator Credentials User ADMIN Groups ADMIN IP 10 201 Theme NETASQ new Language S i B Display banner Add a Home Page Logout Menus Scheduled Tasks amp Tasks Web Part Configuration Content Builder Web Server Administration Internet amp 100 Q NOTE The displayed User field and the groups it belongs to depend on the user name set in the login page Copyright NETASQ 2010 12 86 5 USER GUIDE 3 WEB PORTAL CONFIGURATION 3 WEB PORTAL CONFIGURATION 3 1 DESCRIPTION The Web Server Configuration enables any user regardless of his profile to perfom the following actions Check the login credentials Check the connection parameters o Modify the NETASQ Event Analyzer Web Portal s home page Log out of the application To access the web server configuration Click on the menu Web Server Configuration T
11. T m mom elzftzona wid diss gn ter cma vd die ghizone Add Web Part to this zone by dropping it here Add a Web Part to zone by dropping it here Add a Web Part to zone by dropping it here ena Add a Web Part to zone by dropping t here Modify the web part display by changing the zone of a web part or by configuring the appearance design To modify the display appearance please refer to the section 6 3 1 Configuring the web part design In the Web Part Configuration menu click on the Finish button to finish editing web parts 6 3 1 Configuring the web part design To configure the design of a web part From the menu Web Part Configuration New Web Part Configuration Edit T Select the web part to design Click on the black arrow to the right of the content area to modify Click on the Edit command Copyright NETASQ 2010 61 86 T SQY USER GUIDE 6 WEB PARTS MANAGEMENT The Editor zone will appear in the right panel Editor Zone gissa Appearance Add a Web Part to this zone by dropping t here Set the parameters according to the explanations provided in the table below
12. 3 86 T SQY USER GUIDE 4 RUNNING MENU ITEMS Remove View Save Data and Presentation As Save Data As Allows the end user to rename a Cube View or Chart View First select the View to be renamed before using this command Allows the end user to remove a Cube View or Chart View First select the View to be removed before using this command O WARNING If you are removing a Cube View linked to a Chart View a message will appear explaining that the Chart View is linked to the Cube View and that you will also lose these views Click OK only if you accept losing both views Allows the end user to save log records the data and the created grid and chart to keep the dimension and measure organization 7 More information about the use of saved presentations and data will be provided in the section 4 4 5 Managing local cube storage Allows the end user to only save log records and use it with a previously saved presentation Q NOTE More information about the usage of saved presentation and data will _ be provided in the section 4 4 5 Managing local cube storage 4 4 5 Managing local cube storage Once the end user has performed his log analysis he can save it on his own hard disk Then he will be able to either transmit the file to his manager or to reuse it to perform the same analysis on other log records It helps the end user to keep the presentation he made in the log reco
13. MINETASQ Vulnerabilities Daily Dashboard al METASQ Vulnerabilities Monthly Dashboard Copyright NETASQ 2010 51 86 5 USER GUIDE 5 TASK SCHEDULING In the right panel click on the icon 2 Edit Task The following screen will appear in the right panel Parameters Select the Period Other for a Date dena mal Select the Date if Other selected SANTOS El Firewall Ignore for all MORE mai O Source Ignore for all ABE ma a Destination Ignore for all NORE Source and Destination Top N Services by Source and Destination Ignore for all 5 eal Source Area for reports 05 and 06 ignore for all SNORE m a Destination Area for reports 05 and 06 ignore for all men Top M Users 3 men Top N Visitors 3 men Top M Inceming Outgoing Services 130 men Incoming and Outgoing Services sorted by de imet PDF Destination Task Name MetReport Firewall Daily Dashboard Destination Directory NETASO Reports Generated Reports Firewall mti Destination File Firewall Daily pdf Suffix WMMDD 1 3 Alert J Send an Alert 2s Ses Gams The displayed screen depends the kind of task previously selected In the example below the task concerns the automatic generation of the daily firewall dashboard Update the parameters as needed Click on the Save button to finish updating the task 5 2 5 Deleting a task Deleting a task al
14. dans 0 mois en 0 mesos In 0 Monaten mois cours 0 meses aquest mes Dieser Monat mois courant mes actual 1 month ago ily a 1 mois Vor 1 Monat hace 1 mes last month mois dernier Letzter Monat mes pasado in O mesi om 0 manader questo mese denna manad in months this month In 1 Monat en 1 mes in 1 mese Nachster proper mes mese Monat proximo mes seguent prossimo om 1 m nad n sta m nad in 1 month dans 1 mois next month mois prochain Copyright NETASQ 2010 84 86 5 5 USER GUIDE 9 WORKING WITH DATE KEYWORDS in x months dans x mois Inx Monaten enxmeses inxmesi om x m nader since 0 desde 0 des de 0 months depuis 0 mois Letzte 0 meses mesos des since this depuis ce mois Monate desde este d aquest month mes mes sedan 0 da 0 mesi manader sedan 1 manad sedan f rra manaden depuis le mois Seit Letztem desde el des del mes da mese mes pasado dernier depuis Monat Seit 1 passat des scorso da 1 1 1 mois Monat d 1 mes mese since 1 month since last month Letzte x desde x des de x sedan X fino a 1 until next mois jusqu au Bis Nachster hasta el fins el mes mesa till nasta month mois prochain Monat mes pr ximo seg ent prossimo m naden until 1 month jusque dans 1 Bis 1 Monat hasta 1 mes fins 1 mes till 1 m nad ntil x j
15. Attachment 0 NOTE You can click on the Generate VB Script icon to manage this task by customizing the visual basic script This feature is reserved for advanced users You will be prompted to copy the script in the clipboard LT Click on the button Save to save the task in the list that will be used to build a scheduled task 4 2 GENERATED REPORTS The menu item Generated Reports allows end users to access the reports NETASQ Event Analyzer generated The reports are generated according to the administrator s configuration The generated reports are books that contain a dashboard and a list of specific reports Copyright NETASQ 2010 26 86 5 USER GUIDE 4 RUNNING MENU ITEMS To access the menu item Generated Reports in the NETASQ Event Analyzer web portal Click on the item Menus NNETASQ Reports Generated Reports Web Server Configuration E METASQ Reports Ep a Generated Reports Content Filtering Firewall Lj IPS Ca Mobility Proxy Vulnerabilities La Customized Reports E NETASO Detailed Analysis pal Cubes NETASQ Utilities La Database Status Scheduled Tasks amp Tasks Web Part Configuration Content Builder Web Server Administration Click the type of reports you want to access according to the descriptions provided below Q u
16. CONTENT BUILDER 7 4 4 Deleting an RSS feed From the menu Content Builder RSS Feed follow the steps below hu Click on the Remove icon to the left of the RSS Feed to delete The following screen will appear in the right panel ra Click on OK to continue Copyright NETASQ 2010 77 86 NETASQ h USER GUIDE 8 WEB SERVER ADMINISTRATION 8 WEB SERVER ADMINISTRATION The Web Server Administration feature in NETASQ Event Analyzer allows the administrator to check the number and the type of connected users Web Portal License 0 0 CAL s 1 10 Concurrent si AllowClient amp ccess license Product Name IP Lifetime Concurrent WebPortal ADMIN 10 2 0 1 6 3 2010 3 40 42 PM The Web Server Administration table displays the following License type For NETASQ Event Analyzer only Concurrent Users is displayed Product For NETASQ Event Analyzer only Web portal is displayed User Name The connected user s User ID IP Address IP of the connected user computer IPV4 or IPV6 Lifetime This information gives the date and time when the user will be disconnected if there is no activity on the Web Portal o NOTE After 10 minutes without activity a concurrent user will be disconnected The Lifetime displays the last lifetime that was valid before the timeout The Administrator can disconnect any user from this screen using the Remove icon This is useful if you want to manage concurrent access on the web
17. Click on the OK button to close the web part editor zone Click on the Finish button to finish editing the web part The new Web Part will appear but then needs to be published Web Part Configuration Web Parts 6 3 1 1 Specific design parameters Some design parameters depend on the web part content type The table below lists those parameters and provides a description Field Content type Description Paqe Size Highlight Defines the number of records to display per page in the 9 Information web part content area Sets the content URL that should be displayed in the URL to display Display web part content area For instance paste the URL copied from the report screen Optional URL for E Sets a URL that would be linked to the title of the web Display Title part display area This parameter is linked to the attribute Category set during the Information content builder phase Category Information If Information contents have been created choose one several or all categories that should be displayed in the web part content area 6 4 PUBLISHING A WEB PART The web part publishing allows the administrator to display content in the web part tab To access the NETASQ Event Analyzer web part publication Click on the menu Web Part Configuration Copyright NETASQ 2010 63 86 5 5 USER GUIDE 6 WEB PARTS MANAGEMENT ET Click on the Publish button The follow
18. Web Part ta this zone by dropping t here Add a Web Part ta zone by dropping it here Highights Information Fl Display Sothomiona Add a Web Part te the zone by dropping t here In the WebParts catalog select the content type to display in the web part page From the drop down list Add to choose select the display area Click on the Add button The selected area will be updated according to the selected content type Highlights S Catalog Zone Das ddtehaghtione m Add s Web Pearn to this zone by dropping t here Add a Web Part to this zone by dropping it here Add Web Part to this zone by dropping it here Highlights F Information Display Botomiong Add a Web Part to this zone by dropping t here E Add as many other web parts as needed You can modify the display configuration of each web part do so please refer to the section 6 3 1 Configuring the web part design E In the Web Part Configuration menu click on the Finish button to finish creating the web parts 6 3 EDITING A WEB PART Editing a web part allows the administrator to modify the display of the web part page To access the NETASQ Event Analyzer web part edition u Click on the menu Web Part Configuration Copyright NETASQ 2010 60 86 5 5 USER GUIDE 6 WEB PARTS MANAGEMENT T Click on the Edit button The following screen will appear in the right panel
19. intranet domainname com or using a report To add a generated or a customized report the end user just has to copy and paste the report URL More information on copying the report URL will be available in the section 4 1 8 Working with reports O IMPORTANT In the URL copied to the clipboard the server name is localhost For a URL to work from a remote computer connected to the Web Portal Server you need to replace localhost with the Server s IP Address or Server Name followed by the port number if its value is anything other than 80 Copyright NETASQ 2010 15 86 5 USER GUIDE 3 WEB PORTAL CONFIGURATION 3 2 2 Modifying a home page To modify a home page Click on the menu Web Server Configuration Home page section Web Server Configuration Your Server Administrator Credentials User ADMIN Groups ADMIN IP 10 201 Theme NETASO v Language B F CZ HUH H Display banner Add a Home Page Title URL General Intranet mycompany com General report Logout Select the icon to modify The home page management section will updated Title General information Title Gen eral report URL http server name dvweb Display aspx _ mazNETASQ Reports amp mi 40 amp rpzFirewa 2fFirewall Daily 100704 pdf ra Modify the Title and or URL fields according to the changes to be made Click on the icon e to save changes o
20. 1 2 Purge contents The URL will help the administrator to provide access to a report from the contents of the web part tab To set the URL the administrator has to copy the report URL in the clipboard and paste it in the appropriate field O NOTE For more information on copying URLs in the clipboard please refer to the section 4 1 3 Working with reports Copyright NETASQ 2010 67 86 NETASQ USER GUIDE 7 CONTENT BUILDER 7 1 2 Purge contents An administrator can purge obsolete content which 15 older than a specified number of days To access the Purge Contents feature 2 Go to the Content Builder menu and click on the kind of information to purge Information Feed Or Highlights Feed The screen for managing the content will appear in the right panel Add an Information feed to publish Purge existing Information feeds Date Category Title Text Icon URL Groups Users amp 7 6 2010 6 12 00 Infromation Last Report This is the last generated fir 7 6 2010 6 09 00 Information General Highligth These are general highlights At the top of the right panel click on the link Purge existing Information feeds O NOTE Depending on the kind of content to manage the name of the link may be different Purge existing Information feeds for Information feeds Purge existing Highlights feeds for Highlight feeds Purge existing RSS feeds for RSS feeds The following screen will appe
21. ADMINISTRATION 1 5 3 Modifying the size of the menu panel lt is easy to widen or narrow the left menu panel according to your preference Increase the size of the right panel to display a report or a cube Increase the size of the left panel to view a URL or a report name 2 To modify the size of the menu panel you need to be logged in NETASQY Q EVENT ANALYZER we secure Web Server Configuration NETASQ Reports 22 NETASQ Detailed Analysis 8 NETASQ Utilities Scheduled Tasks amp Tasks Web Part Configuration Content Builder Web Server Administration From anywhere in the web portal move the separator according to your preference To make the left panel Menu narrower click on the separator and drag it to the left To make the left panel Menu wider select the separator and drag it to the right To hide the left panel Menu double click on the separator To show the left panel Menu double click on the separator Copyright NETASQ 2010 10 86 5 h USER GUIDE 2 WEB PORTAL LOGIN 2 WEB PORTAL LOGIN 2 1 USER PROFILES Logging into the web portal allows end users to access the features NETASQ Event Analyzer offers according to their profiles NETASQ Event Analyzer provides 4 different user names Admin is intended for managing the web portal and the solution Analyzer is intended for performing forensic analyses on the stored logs O Viewer allows viewing the generat
22. ER Uerum 8 NETASQ Reports 8 rz NETASQ Detailed Analysis amp f NETASQ Utilities E amp l l ijin i l si c Recherche M Planifications amp Taches s Configuration des Web Parts a 4 Edition des Flux 7 d Options 48 Content Filtering x URL E Dashboar Administration Serveur Web Report printed on Tuesday May 25 2010 at 01 02 3 2 1 Adding a new home page To access the creation of a new home page Click on the menu Web Server Configuration Add a home page Copyright NETASQ 2010 14 86 5 5 USER GUIDE 3 WEB PORTAL CONFIGURATION The web Server Configuration wil be modified as displayed below Web Server Configuration Your Server Administrator Credentials User ADMIN Groups ADMIN DIP Theme NETASQ iv Language EME Z v Display banner Add a Home Page Title URL General intranet m company com 1 i information General report http server name dvweb Displ E Logout Then follow the steps below to create a home page Set the title field of the home page This is the name that will be displayed in the home page tab control ra Set the URL field with the web page to display as the home page ES Click on the button Add to add the home page or click on the button Finish to finish creating the home page O NOTE You can add a home page using an existing web site e g
23. Jahr hasta 1 fins 1 any fino a 1 anno Bis Nachstes hasta el ano 2 el proper fino a anno Jahr pr ximo prossimo till 1 r till n sta ret jusqu l an prochain usque dans x until x years EN hasta x a os fins x anys fino a x anni till x ar Copyright NETASQ 2010 86 86
24. NETASQ distributor Products concerned U30 U70 U120 U250 U450 U1100 U1500 and U6000 NG1000 NG5000 VS5 VS10 V50 V100 V200 V500 VU Copyright NETASQ 2010 2 86 5 h USER GUIDE CONTENTS CONTENTS CONTENTS 3 FOREWORD 6 INTRODUCTION T 1 1 WHO SHOULD READ THIS 7 1 2 TYPOGRAPHICAL CONVENTIONS 7 1 2 1 ABBREVIATIONS 7 1 2 2 DISPLAY 7 1 2 3 INDICATIONS 7 1 2 4 MESSAGES 8 1 2 5 EXAMPLES 8 1 2 6 COMMAND LINES 8 1 2 7 REMINDERS 8 1 2 8 ACCESS TO FEATURES 8 1 3 GETTING HELP 9 1 4 TECHNICAL ASSISTANCE CENTER 9 1 5 GETTING FAMILIAR WITH THE WEB PORTAL 9 1 5 1 CONNECTION 9 1 5 2 GENERAL OVERVIEW 9 1 5 3 MODIFYING THE SIZE OF THE MENU PANEL 10 2 WEB PORTAL LOGIN 11 2 1 USER PROFILES 11 2 2 WEB PORTAL ACCESS 11 3 WEB PORTAL CONFIGURATION 13 3 1 DESCRIPTION 13 3 2 MANAGING THE HOME PAGE 14 3 2 1 ADDING A NEW HOME PAGE 14 3 2 2 MODIFYING A HOME PAGE 16 3 2 3 REMOVING A HOME PAGE 17 3 2 4 LOGGING OUT OF THE WEB PORTAL 17 4 RUNNING MENU ITEMS 19 4 1 DESCRIPTION 19 4 1 1 WORKING WITH REPORT PARAMETERS 20 4 1 2 WORKING WITH THE DATE 20 4 1 3 WORKING WITH REPORTS 21 4 1 4 RUNNING CUSTOMIZED REPORTS 23 4 1 5 EXPORT CUSTOMIZED REPORTS AND CUBE AS A FILE 23 4 1 6 SAVE TASK FOR CUSTOMIZED REPORTS AND CUBES 23 4 2 GENERATED REPORTS 26 4 3 CUSTOMIZED REPORTS 28 4 4 LOG ANALYSIS AND CUBES 31 4 4 1 SELECT THE LOG TYPE 32 Copyright NETASQ 2010 3 86 5 h USER GUIDE CONTENTS 4 4 2 SELECT THE LOG RECORDS 34 4 4
25. be based on Monthly monthly data It means you will get information on an daily basis Firewall Contains reports relating to accepted and blocked services Intrusion Prevention Contains reports on the raised alarms of the intrusion prevention System i System Contains report books on n general threats antivirus antispam o on CO IT Ten HTTP SMTP POP3 or FTP and on URL filters for web browsing M M M M M M M M M M Proxy _ Contains reports relating to web browsing a and web user activities Copyright NETASQ 2010 29 86 NET SO USER GUIDE 4 RUNNING MENU ITEMS Click on the type of information you want to work with according to the screen that allows you to select the report NETASQ Event Analyzer Web Portal Menus Microsoft Internet Explorer fourni par Netasq Nj Li Search oc yv n http 10 2 4 8 dvweb Menu aspx Fichier Edition Affichage Favoris Outils w d e NETASQ Event Analyzer Web Portal Menus NET SQY we secure IT NETASQ Q EVENT ANALYZER fp v EJ dm O Outils Web Server Configuration Firewall Statistics Daily Size Modification Creation E Rep
26. e mail To O NOTE The recipients of the list should be separated by a semi colon Subject Sets the subject of the e mail that will be sent Text Sets the text of the e mail that will be sent Do not modify this parameter as it is related to the report you have _ just customized Attachment lies L Copyright NETASQ 2010 O NOTE The Attachment field can use the Destination function to return the file name with the full path Another function called FileName can sometimes be used to only return the file name without the path 45 86 NETASO USER GUIDE 5 TASK SCHEDULING For Highlight alerts the screen is as follows Alert Send an Alert Alert Type Highlight Severity Icon I URL Hyperlink0 Tile Text User mM Group e Field Description Enter 0 1 or 2 corresponding to the default standard icons i o will display an Information icon u AN 1 will display a Warning icon 2 will display an Error icon ee 1 MEM Enter the path and the file name for the icon you want to appear in front of your highlight if you do not wish to use the default icons above Icon O NOTE The path should refer to the server machine for example dvweb App_Themes NETASQ Images ico_pdf gif The function Hyperlink will automatically generate the URL URL corresponding to the report file created so that the end user can open this report via the Highlight frame
27. irewall s Daily Rep 0 1 19 2010 12 24 49 PM 9 6 2004 7 07 03 PM NETASO Reports 8 Report Book for the Firewall s Daily Reports 01 to 15 8 Generated Reports 2 01 Firewall Dashboard 0 3 22 2010 5 56 14 9 2 2004 10 43 08 AM amp 3 Customized Reports E o Events by Hour 0 3 22 2010 5 56 35 PM 9 2 2004 10 43 08 AM JM Firewall Statistics Daily Number of Hits by Action and Type 0 2 9 2010 6 22 50 9 2 2004 10 43 08 AM Firewall Statistics Monthly ER a ws Boa Top N Accepted Services by Top N Source and Destination 0 2 9 2010 6 23 07 PM 9 2 2004 10 43 08 AM Ml intrusion Prevention System Statistics Daily Jl Intrusion Prevention System Statistics Monthly dios Top N Blocked Services by Top N Source and Destination Q 2 9 2010 6 23 27 PM 9 2 2004 10 43 08 AM Content Filtering Statistics Daily 06 Events by Rule or Message Number O 4 13 2010 3 06 21 9 2 2004 10 43 08 AM Content Filtering Statistics Monthly 4 07 Top Accepted Users 0 4 12 2010 11 49 47 AM 9 2 2004 10 43 08 AM Bb Mobility Statistics Daily dil os Top N Accepted Visitors 0 4 12 2010 11 49 49 AM 9 2 2004 10 43 08 AM IM Mobility Statistics Monthly NE ea mo Top N Blocked Users 0 4 12 2010 11 49 51 AM 9 2 2004 10 43 08 AM JU Vulnerability Statistics Daily n Vulnerability Statistics Monthly a 10 Top N Blocked Visitors 0 4 12 2010 11 49 53 9 2 2004 10 43 08 AM Proxy Statistics Daily 11 To
28. o aquest any a o actual any actual 0 anni fa 0 ar sedan quest anno detta aret years ago lya0ans Vor 0 Jahr this year cette ann e Dieses Jahr fa 1 any any passat any anterior x years ago il y a x ans Vor x Jahren hace fax anys x anni fa x ar sedan 0 anos 0 anys este ano aquest any ano actual any actual 1 anno fa 1 ar sedan anno scorso f rra ret 1 year ago ilyadan Vor 1 Jahr hace 1 a o last year an dernier Letztes Jahr ano pasado in 0 anni om 0 r quest anno detta aret in O years dans 0 ans In 0 Jahren this year cette ann e Dieses Jahr en 1 any in 1 anno proper any anno any seguent prossimo in x years dans x ans In x Jahren en x en x anys in x anni om x ars since 0 years depuis 0 ans Seit 0 Jahren desde 0 a os des de 0 da 0 anni sedan 0 r since this depuis cette desde este anys des da quest sedan detta Seit Dieses Jahr I year ann e ano d aquest any anno aret om 1 r nasta aret in 1 year dans 1 an In 1 Jahr 1 a o next year an prochain Nachstes Jahr ano proximo since 1 year depuis 1 an Seit 1 Jahr desde 1 afio da 1 anno sedan 1 r since last depuis l an Seit Letztes desde el a o des de l any da anno sedan f rra year dernier Jahr pasado passat SCOISO aret jusque dans 1 des d 1 any until 1 year until next year Bis 1
29. specified in 1 10 The number of years from now up to the end of the last day of the year specified in the future at YYYY1231 23 59 59 the past at YYYY0101 00 00 00 up to now 9 2 STANDARD DAYS AND MONTHS FUNCTIONS BY LANGUAGE In the following table the first column is the same for Invariant or English other available languages can be used according to your PC s regional language settings Copyright NETASQ 2010 80 86 5 USER GUIDE 9 WORKING WITH DATE KEYWORDS Days DAY FROM LAST WEEK last s Day 95 semaine 955 letzter 9 5 semana 95 setmana 95 settimana 995 f rra name derni re wochse pasada passada scorsa vecka DAY NEXT WEEK Day s kommender S semana de 96s s settimana 95 n sta next 905 S en huit ae woche proxima vult prossima vecka NEXT COMING DAY Day coming s Name s prochain nachster 955 pr ximo s proper s 955 prossimo n sta s LAST MOST RECENT DAY most recent Day 905 s dernier letzter s S pasado S passat 905 scorso 9055 SINCE A DAY Day UNTIL A DAY Day Mois Months Monaten Meses Mesos Mesi Manader NEXT MONTH IN NEXT YEAR 95 ann e s kommendes 96s a o 95 proper S anno s n sta next s ae Name prochaine Jahr pr ximo any prossimo ret MONTH OF PREVIOUS YEAR A Month ann e 955 s anno 905 f rra last 905 oS letztes jahr derni re pasado passat sc
30. the tooltip to display when the Information title is selected the with the mouse Define the user who will be assigned to the information ser This parameter is optional and available for future use Define the group that will be assigned to the information Group This parameter is optional and available for future use Copyright NETASQ 2010 47 86 T SQY USER GUIDE 5 TASK SCHEDULING For RSS feed alerts the screen is as follows Send an Alert ESSERE lt Title Description Alert Link Hyperlink Category a I User Group l E Field Description Title Enter the title to display in the RSS feed title area Description Enter the description to display in the RSS feed description area The function Hyperlink will automatically generate the URL Link corresponding to the report file created so that the end user can open this report via the Highlight frame defined in the Web Parts Define the category to use for information classification purposes Category This parameter is optional User This parameter is not relevant to RSS feeds Group This parameter is not relevant to RSS feeds 5 2 2 Creating a SQL task Creating a SQL task allows an administrator to schedule it to send SQL commands to the NETASQ Event Analyzer database RECOMMENDATION The use of SQL tasks intends to directly manipulate data inside the database so it is reserved for expert
31. tool 1 5 2 General overview The NETASQ Event Analyzer web portal provides some menus to access specific features directly Once login is successful the web portal menu will be displayed on the right side of the page Copyright NETASQ 2010 9 86 NETASQ USER GUIDE INTRODUCTION Web Server Configuration Menus El 22 NETASQ Reports dr E NETASO Detailed Analysis E NETASQ Utilities Scheduled Tasks amp Tasks Web Part Configuration Content Builder Web Server Administration The table below shows the association between the interface menu items and their contents Web server configuration 3 WEB PORTAL CON FIGURATION Menus 4 RUNNING MENU ITEMS Scheduled ta tasks amp Tasks 15 TASK SCHEDULING pos Config i r T E S T A A _7 CONTENT BUILDER Content Builder Web Server Administration 8 WEB SERVER
32. 0 66 86 5 USER GUIDE 7 CONTENT BUILDER 7 CONTENT BUILDER 7 1 DESCRIPTION The Content Builder feature in the NETASQ Event Analyzer web portal allows the administrator to manage the contents to display either in the Web part component or in the NETASQ Event Analyzer RSS feed Web Server Configuration Menus Scheduled Tasks amp Tasks Web Part Configuration E 5 Content Builder RSS Feed Highlight Feed i Information Feed Web Server Administration By using the Content Builder feature in the NETASQ Event Analyzer web portal an administrator will be able to Create Information or Highlight contents for web part display purposes Create RSS content that will be carried in the NETASQ Event Analyzer RSS feed Edit the created contents Delete created contents Purge the information displayed in the web part Purge the information of the RSS feed G Some contents may be automatically generated a scheduled task The administrator can consult the Content Builder to check if the expected record has been added successfully 7 1 1 Working with the parameters When creating or editing content an administrator will have to set a date and a URL The Date field s contents can be used by the Purge command later O NOTE For more information about the date please refer to the section 4 1 2 Working with the date For more information about the purge command please refer to the section 7
33. 3 ANALYZING LOGS 35 4 4 4 MANAGING THE PRESENTATION AND THE CHART VIEW 37 4 4 5 MANAGING LOCAL CUBE STORAGE 38 4 5 WORKING WITH THE DATABASE UTILITIES 39 5 TASK SCHEDULING 43 5 1 DESCRIPTION 43 5 2 MANAGING THE TASKS 44 5 2 1 CREATING A REPORT GENERATION TASK 44 5 2 2 CREATING A SQL TASK 48 5 2 3 CREATING A GENERIC TASK 50 5 2 4 EDITING A TASK 51 5 25 DELETING A TASK 52 5 3 MANAGING TASK SCHEDULE 53 5 3 1 CREATING A TASK SCHEDULE 54 5 3 2 EDITING A TASK SCHEDULE 55 5 3 3 DELETING A TASK SCHEDULE 56 5 3 4 MANAGING THE TASK SCHEDULE FREQUENCY 57 6 WEB PARTS MANAGEMENT 59 6 1 DESCRIPTION 59 6 1 1 WEB PARTS PUBLICATION 59 6 2 CREATING A WEB PART 59 6 3 EDITING A WEB PART 60 6 3 4 CONFIGURING THE WEB PART DESIGN 61 6 4 PUBLISHING A WEB PART 63 6 5 DELETING A WEB PART 65 7 CONTENT BUILDER 67 7 1 DESCRIPTION 67 7 1 1 WORKING WITH THE PARAMETERS 67 7 1 2 PURGE CONTENTS 68 7 2 WORKING WITH THE INFORMATION FEED 69 7 2 1 CREATING AN INFORMATION FEED 69 7 2 2 EDITING AN INFORMATION FEED 70 7 2 3 DELETING AN INFORMATION FEED 71 7 3 WORKING WITH THE HIGHLIGHT FEED TABLE T1 7 3 1 CREATING A HIGHLIGHT FEED 71 7 3 2 EDITING A HIGHLIGHT FEED 73 7 3 3 DELETING AN INFORMATION FEED 73 7 4 WORKING WITH THE RSS FEED TABLE 74 7 4 1 SUBSCRIBING TO THE RSS FEED 74 7 4 2 CREATING AN RSS FEED RECORD 75 7 4 3 EDITING AN RSS FEED 76 7 4 4 DELETING AN RSS FEED 77 8 WEB SERVER ADMINISTRATION 78 9 WORKING WITH DATE KEYWORDS 19 9 1 INVARIANT PREDEFINED FUN
34. 59 2 or Q2 Uses the date interval for the Second Quarter of the current year from q YYYY0401 00 00 00 to YYYY0630 23 59 59 3 or Q3 Uses the date interval for the Third Quarter of the current year from q YYYY0701 00 00 00 to YYYY0930 23 59 59 4 or Q4 Uses the date interval for the Fourth Quarter of the current year from q YYYY1001 00 00 00 to YYYY1231 23 59 59 The number of quarters from the first day of the quarter specified in the x quarters ago 1 4 past from YYYYMMO 1 00 00 00 to the last day of the same quarter at YYYYMMS31 23 59 59 The number of quarters to the first day of the quarter specified in the future in x quarters 1 4 from YYYYMMO1 00 00 00 to the last day of the same quarter at YYYYMM31 23 59 59 Uses the date interval for the specified Quarter of the specified year from 1 4 YYYYO101 00 00 00 to YYYY0331 23 59 59 Note that the year can be 2013 between 2004 and 2013 in the current NETASQ Event Analyzer version 10 0 0 but will support any year in a future version qx 2004 lt gt qx YEARS O NOTE in INVARIANT mode years are always expressed in plural even if the value is x 0 or x 1 0 10 The number of years from the first day of the year specified in the past at 9 YYYYO101 00 00 00 to YYYY1231 23 59 59 Mense uere The number of days to the first day of the year specified in the future at y YYYYO101 00 00 00 to YYYY1231 23 59 59 The number of years beginning from the first day of the year
35. CTIONS 79 9 2 STANDARD DAYS AND MONTHS FUNCTIONS BY LANGUAGE 80 9 3 OTHER HOUR FUNCTIONS BY LANGUAGE 82 Copyright NETASQ 2010 4 86 NET SQ USER GUIDE CONTENTS 9 4 OTHER DAY FUNCTIONS BY LANGUAGE 82 9 5 OTHER WEEK FUNCTIONS BY LANGUAGE 83 9 6 OTHER MONTH FUNCTIONS BY LANGUAGE 84 9 7 OTHER QUARTER FUNCTIONS BY LANGUAGE 85 9 8 OTHER YEAR FUNCTIONS BY LANGUAGE 86 Copyright NETASQ 2010 5 86 5 USER GUIDE FOREWORD FOREWORD Copyright Copyright NETASQ 2010 All rights reserved Under copyright law any form of reproduction whatsoever of this user manual without NETASQ s prior written approval is prohibited NETASQ rejects all liability arising from the use of the information contained in these works Liability This manual has undergone several revisions to ensure that the information in it is as accurate as possible The descriptions and procedures herein are correct where NETASQ firewalls are concerned NETASQ rejects all liability directly or indirectly caused by errors or omissions in the manual as well as for inconsistencies between the product and the manual Notice WEEE Directive All NETASQ products that are subject to the WEEE directive will be marked with the mandated crossed out wheeled bin symbol as shown above for items shipped on or after August 13 2005 This symbol means that the product meets the requirements laid down by the WEEE directive with regards to the destruction and reuse of waste electr
36. VARIANT mode weeks are always expressed in plural even if the value is x 0 or x 1 MONTHS The number of weeks beginning from the week specified in the past from YYYYMMDD 00 00 00 to YYYYMMDD 23 59 59 The number of weeks to the week specified in the future from YYYYMMDD 00 00 00 to YYYYMMDD 23 59 59 The number of weeks beginning from the first day of the week specified in the past at 00 00 00 up to now The number of weeks from now to the end of the last day of the week specified in the future at 23 59 59 O NOTE in INVARIANT mode months are always expressed in plural even if the value is x 0 or x 1 Copyright NETASQ 2010 The number of months from the first day of the month specified in the past 79 86 5 5 USER GUIDE 9 WORKING WITH DATE KEYWORDS from YYYYMMO1 00 00 00 to YYYYMM31 23 59 59 The number of months to the first day of the month specified in the future from YYYYMMO1 00 00 00 to YYYYMM31 23 59 59 ee ee 0 12 The number of months beginning from the first day of the month specified in the past at 00 00 00 up to now The number of months from now up to the end of the last day of the month in x months 0 12 until x months specified in the future at 23 59 59 QUARTER O NOTE in INVARIANT mode quarters are always expressed in plural even if the value is x 0 or x 1 1 or Q1 Uses the date interval for the First Quarter of the current year from q YYYY0101 00 00 00 to YYYY0331 23 59
37. You will be redirected to the NETASQ Event Analyzer web portal connection page Copyright NETASQ 2010 18 86 5 5 USER GUIDE 4 RUNNING MENU ITEMS 4 RUNNING MENU ITEMS 4 1 DESCRIPTION The menu items in the NETASQ Event Analyzer web portal allow end users to access the reports NETASQ Event Analyzer may generate To run the menu items 2 important things should be taken into account The navigation inside the menu left part of the web portal The use of the reports or their configuration located in the central zone of the web portal To access the menu items of NETASQ Event Analyzer web portal Click on the menu Menus Web Server Configuration Ej NETASQ Reports at pal Generated Reports kA Customized Reports 3 50 Detailed Analysis pal Cubes E NETASO Utilities Database Status Scheduled Tasks amp Tasks Web Part Configuration Content Builder Web Server Administration O NOTE The list of available menus depends on the user name used to login The table below provides an overall description of the menu entries End users will use it to access the reports NETASQ Event Analyzer generated Database status Administrators will use it to check the database process status Copyright NETASQ 2010 19 86 NETASQ USER GUIDE 4 RUNNING MENU ITEMS 4 1 1 Working with report parameters When browsing inside the menu items of the NETASQ Event Analyzer web portal many screens require c
38. administrators Copyright NETASQ 2010 48 86 5 USER GUIDE 5 TASK SCHEDULING To access the creation of a SQL task Click on the menu Scheduled Tasks Tasks Tasks Mew Scheduled Task SQUE New SOL Task l New Generic Task SQUE i the right panel click on the icon New SQL Task The following screen will appear in the right panel Task Name Purge Infos Table Data Source NetReport User ID FA Password pa SQL EXEC datasetreport demo purge_alert demoa infos date 10 Save Cancel Warning the password is empty please enter it each time you edit the task Field Description Defines name for the task This name will be used to identify the _ task for scheduling purposes Task Name Sets the data source configured in the NETASQ Event Analyzer Configurator User ID Sets the login used to access the database Data Source Sets the password associated with the login used to access the database Password The password has to be set each time the task is e
39. ana since last i de la setmana vecka semaine semana passada derni re pasada since x depuis x Seit x desde x des de x FM X daxsetimane x settimane weeks semaines Wochen semanas setmanes daxsetimane Sako jusque dans 1 Bis 1 hasta 1 fino a 1 until 1 week I fins 1 setmana U till 1 vecka semaine Woche semana settimana until x jusque dans x Bis x hasta x fino a x 2 7 I fins x setmanes till x veckor weeks semaines Wochen semanas settimane dans 1 in 1 week semaine next week semaine prochaine 9 6 OTHER MONTH FUNCTIONS BY LANGUAGE Invariant MONTHS MOIS MONATEN MESES MESOS MESI MANADER mes pasado mes passat last month mois dernier Letzter Monat mes bine mese scorso f rra anterior mes anterior this month ce mois mois current en cours mois Dieser Monat month courant N chster mes pr ximo proper mes mese next month mois prochain mes n sta m nad Monat siguiente mes seguent prossimo 0 months ily a 0 mois Vor 0 fa 0 mesos 0 m nader ago this mois en cours Monaten aquest mes sedan denna month mois courant Dieser Monat mes actual manad este mes aquest mes mes actual mes actual 4450 mese denna m nad mesi fa questo mese fa 1 mes 1 manad 1 mese fa mes passat sedan forra mese scorso mes anterior manad Vor x hace x manader x months ago 2 12 il y a x mois fa x mesos x mesi fa Monaten meses sedan
40. and Destination Select the Date if Other selected F Firewall Ignore for all Source Ignore for all F Destination Ignore for all Top N Services by Source and Destination Ignore for alis 70 0 0 2 Jia F Source Area for reports 05 and 061 Ignore for all Top N Source and Destination F Destination Area for reports 05 and 06 Ignore for all Output Format PDF hal cal The list of parameters that may configured depends on the selected report Copyright NETASQ 2010 30 86 NETASQ b USER GUIDE 4 RUNNING MENU ITEMS Set the values of the parameters to customize E Finish the customization according to your objective run the report export the report to a file or save the report as a task 4 4 LOG ANALYSIS AND CUBES The log analysis on the NETASQ Event Analyzer helps the end user achieve two main goals O To examine log information for the purpose of thorough analysis To build specific charts in order to follow dedicated events o WARNING The NETASQ Event Analyzer Cube requires the use of Internet Explorer the component Microsoft Office 2003 Web Components 11 version 12 and the related ActiveX component If these software components are not installed on the end user s computer he will be prompted to install them A cube may be viewed as a container that embeds the data to be analyzed The principle of using log analysis consists of Defining the ty
41. ar since 0 days since today since 1 day since yesterday depuis 1 jour depuis hier depuis O jours depuis ce jour depuis aujourd hui Seit 0 Tagen Seit Heute desde 0 d as desde hoy desde 1 d a des de 0 dies des d avui sedan 0 dagar sedan idag da 0 giorni da oggi des d 1 dia Seit 1 Tag Seit Gestern desde ayer des d ahir da 1 giorno da ieri sedan 1 dag sedan igar last x days 2 7 depuis x jours Seit x Tagen desde x dias des de x da x giorni sedan x dies dagar until 1 day until tomorrow jusque dans 1 jour jusqu demain hasta 1 d a hasta manana Bis 1 Tag Bis Morgen fins 1 dia fins dem fino a 1 giorno fino a domani till 1 dag till imorgon 9 5 OTHER WEEK FUNCTIONS BY LANGUAGE Invariant and English French WEEKS next week weeks ago this week SEMAINES semaine derni re cette semaine semaine prochaine lyao0 semaines cette semaine 1 derni re 1 week ago last week lyax Vor x hace x x veckor x weeks ago 2 7 fa setmanes x settimane fa semaines Wochen semanas sedan ino en semanss enssimares omo _ Copyright NETASQ 2010 German Spanish WOCHEN Letzte Woche Diese Woche Nachste Woche Vor 0 Wochen Diese Woche SEMANAS semana pasada semana anterior e
42. ar and 2 digits for the month YYMMDD The suffix is the current day of the report generation date coded with 2 digits for the year 2 digits for the month and 2 digits for the day YYMMDD 1 The suffix is the previous day of the report generation date coded with _ 2 digits for the year 2 digits for the month and 2 digits for the day The suffix is a number automatically incremented from 0000 up to RSS 9999 np While report generation normally uses aggregated data the reports are generally based either on yesterday s date or on the previous month If so we recommend the use of the YYMMDD 1 suffix for daily reports and the YYMM 1 suffix for monthly reports Copyright NETASQ 2010 25 86 NETASQ 5 USER GUIDE 4 RUNNING MENU ITEMS ka Enable the checkbox Send Alert if there are any alerts and set the parameters according to the table below A _ Set the valid e mail address es as destination This is the list of recipients that will receive the customized report by e mail The recipients of the list should be separated by a semi colon AAN Text Set the text of the e mail that will be sent Do not modify this parameter as it is related to the report you have _ just customized O NOTE The Attachment field can use the Destination function to return the file name with the full path Another function called FileName can sometimes be used to only return the file name without the path
43. ar in the right panel Number of days to keep 14 Purge Enter the Number of days to keep Click the Purge button The right panel will display a message indicating the status of the command Number of days to keep The Information items have been purged successfully Click on the Finish button Copyright NETASQ 2010 68 86 5 USER GUIDE 7 CONTENT BUILDER 7 2 WORKING WITH THE INFORMATION FEED To manage the information feed From the menu Content Builder Information Feed The information feeds appear in the right panel Add an Information feed to publish Purge existing Information feeds Date Category Title Text Icon URL 14 7 6 2010 6 12 00 PM Infromation Last Report This is the last generated fir 7 6 2010 6 09 00 Information General Highligth These are general highlights eventanalyzer intranet mycompa 7 2 1 Creating an information feed From the menu Content Builder Information Feed follow the steps below Groups Users T Click the link Add an Information feed to publish at the top of the information feed screen in the right panel The following screen will appear in the right panel Date 17 6 2010 6 41 11 PM Category Title Text Icon URL x Everybody ra Set the parameters for the new information feed as appropriate Click on the Add button The right panel will display a message indicating the s
44. asks amp Tasks Scheduled Tasks hu Inthe Scheduled Tasks amp TasksN Scheduled Tasks menu select the scheduled tasks to edit Web Server Configuration dh Menus Scheduled Tasks amp Tasks su 3 Scheduled Tasks Mew Scheduled Task NETASQ Event Analyzer Scheduled Dashboards sQue 2 Purge Alerts Tables Mew SQL Task j Tasks Continue if first of the month NETASO Mobility Daily Dashboard N NETASQ Mobility Monthly Dashboard EERTE Task Y 5 Spams Content Filtering Daily Dashboard nare Content Filterinn Mnnthlu 22 In the right panel click on the icon Edit Scheduled Task Copyright NETASQ 2010 55 86 T SQY The following screen will appear in the right panel General Scheduled Task Mame 5 Event Analyzer Scheduled Dashboards Available tasks Tasks ta be run PurgeHighlightsTable a Purge Highlights Table NetReport onsolidation Aggregation and Purge Infos Table NetReport Firewall Daily Dashboard E Purge R55 Feed Table NetReport Proxy Daily Dashboard NetReport Intrusion im rention System Dai E Comments sca Active Scheduled Task Runs at Specified Time Frequency Repetition Repeat the Scheduled Task Interval E Duration 1 Heus l Minutes When running the task use the follawing user account SYSTEM E Update the task scheduling parameters Click on the Finish butt
45. button El Copyright NETASQ 2010 35 86 5 5 USER GUIDE 4 RUNNING MENU ITEMS The log attribute management screen will appear by Cube on Daily ER Totaux Bytes Elapsed Time Hits E Action hierarchy z Country Destination Country Source H E DATE YYYY MM DD Destination hierarchy Firewall e 3 Rule EE Service ee are eau Add as many attributes as required according to the necessary log analyses Just select one attribute or a group and drag and drop it to the right area This action may also be done by using the appropriate value in the drop down list The cross table used for analyzing the logs is divided into 4 areas as described below Firewall Cube on Daily Information limited to 100 000 records ES Analyze logs using the following features Change the filter value Collapse line to group or ungroup values Collapse column to group or ungroup values Copyright NETASQ 2010 36 86 5 USER GUIDE 4 RUNNING MENU ITEMS The screen below shows how the end user can arrange a cube to analyze logs ga 24 SL Ar gt J 2 Firewall Cube Detailed Information limited to 100 000 records DATE DD HH DD HH Source Net Area Destination Net Area El External El Internal 172 Total g n ral tal a Parameters Re
46. defined in the Web Parts Title Enter the title to display in the Highlight frame Tos Define the tool tip to display when the Highlight title is selected with the mouse Define the user who will be assigned to the highlight ser This parameter is optional and available for future use Define the group that will be assigned to the highlight Group This parameter is optional and available for future use Copyright NETASQ 2010 46 86 5 USER GUIDE 5 TASK SCHEDULING For Information alerts the screen is as follows Alert Send an Alert Alert Type Information Severity Icon URL Hyperlink Title Text EE User MEM Group Field Description Define the category to use for information classification purposes Category gt This parameter is optional Enter the path and the file name for the icon you want to appear in front of your highlight if you do not wish to use the default icons above Icon O NOTE The path should refer to the server machine for example dvweb App_Themes NETASQ Images ico_paf gif If no icon is defined here the default D Information icon will be used The function Hyperlink will automatically generate the URL URL corresponding to the report file created so that the end user can open _ this report via the Highlight frame defined in the Web Parts Title Enter the title to display in the Information frame Text Define
47. der to track differences between data with the same presentation we recommend keeping the old data file s and using a new filename for the current saving process 7 The file extension for the cube data is cub From the local end user s directory where files have been saved change the filename of the previous data Example If the filename used to save the presentation and the data is mycube hta the log record data will be stored in the file mycube cub Save this filename with another name e g mycube old cub a From the local end user s directory where files have been saved change the name of the last saved data file Example In our example change the last saved data file e g mynewcube cub with the filename used during the presentation and data saving process mycube cub Launch the local Cube application by double clicking on the file mycube hta 4 5 WORKING WITH THE DATABASE UTILITIES Using the NETASQ Event Analyzer reports helps the administrator to check the status of database processes like insertion or aggregation Copyright NETASQ 2010 39 86 5 b USER GUIDE 4 RUNNING MENU ITEMS To access the menu item Customized Reports the NETASQ Event Analyzer web portal Click on the item MenusNNETASQ Utilities Database Status Web Server Configuration E E NETASO Reports NETASO Detailed Analysis E METASQ Utilities El Data base Status Ju Content Filtering Util
48. dited This is the SQL statement that will be run by the database engine For example the SQL statement used to purge the infos table in SQL the NETASQ Event Analyzer is datasetreport NETASQ purge alert NETASO ntos Idatel 40 Copyright NETASQ 2010 49 86 5 USER GUIDE 5 TASK SCHEDULING Click the Save button The task will be available the task node for scheduling management purposes 5 2 3 Creating a generic task Creating a generic task allows an administrator to schedule it to execute some specific commands RECOMMENDATION The use of generic tasks requires specific knowledge of NETASQ Event Analyzer so it is reserved for expert administrators To access the creation of a generic task 4 Click on the menu Scheduled Tasks amp Tasks Tasks Mew Scheduled Task sque New SOL Task E i l New Generic Task w inthe right panel click on the icon New Generic Task The following screen will appear in the right panel Task Name ExportToExcel Run Command CAWINDOWSN system32 cscript exe CANETASQ Event Analyzer scripts export_excel vbs Cancel Set the parameters according to the explanations provided in the table below
49. e log analysis the screen that will appear is quite similar to the screenshot below Correlation Cube Size Modification Creation f Correlation Cube on Daily Information limited to 100 000 records 3 5 2010 4 47 57 7 19 2006 12 17 01 PM En Correlation Cube on Detailed Information limited to 100 000 records 12 11 2008 10 24 38 AM 7 18 2006 6 42 08 f Correlation Cube on Monthly Information limited to 100 000 records O 1 22 2010 1 53 18 1 19 2006 2 31 56 PM di Forensic Traceability Report O 3 22 2010 11 13 22 10 5 2005 12 04 11 PM Copyright NETASQ 2010 32 86 NETASQ 5 USER GUIDE 4 RUNNING MENU ITEMS Cube type Description Use this cube type to analyze data that have been aggregated daily Daily information This means you won t be able to investigate logs that have just been received Use this cube type to analyze data that have been aggregated Monthly information monthly It means you won t be able to investigate either logs that _ have just been received or daily data Use this cube type to track events relating to specific fields IP source IP destination Forensic Traceability Report 8 This type of cube is only available by selecting Correlation Cube O NOTE The selection of the cube type for proxy events is a little different from the others The list of available cube types is as follows Proxy Cube on Daily Information by IP source Proxy Cube on Daily Information by us
50. e of analysis Copyright NETASQ 2010 28 86 5 5 USER GUIDE 4 RUNNING MENU ITEMS O prepare a report for automatic generation purposes through task scheduling Regardless of the end user s objective the usage is the same To access the item menu Customized Reports in the NETASQ Event Analyzer web portal 2 Click on the item Menus NETASQ Reports Customized Reports Web Server Configuration El NETASQ Reports gal Generated Reports E pal Customized Reports m Firewall Statistics Daily Firewall Statistics Monthly Bil Intrusion Prevention System Statistics Daily BU Intrusion Prevention System Statistics Monthly p Content Filtering Statistics Daily m Content Filtering Statistics Monthly pn Mobility Statistics Daily Ju Mobility Statistics Monthly Vulnerability Statistics Daily m Vulnerability Statistics Monthly n Proxy Statistics Daily m Proxy Statistics Monthly E NETASQ Detailed Analysis Cubes NETASQ Utilities Database Status scheduled Tasks amp Tasks Web Part Configuration Content Builder Web Server Administration Click the type of reports you want to customize according to the descriptions provided below Report type Description By selecting this type of report the displayed events will be based on a daily data It means you will get information on an hourly basis selecting this type of report the displayed events will
51. ed From your browser set the URL http servername dvweb dvrss ashx O NOTE server name can be the hostname the IP Address or the domain name of the server that runs the NETASQ Event Analyzer solution 0 NOTE From the NETASQ Event Analyzer toolbar you can click on the RSS feed icon i Tools RSS Feed Icon The DataSet Report RSS feed appears E Dataset Report RSs Windows Internet Explorer Ou DE E http Iacalhast dvweb dvrss ashx Y y X wy dw DataSet Report RSS 5n DataSet Report RSS You are viewing a feed that contains frequently updated content When you subscribe to a feed itis added ta the Common Feed List Updated Information fram the feed 15 automatically downloaded to your computer and can be viewed in Internet Explorer and other programs Learn more about feeds Subscribe to this feed Click on Subscribe to this feed if you want to add this RSS Feed to your Feed Headlines gadget The following screen will appear Copyright NETASQ 2010 74 86 NETASQ USER GUIDE 7 CONTENT BUILDER Internet Explorer Subscribe to this Feed When you subscribe to a feed tis automatically added to the Favorites Center and kept up to date M ame E ASS latas Create ir E Feeds Hew folder our computer will periadically check online for updates to subscribed feeds even when Internet Explorer 12 not running hat s a feed Set the
52. ed reports and customizing some reports AdminDB is used for checking the database process status i lune lx in Dm ead Y gt x gt EI dac Log forensic analysis meen M Database utilities wa OO Paa l x x Web part configuration w MEM Content builder Web server administration w e 2 2 WEB PORTAL ACCESS To connectto the NETASQ Event Analyzer Web Portal please follow the steps below Open your Internet browser and enter the following URL http server name dvweb 7 server name can be the hostname the IP Address or the domain name of the server that runs the NETASQ Event Analyzer solution Copyright NETASQ 2010 11 86 NET SQY The following screen will appear USER GUIDE 2 WEB PORTAL LOGIN 2 NETASQ Event Analyzer Web Portal Login Microsoft Internet Explorer fourni par Netasq G yv rn http 10 2 4 8 dvweb Login aspx Fichier Edition Affichage Favoris Outils 7 x uve sen xod NETASO Event Analyzer Web Portal Login m 5 gt Page 88 Outils Q EVENT ANALYZER we secure User Name Password Termin Internet Qio ra Set the fields User Name and Password LT Click on the button
53. er Proxy Cube on Detailed Information by IP source Proxy Cube on Detailed Information by user Proxy Cube on Monthly Information by IP source Proxy Cube on Monthly Information by user O ra Select the type of cube you want to work with Then you can continue by selecting the logs to analyze Copyright NETASQ 2010 33 86 5 USER GUIDE 4 RUNNING MENU ITEMS 4 4 2 Select the log records Once the cube type has been selected the end user has to select the log records he wants to analyze By clicking on the cube type the end user wants to work with the following screen will appear 2 NETASQ Event Analyzer Web Portal Menus Microsoft Internet Explorer fourni par Netasq PIE E http 10 2 4 8 dvweb Menu aspx y AT Fichier Edition Affichage Favoris Outils E C Y e neTASQ Event Analyzer Web Portal Menus m Y fh v Outils NETASOW Q EVENT ANALYZER we secure IT Web Server Configuration Result Both IPS Cube on Daily Information limited to 100 000 records Select the Period or Other for a Date TE ED a NETASQ Reports e CERE Y Generated Reports Start Date and Time Inclusive 6 2 2010 12 00 00 AM Customized Reports End Date and Time Inclusive 16 2 2010 11 59 59 PM iy amp NETASQ Detailed Analysis IPS dgnore for all
54. ertain parameters to be set e g Firewall Or source IP address The parameters allow end users to define the log selections they wish to work with Most of these parameters may be set using a drop down list associated with a check box By default the check box is disabled and the drop down list is set to IGNORE IP Source Ignore for all mal Click on the arrow icon The drop down list will be displayed Erigin Ignore for all Select the value to set o Click on the appropriate value to select it o Click on the first value and Shift Click on the last value to select contiguous values Perform several Ctrl Click on different values in the list to select non contiguous values Click on the button to cancel the selection or click on the button to confirm O NOTE By clicking on the cancel button es the end user will discard all changes made So regardless of the value that has been set for this drop down list IGNORE or specific values the values will be kept By clicking on the confirm button Y the drop down list will be closed the checkbox will be enabled and the list of values will be set in the field 4 1 2 Working with the date By default cubes customized reports or database status reports offer a default date e g yesterday to select the logs that should be part of the reports the end user wants to work with The end user can obviously select his own
55. essed later via the Web portal Menu if you refresh the content using the Refresh icon Web Server Configuration E NETASO Reports dp pal Generated Reports pal Customized Reports NETASQ Detailed Analysis k3 Cubes E FE NETASO Utilities La Database Status Scheduled Tasks amp Tasks Web Part Configuration Content Builder Web Server Administration You can ask the administrator to create another sub directory located in the installation area Once this is done you will be able to select this sub directory as a destination directory O NOTE Using the Suffix parameter will help the end user to identify customized reports generated through a periodic task The table below explains the different values available as suffixes to the file name of the generated report Suffix Description None No suffix will be added at the end of the report file name YY The suffix is the current year of the report coded with 2 digits The suffix is the previous year of report generation date coded YY 1 P with 2 digits YYMM The suffix is the current month of the report generation date coded _ with 2 digits for the year and 2 digits for the month x ui 1 The suffix is the previous month of the report generation date coded with 2 digits for the year and 2 digits for the month YYMM 1D The suffix is the previous day of the report generation date coded with 2 digits for the ye
56. he menu Web Server Configuration Willbe displayed Web Server Configuration Your Server Administrator Credentials User ADMIN Groups ADMIN 21 Theme NETASQ new Language mm m Till Z Display banner Logout User User name used to connect to the application Groups Groups to which the user belongs IP _IP Address of the NETASQ Event Analyzer server Theme Select the skin you want from the drop down list default a single theme is available in this version of NETASQ Event Analyzer Language Click on the country flag for the language in which you wish the menus to be displayed The following languages are available Spanish German English Catalan French and Italian Copyright NETASQ 2010 13 86 5 5 USER GUIDE 3 WEB PORTAL CONFIGURATION Display Banner Select or clear this check box to show or hide the header at the top of the page Add a Home Page Enables you to display a customized home page Logout Enables you to log out You will be disconnected from the server enabling another user to login 3 2 MANAGING THE HOME PAGE The Home Page option enables end users to display a customized home page For example you could display the results of a report in PDF format as a new home page in the right panel It is possible to add up to four home pages which appear as tabs in the right panel NETASQ Q EVENT ANALYZER Configuration Serveur Web Blocked Services
57. hly Dashboard 50 Spams Content Filtering Daily Das Comments x Active Scheduled Task Runs at specified Time Frequency Frequency Once v Start Date and Time 6 3 2010 3 50 41 TERT Repetition FI Repeat the Scheduled Task Interval E Minutes Duration Minutes When running the task use the following user account SYSTEM ka Define a name for the task schedule being created Copyright NETASQ 2010 54 86 USER GUIDE 5 TASK SCHEDULING 5 5 USER GUIDE 5 TASK SCHEDULING ES From the list Available tasks select the task that should be part of the schedule and click on the arrow to put it the list Tasks to be run Click on the appropriate value to select it o Click on the first value and Shift Click on the last value to select contiguous values Perform several Ctrl Click on different values in the list to select non contiguous values Manage the scheduling frequency 7 The parameters to set for defining the frequency depend on the selected type The frequency of schedule management is described further in this section e Define the parameters for the schedule repetition if any 5 3 2 Editing a task schedule Modifying a schedule allows an administrator to modify the scheduled tasks that should be automatically run To access the management of scheduled tasks on the NETASQ Event Analyzer web portal 2 Click on the menu Scheduled T
58. hour cette heure 1 timme sedan f rra timme hace 1 hora 1 hora 1 ora fa hora anterior hora anterior ultima ora 1 hour ago il y a 1 heure last hour derni re heure en 1 hora en 1 hora in 1 ora om 1 timme hora siguiente hora seg ent prossima ora n sta timme in 1 hour next hour since 1 hour depuis 1 heure Seit einer desde 1 hora since last depuis la Stunde Seit desde la hour derni re heure 1 Stunde hora anterior 9 4 OTHER DAY FUNCTIONS BY LANGUAGE Invariant and Range German Spanish Catalan Italian Swedish English for x ce jour tomorrow deman Morgen ma ana d domani imorgon il y a 0 jours O days ago m ss aujourd hui Vor 0 m hace 0 d as fa 0 dies 0 giorni fa Copyright NETASQ 2010 82 86 USER GUIDE 9 WORKING WITH DATE KEYWORDS 1dayago il y a 1 jour Vor 1 hace 1 d a fa 1 dia 1 giorno fa yesterday hier Gestern ayer ahir ieri 1 dag sedan ig r dans 0 jours aujourd hui ce jour in 0 days today en O d as hoy In 0 Tagen Heute en O dies avui in 1 day dans 1 jour In 1 Tag en 1 d a en 1 dia tomorrow demain Morgen manana dema in 0 giorni oggi om 0 dagar idag in 1 giorno domani om 1 dag imorgon in x days dans x jours Inx Tagen en x d as en x dies in x giorni om x dag
59. hts 7 6 2010 Copyright NETASQ 2010 72 86 5 USER GUIDE 7 CONTENT BUILDER 7 3 2 Editing a highlight feed From the menu Content Builder Highlight Feed follow the steps below T Click on the Edit icon amp to the left of the highlight feed to edit The following screen will appear in the right panel Date Date n E 7 6 2010 6 18 00 1 severity Warning v Title Vulnerability report Text This ts the last vulnerability report Icon URL http server name dvweb D isplay aspx mazMETASQ Reports amp miz40 amp rp Firewall 2fvulnerability Daily 100704 pdf Everybody Modify the fields as necessary Click on the amp OK icon to confirm your modifications 7 3 3 Deleting an information feed From the menu Content Builder Highlight Feed follow the steps below ET Click on the Remove icon to the left of the highlight feed to delete The following screen will appear in the right panel ra Click on OK to continue Copyright NETASQ 2010 73 86 5 USER GUIDE 7 CONTENT BUILDER 7 4 WORKING WITH THE RSS FEED TABLE The RSS feed feature in NETASQ Event Analyzer allows the end user to be aware of the content publication The use of NETASQ Event Analyzer RSS feed requires user subscription to RSS feed Content generation through RSS 7 41 Subscribing to the RSS feed To subscribe to the NETASQ Event Analyzer RSS fe
60. ical and electronic equipment w For further details please refer to NETASQ s website at this address http www netasq com recycling html Copyright NETASQ 2010 6 86 5 h USER GUIDE INTRODUCTION INTRODUCTION 1 1 WHO SHOULD READ THIS This manual is intended for either system administrators or network and security administrators The basic technical knowledge required depends on the audience The system administrators should know the NEA product configuration and its specific features Task scheduling Database maintenance Network and security administrators should have basic knowledge of NETASQ UTM products and especially regarding Threat management antivirus antispam and vulnerabilities o Firewalling filter rules and IP services o Intrusion prevention system Content filtering o SSL VPN 1 2 TYPOGRAPHICAL CONVENTIONS 1 2 1 Abbreviations For the sake of clarity the usual abbreviations have been kept For example RSS Heally Simple Syndication Other acronyms will be defined in the Glossary 1 2 2 Display Names of windows menus sub menus buttons and options in the application will be represented in the following fonts Example Menu Interfaces 1 2 3 Indications Indications in this manual provide important information and are intended to attract your attention Among these you will find NOTE REMARKS These messages provide a more detailed explanation on a particular poi
61. ight NETASQ 2010 41 86 5 5 USER GUIDE 4 RUNNING MENU ITEMS Finish generating the database status report according to your objectives run the report export the report to a file or save the report as a task Copyright NETASQ 2010 42 86 5 USER GUIDE 5 TASK SCHEDULING 5 TASK SCHEDULING 5 1 DESCRIPTION The scheduled tasks feature on the NETASQ Event Analyzer web portal allows the administrator to manage the scheduling of the following tasks Generation of standard reports Database aggregation process Database purge process Generation of customized reports generation if any Generation of cubes if any O NOTE The task scheduling menu is only available for the user Admin and AdminDB To access task schedules on the NETASQ Event Analyzer web portal Click on the menu Scheduled Tasks amp Tasks Web Server Configuration Menus Scheduled Tasks amp Tasks El 3 Scheduled Tasks E La Tasks Web Part Configuration Content Builder Web Server Administration The table below provides an overall description of the task scheduling entries Scheduled Tasks This node lists the scheduling that has been created either by the administrator or through the NETASQ Event Analyzer Configurator wizard 7 After the configuration of NETASQ Event Analyzer some scheduling will automatically be created This node lists the tasks that have been created either by the administrator or thr
62. ing screen will appear in the right panel Add a Web Part to publish click on the link Add a Web Part to publish The following screen will appear in the right panel Information Web Parts Title Information Link IiotigmZone MiddleCenterdone MiddleLeftZone MiddleRiqhtZone Everybody O NOTE The appearance depends on the number of web part areas created lex Select the web part content to publish Modify the Title or the Link parameters if needed O NOTE By default everyone who logs into the web portal can view the content being published Users and Groups parameters are for future use e Click on the button Add The following message will appear The Web Part has been successfully exported G Click on the Finish button to finish publishing the web part The list of published Web Parts appears in the right panel Adda Web Part to publish Title Publication Date Zone Groups Users Highlights 7 6 2010 5 56 00 PM TopZone Copyright NETASQ 2010 64 86 5 5 USER GUIDE 6 WEB PARTS MANAGEMENT Use the icons or to either respectively modify the publication or remove published web part content O NOTE By removing a web part content publication the administrator will be prompted to confirm the removal of the publication E Click on the Finish button to finish publishing the web part Web Part Configuration Web Parts
63. irewall Daily 100428 pdf E J Generated Reports Firewall Daily 100429 pdf 1060619 30 04 2010 01 02 52 31 05 2010 15 07 23 Content Filtering ps Firewall Daily 100430 pdf 1041658 01 05 2010 01 03 06 31 05 2010 15 07 23 Firewall Firewall Daily 100501 pdf 724014 02 05 2010 01 01 24 31 05 2010 15 07 24 IPS 25 Firewall Daily 100502 pdf 725078 03 05 2010 01 01 13 31 05 2010 15 07 24 Mobility a 72 Firewall Daily 100503 pdf 1049830 04 05 2010 01 03 05 31 05 2010 15 07 24 H Vulnerabilities Firewall Daily 100504 pdf 1048155 05 05 2010 01 03 52 31 05 2010 15 07 24 Customized Reports Firewall Daily 100505 pdf 1045480 06 05 2010 01 02 54 31 05 2010 15 07 25 A PE Gl Detailed Analysts P Firewall Daily 100506 pdf 1047962 07 05 2010 01 03 51 31 05 2010 15 07 25 amp NETASQ Utilities TT ONT a 7 Firewall Daily 100507 pdf 1049878 08 05 2010 01 02 30 31 05 2010 15 07 25 Configuration des Web Parts 9 Firewall Daily 100508 pdf 725986 09 05 2010 01 00 35 31 05 2010 15 07 25 Edition des Flux z ER TET T Firewall Daily 100509 pdf 724 568 10 05 2010 01 00 32 31 05 2010 15 07 25 H Firewall Daily 100510 pdf 1044895 11 05 2010 01 02 39 31 05 2010 15 07 25 12 Firewall Daily 100511 pdf 1043526 12 05 2010 01 03 03 31 05 2010 15 07 25 D Firewall Daily 100512 pdf 1 042 319 13 05 2010 01 02 16 31 05 2010 15 07 25 Firewall Daily 100513 pdf 836 393 14 05 2010 01 00 49 31 05 2010 15 07 26
64. ities M Firewall Statistics Utilities il intrusion Prevention System Statistics Utilities JU METASQ Audit Proxy Statistics Utilities Scheduled Tasks amp Tasks Web Part Configuration Content Builder Web Server Administration Click the type of database reports you want to check according to the descriptions provided below Information type Description Content Filtering Contains the database report status on the treatment of Content Filter Utilities logs Firewall Statistics Contains the database report status on the treatment of Firewall logs Utilities Intrusion Prevention Contains the database report status on the treatment of intrusion oystem Statistics prevention system logs Utilities NETASQ Audit Contains general information on reports generated per device Proxy Statistics Contains the database report status on the treatment of web proxy Utilities logs Copyright NETASQ 2010 40 86 5 USER GUIDE 4 RUNNING MENU ITEMS Click on the type of information you want to work with according to the following screen NETASQ Q EVENT ANALYZER Web Server Configuration Firewall Statistics Utilities Size Modification Creation m 1 ils 0 1 21 2010 5 14 15 PM 9 2 2004 10 43 08 AM amp NETASQ Reports t d Selected Record Details 2 NETASQ Detailed Analysis 2 Number of Records in the Firewall Tables 0 1 21 2010 5 20 02 PM 9 2 2004 10 43 08 AM NETASQ U
65. lows an administrator to remove a task from NETASQ Event Analyzer Even if the task is part of a task schedule it will no longer be executed Copyright NETASQ 2010 52 86 5 5 USER GUIDE 5 TASK SCHEDULING To access the task deletion Click on the menu Scheduled Tasks TasksN Tasks h In the left menu select the task to remove Web Server Configuration Es Menus Scheduled Tasks amp Tasks E 3 Scheduled Tasks E METASQ Event Analyzer Scheduled Dashboards E 2 Purge Alerts Tables E Tasks af Continue if first of the month NETASO Mobility Daily Dashboard NETASO Mobility Monthly Dashboard Y NETASO Spams Content Filtering Daily Dashboard NETASQ spams Content Filtering Monthly Dashboa A NETASO Threats Content Filtering Daily Dashboard MINETASQ Threats Content Filtering Monthly Dashboa A NETASO URL Content Filtering Daily Dashboard 5 URL Content Filtering Monthly Dashboard __ A NETASO Vulnerabilities Daily Dashboard METASQ Vulnerabilities Monthly Dashboard lt 1 E inthe right panel click on the icon Delete Task E The administrator will be prompted to confirm the task deletion Windows Internet Explorer 2 The selected task will be definitively deleted Do you wank to continue I Annuler Click on the OK button to confirm the task deletion 5 3 MANAGING TASK SCHEDULE Managing task schedules allows the administrator to perform the following acti
66. nt Copyright NETASQ 2010 7 86 NETASO USER GUIDE INTRODUCTION o WARNING RECOMMENDATION These messages warn you about the risks involved in performing a certain manipulation or about how not to use your appliance This message gives you ingenious ideas on using the options on your product DEFINITION Describes technical terms relating to NETASQ or networking These terms will also be covered in the glossary 1 2 4 Messages Messages that appear in the application are indicated in double quotes Example Delete this entry 1 2 5 Examples Example This allows you to have an example of a procedure explained earlier 1 2 6 Command lines Command lines Indicates a command line for example an entry in the DOS command window 1 2 7 Reminders Heminders are indicated as follows Reminder 1 2 8 Access to features Access paths to features are indicated as follows Access the menu File Firewall Copyright NETASQ 2010 8 86 5 h USER GUIDE INTRODUCTION 1 3 GETTING HELP To obtain help regarding your product and the different applications in it website www netasq com Your secure access area allows you to access a wide range of documentation and other information user manuals NETASQ UNIFIED MANAGER NETASQ REAL TIME MONITOR and NETASQ EVENT REPORTER 1 4 TECHNICAL ASSISTANCE CENTER NETASQ provides several means and tools for resolving technical problems on you
67. om webpage Do you really want to delete this record OK Cancel ra Click on OK to continue 7 3 WORKING WITH THE HIGHLIGHT FEED TABLE To manage the information feed From the menu Content Builder Highlight Feed The highlight feeds appear in the right panel Add a Highlight feed to publish Purge existing Highlight feeds Date Severity Title Text Icon URL Groups Users 7 6 2010 6 18 00 1 Vulnerability report This ts the last vulnerability 7 3 1 Creating a highlight feed From the menu Content Builder Highlight Feed follow the steps below Click on the link Add an Information feed to publish at the top of the information feed screen in the right panel Copyright NETASQ 2010 71 86 5 USER GUIDE 7 CONTENT BUILDER The following screen will appear in the right panel Date severity Information Title Information Warning Text Error Icon URL o Everybody Set the parameters for the new information feed as appropriate Click on the button Add The right panel will display a message indicating the status of the command The Highlight has been added successfully Click on the Finish button To check the content display that an administrator has just created he can click on the NETASQ icon in the top left corner of the Web Portal to go back to the Home Page and click on the Web Part tab The new information feed will be displayed Highlig
68. on the report that the end user customized will be displayed as a standard generated report He will then be able to browse in the tabs Parameters and Both to modify the parameters and view changes 4 1 5 Export customized reports and cube as a file Just after setting the parameters of cubes customized reports or database status reports the end user will be able to export the generated report as a file By clicking on the icon the report that the end user customized will be available for local or shared folder storage in PDF file format Once NETASQ Event Analyzer has built the report he will be prompted to either save or open the generated report NOTE Depending on the browser policy the end user may be warned about downloading files before being prompted to save 4 1 6 Save task for customized reports and cubes Just after setting parameters of cubes customized reports or database status reports the end user can save these parameters to reuse them in a scheduled task By clicking on the icon the end user has to set the task parameter for task scheduling purposes For more information about task scheduling please refer to section 5 TASK SCHEDULING Copyright NETASQ 2010 23 86 5 USER GUIDE 4 RUNNING MENU ITEMS PDF Destination Task Name New Export Task Destination Directory Ei Destination File Suffice None Send an Alert Alert Type e mail v From
69. on to save the task schedule 5 3 3 Deleting a task schedule Deleting a task schedule allows an administrator to remove a task schedule from NETASQ Event Analyzer O NOTE The tasks associated with the schedule will not be removed To access the task schedule deletion in the NETASQ Event Analyzer web portal Click on the menu Scheduled Tasks Tasks Scheduled Tasks T In the Scheduled Tasks amp Tasks Scheduled Tasks menu select the task schedules to delete ES In the right panel Click on the icon 3 Delete Scheduled Task ES The administrator will be prompted to confirm the task schedule deletion Windows Internet Explorer The selected task will be definitively deleted Do you wank to continue I Annuler ud ul Click on the OK button to confirm the task deletion Copyright NETASQ 2010 56 86 USER GUIDE 5 TASK SCHEDULING NETASO USER GUIDE 5 TASK SCHEDULING 5 3 4 Managing the task schedule frequency NETASQ Event Analyzer allows the administrator to define several frequencies now once daily weekly or monthly The parameters used to define the frequency depend on the selected type 5 3 4 1 Now The task will run immediately within a minute maximum Frequency Now Delete the Task when Done O NOTE Select the Delete Task when Done check box if you do not wish to keep this scheduled task 5 3 4 2 Once The task will run only once at the specified date and time Frequency
70. ons Create a specific task schedule o Edit a task schedule to manage the scheduling of automatic treatments like report generation for instance o Delete a task schedule Copyright NETASQ 2010 53 86 T SQY To access the task schedule management of the NETASQ Event Analyzer web portal Click on the menu Scheduled Tasks Tasks Tasks The following screen will appear Web Server Configuration Menus Scheduled Tasks amp Tasks Scheduled Tasks E 7 NETASQ Event Analyzer Scheduled Dashboards GH 2 Purge Alerts Tables New SOL Task y Tasks Continue if first of the month 9 NETASO Mobility Daily Dashboard 5 Mobility Monthly Dashboard 5 Spams Content Filtering Daily Dashboard EW METASO Grams Content Filtering Monthh Mashhn 12 Mew Scheduled Task Ill k Mew Generic Task 5 3 1 Creating a task schedule Creating a schedule allows an administrator to schedule tasks that should be automatically run To access the task schedule management of the NETASQ Event Analyzer web portal Click on the menu Scheduled Tasks 5 Tasks Scheduled Tasks T In the right panel click on the icon 5 New Scheduled Task The following screen will appear in the right panel General Scheduled Task Name Task narne Available tascs Tasks to be run Continue first of the month een METASO Mobility Daily Dashboard METASO Mobility Mont
71. orso aret NEXT COMING MONTH MOST RECENT MONTH RORIS 955 dernier letzter 905 955 pasado passat 905 SCOISO 9055 oS Name SINCE A MONTH UNTIL A MONTH ame Copyright NETASQ 2010 81 86 5 USER GUIDE 9 WORKING WITH DATE KEYWORDS 9 3 OTHER HOUR FUNCTIONS BY LANGUAGE Invariant cene French German Spanish Catalan Italian owedish and English for x Vor O 0 timmar Stunden sedan Diese Stunde denna timme Vor 1 Stunde Letzte Stunde x hours ago 2 12 il y a x heures MU hace xhoras fax hores x ore fa ML Stunden sedan in hours dans 0 heures In 0 Stunden en 0 horas en 0 hores in 0 ore om 0 timmar this hour cette heure Diese Stunde esta hora aquesta hora quest ora denna timme dans 1 heure In 1 Stunde prochaine Nachste heure Stunde in x hours dans x heures In x Stunden en x horas en x hores in x ore om x timmar dics 0 hours depuis O Seit 0 desde 0 des de 0 sedan 0 since this h h h da 0 ore M eures Stunden oras ores timmar des d 1 hora sedan sista des de da ultima ora timme l hora da 1 ora sedan 1 anterior timme depuis x Seit x des de x sedan x sedan Bis einer hasta 1 hora fins 1 hora fino a 1 ora until 1 hour a Stunde Bis 1 hasta la hora fins l hora fino a ora till 1 timme Stunde siguiente seg ent prossima hace 0 horas fa hores O ore fa esta hora aquesta hora quest ora 0 hours ago il y a 0 heures this
72. ough the NETASQ Event Analyzer Configurator wizard Tasks wore After the configuration of NETASQ Event Analyzer some tasks will automatically be created and inserted in scheduling Copyright NETASQ 2010 43 86 5 USER GUIDE 5 TASK SCHEDULING 5 2 MANAGING THE TASKS Task management allows the administrator to perform the following actions Create a report generation task Create a SQL task Create a generic task Edit a task Delete a task o o0 To access task management on the NETASQ Event Analyzer web portal Click on the menu Scheduled Tasks amp Tasks Tasks The following screen will appear Web Server Configuration Menus W Scheduled Tasks amp Tasks Li hei Lg Scheduled Tasks El H7 NETASQ Event Analyzer Scheduled Dashboards Mew Scheduled Task SQUE Purge Alerts Tables New SOL Task E Tasks TI Continue if first of the month INETASQ Mobility Daily Dashboard NETASQ Mobility Monthly Dashboard CS Ren ENEE Dey 5 spams Content Filtering Daily Dashboard WI INETA amp D Shame Content Filtering Manthte 22 5 2 1 Creating a report generation task Report generation tasks are created from the customized report screen After defining the parameters of the report generation the administrator may decide to save the report as a task For more explanations on creating tasks from a customized report please refer to 4 1 6 Save task for cus
73. p N Incoming Accepted Services 0 4 12 2010 11 49 58 AM 9 2 2004 10 43 08 AM B Proxy Statistics Monthly d Toph Ongoing Accepted O 4 12 2010 11 50 01 9 2 2004 10 43 08 AM E NETASQ Detailed Analysis Ec b 1 N Incoming Blocked Services 0 4 12 2010 11 50 03 AM 9 2 2004 10 43 08 AM ubes amp NETASQ Utilities 14 Top N Outgoing Blocked Services 0 4 12 2010 11 50 05 AM 9 2 2004 10 43 08 AM Database Status ia 15 Top 10 Users amp Visitors Using the Greatest Variety of Services 0 2 9 2010 6 26 53 9 2 2004 10 43 08 AM Scheduled Tasks amp Tasks iic Top N Accepted Users with their Top N Services 0 4 12 2010 11 50 09 AM 9 2 2004 10 43 08 AM Web Part Configuration Content Builder 17 N Accepted Visitors with their N Services 0 4 12 2010 11 50 11 AM 9 2 2004 10 43 08 AM Web Server Administration 18 Top N Blocked Users with their N Services 0 4 12 2010 11 50 13 AM 9 2 2004 10 43 08 AM m19 Top N Blocked Visitors with their Top N Services 0 4 12 2010 11 50 15 AM 9 2 2004 10 43 08 AM internet amp 1005 note NETASQ Event Analyzer provides a large number of reports for customization purposes This will help the end user to work with the most suitable reports according to his needs Click on the report you want to customize to configure the parameters of the reports Select the Period or Other for Date 16 8 2010 04 Top N Accepted Services by Top N Source
74. parameters of the RSS feed you want to create Click on the Subscribe button 7 4 2 Creating an RSS feed record From the menu Content Builder RSS Feed follow the steps below k Click on the link Add an RSS feed to publish at the top of the RSS feed screen in the right panel The following screen will appear in the right panel Publication Date gt 16 2010 6 40 37 PM E jd fe VNLT TUI E v Category Title D escription Link o Everybody Set the parameters for the new RSS feed as appropriate O NOTE The Category text box can remain empty optional Copyright NETASQ 2010 75 86 NETASQ USER GUIDE 7 CONTENT BUILDER Click on the button Add The right panel will display a message indicating the status of the command Click Finish 7 43 Editing an RSS feed From the menu Content Builder Highlight Feed follow the steps below Click on the Edit icon to the left of the RSS Feed to edit The following screen will appear in the right panel 7 6 2010 6 20 00 PM Firewall Report Last firewall report this 15 the last firewall reprot http server_name dvweb Display aspx _ ma NETASO Reports amp _ mi 40 amp _rp Firewall s 2fFirewall_Daily_100704 pdf P Em NS EUN Groups ser Modify the fields as necessary Click on the e OK icon to confirm your modifications Copyright NETASQ 2010 NETASQ USER GUIDE 7
75. pe of logs you want to analyze Defining the parameters to select the logs Managing filters order and cross table to analyze the logs Managing the presentation and the chart view fF OM Saving the chart view and the data for continuous analysis Copyright NETASQ 2010 31 86 5 5 USER GUIDE 4 RUNNING MENU ITEMS To access the NETASQ Event Analyzer log analysis Click on the item MenusNNETASQ ReportsNNETASQ Detailed Analysis Web Server Configuration NETASQ Reports f ET pal Generated Reports El pal Customized Reports E NETASQ Detailed Analysis E a Cubes Jal Content Filtering Cube Correlation Cube Firewall Cubes Jl ips Cubes Jal Proxy Cubes NETASQ Utilities ud Database Status Scheduled Tasks amp Tasks Web Part Configuration Content Builder Web Server Administration 4 4 1 Select the log type Click the type of reports on which you wish to analyze logs according to the descriptions provided below a 7 Description Content Eillerina Analyzes logs on general threats antivirus antispam on HTTP Cube SMTP POPS or FTP and on URL filters for web browsing ETA E AD E C E iewal Analyzes logs relating to accepted and blocked services IPS Analyzes logs the raised alarms of the intrusion prevention system Proxy Analyzes logs relating to web browsing and web user activities No matter what report type has been selected for th
76. period either by manually setting a date or by using the calendar icon In any case he has to first choose Other from the drop down list Select the period or Other for a Date Select the Period or Other for a Date If the calendar icon is used the end user should follow the steps below click the calendar icon close to the parameters Select the date if Other selected Copyright NETASQ 2010 20 86 NETASQ 5 USER GUIDE 4 RUNNING MENU ITEMS From the displayed scheduler select the customized date of the report you want to generate Select the Period or Other for a Date mdi Select the Date if Other selected juin 2010 lu ma ve sa di 4 1 2 4 3 6 I ID DS 22 14 15 1 17 18 B 4 BH 22 B 24 2 Jb 2 e Use the arrow buttons and to navigate from one month to another To manually set the date parameter the end user has to use the format provided in chapter 9 WORKING WITH DATE KEYWORDS 4 1 3 Working with reports Regardless of the type of reports the end user works with generated customized or database status they all look the same They are PDF files displayed in the central zone of the NETASQ Event Analyzer web portal The contents of the reports depend on the type of report but a report book generally contains A dashboard that provides a general overview of the events that occurred during the report period A lis
77. portal At the top of this screen the administrator can see how many concurrent user s are connected and the maximum number of users authorized by the license certificate Copyright NETASQ 2010 78 86 USER GUIDE 9 WORKING WITH DATE KEYWORDS 9 WORKING WITH DATE KEYWORDS 9 1 INVARIANT PREDEFINED FUNCTIONS Invariant functions are keywords or expressions that can be understood by NETASQ Event Analyzer regardless of your PC s regional language settings Function m Comment HOURS NOTE in INVARIANT mode hours are always expressed in plural even if the value is x 0 x 1 since x hours 0 12 DAYS The number of hours beginning from the time specified in the past from XX 00 00 to XX 59 59 The number of hours to the time specified in the future from XX 00 00 to XX 59 59 The period beginning from the time specified in the past at XX 00 00 up to now The interval from now to the end of the period specified in the future at XX 59 59 O NOTE in INVARIANT mode days are always expressed in plural even if the value is x 0 or x 1 until x days WEEKS The number of days in the past from 00 00 00 to 23 59 59 The number of days in the future from 00 00 00 to 23 59 59 The number of days beginning from the day specified in the past from 00 00 00 up to now The number of days from now up to the end of the period specified in the future at 23 59 59 O NOTE in IN
78. r Part e mio E Or cada e merg Armm Web Part Tr Tip Dr rm Pre Le Li 1 ih i c ZELLE Diel L Z ru CLF Lib al meg k tomcna I i 4 E Add a Web Part to this zone by dropping m here The web part area may contain the following kind of information Information Highlight RSS feed The content to display in these areas can be generated from the Content builder menu or by configuring an alert for a task see section 5 2 1 1 Working with the alert 6 1 1 Web parts publication In order to publish a NETASQ Event Analyzer web part an administrator has to follow the steps below Associate a web part with an area in the page Publish the created web parts to display them in the page 6 2 CREATING A WEB PART Creating a web part allows the administrator to design the web part page To access the NETASQ Event Analyzer web part creation Copyright NETASQ 2010 59 86 5 5 USER GUIDE 6 WEB PARTS MANAGEMENT Click on the menu Web Part Configuration Web Part Configuration ET Click on the New button The following screen will appear in the right panel 7 5 PLENA Add Web Part to zone by dropping it here Catalog Zone Des Middielettiona WiddtelenterZone Midaienigntzona WebParts Catalog Add a Web Part ta this zone by dropping t here Add
79. r firewall 2 A knowledge base a A certified distribution network As such you will be able to call on your distributor o Documents these can be accessed from your client or partner area You will need a client account in order to access these documents For further information regarding technical assistance please refer to the document Standard NETASQ support 1 5 GETTING FAMILIAR WITH THE WEB PORTAL The NETASQ Event Analyzer web portal provides services to allow end users to Access generated reports Customize their own report parameters Schedule tasks Customize the web portal Check database processes 0000 1 5 1 Connection Users can connect to the NETASQ Event Analyzer Web Portal installed on a server machine inside or outside your organization s network All you need is a web browser If you wish to run items such as Cubes you will be prompted to install the Microsoft Office 2003 Web Components on your local computer O NOTE REMARKS The cube technology allows an end user to perform thorough analyses of the logs that NETASQ devices have sent The following browsers are supported o Internet Explorer version 7 or greater Google Chrome and Mozilla Firefox except for the cubes The services that the NETASQ Event Analyzer web portal provides depend on the user name used to log into the application User profiles are defined by the System Administrator via the NETASQ Event Analyzer Administration Manager
80. r on the icon to discard changes Copyright NETASQ 2010 16 86 5 b USER GUIDE 3 WEB PORTAL CONFIGURATION 3 2 3 Removing a home page To remove a home page Click on the menu Web Server Configuration Home page section Title URL General information General report T Select the icon to remove The following screen will appear Windows Internet Explorer 2 Do vau really wank to delete this record Annuler F Click on the button oK to validate the home page removal The related control tab will be removed from the home page 3 2 4 Logging out of the Web Portal The number of users connected will depend on the license certificate which includes a number of concurrent users When you disconnect another concurrent user will be able to connect in your place Note that you will be disconnected from IIS in the server after a time out the default time out is 10 minutes Copyright NETASQ 2010 17 86 5 5 USER GUIDE 3 WEB PORTAL CONFIGURATION To log out of the NETASQ Event Analyzer web portal Click on the menu Web Server Configuration Web Server Configuration Your Server Administrator Credentials User ADMIN Groups ADMIN IP Theme NETASQ v Language E m Fs i HU H Display banner Add a Home Page Title URL General intranet mycompany com Information General report Logout un Click on the link Logout
81. rd selection 4 4 5 1 Save presentation and data To save cube presentation and data From a cube with log records click the down arrow in the top left corner of the screen hu Select Save Data and Presentation As from the contextual menu The following screen will appear save As OW IE k administrator k Documents v Search File name mycube1 Save as type HTML Application hta Browse Folders Copyright NETASQ 2010 m 38 86 NETASQ 5 USER GUIDE 4 RUNNING MENU ITEMS Set a filename for the cube to save locally and then click on the button Save O NOTE You can now access this cube offline without needing to connect to the Web Portal Just go to the destination directory and double click on the hta file in this example the file mycube1 hta 4 4 5 2 Update presentation data Once the end user has saved the presentation and the data he selected for his analysis he can reuse the presentation with other log records This will help him to track differences between 2 log records To reuse a presentation with another log record follow the steps below hu Run another cube by using the same type but by modifying the log record selection e g changing the date ka From the down arrow in the top left corner of the screen select Save Data As ES Set a filename to save the cube data locally by keeping the proposed file extension RECOMMENDATION In or
82. sta semana semana actual semana proxima semana siguiente hace 0 semanas esta semana hace 1 semana semana pasada Catalan SEMANES setmana passada setmana anterior aquesta setmana setmana actual propera setmana setmana seguent fa 0 setmanes esta setmana fa 1 setmana setmana passada ltalian SETTIMANE settimana scorsa questa settimana settimana prossima settimane fa questa settimana 1 settimana fa settimana scorsa Swedish VECKOR forra vecka denna vecka nasta vecka veckor sedan denna vecka 1 vecka sedan forra vecka 83 86 5 USER GUIDE 9 WORKING WITH DATE KEYWORDS this week semaines Wochen estasemana estasetmana questa veckor cette semaine Diese settimana denna Woche vecka en 1 setmana In 1 Woche en1semana propera in 1 settimana om 1 vecka Nachste semana setmana settimana n sta Woche proxima setmana prossima vecka seguent dans x In x in weeks 2 7 en x semanas en x setmanes in x settimane om x veckor semaines Wochen since 0 depuis 0 desde 0 des de 0 weeks semaines Seit 0 semanas setmanes des sedan 0 0 settimane since this depuis cette Wochen desde esta d aquesta veckor week semaine semana setmana depuis 1 desde 1 since 1 P des d 1 semaine week setmana des sedan 1 depuis la desde la da 1 settim
83. sult es Firewall Cube on Detailed Information limited to 100 000 records 20 TES E 0 Action Group v Action Vide Accepted Bli His 8 4 Totaux 1 He Bytes E gt Elapsed Time E External 10 494 153 759 34b 21 242 Action hierarchy Internal 172 2 532 502 mE Country Destination Internal 192 290 BE Country Source Local host 1 310 a S DATE Detailed E DATE YYYY MM DD HH e E Destination hierarchy E Firewall a Rule BE Service BE Source hierarchy By clicking on the Chart tab the end user will be able to create a chart view to illustrate the analysis 4 4 4 Managing the presentation and the chart view Besides log analysis the NETASQ Event Analyzer cube module provides a lot of features For instance the end user is able to manipulate logs through different views and save them for further tracking analyses To access the services that the NETASQ Event Analyzer cube module offers Click the down arrow in the top left corner of the screen The following contextual menu appears Copyright NETASQ 2010 New grid view New Chart View Creates a new Cube tab to get another presentation to have another dimension and measure on the selected log records Creates a new Chart tab to get another graph presentation A Chart _ can be linked to a Cube View or can be standalone
84. t of reports where several displays are used according to the information to show You may have histograms pie charts or tables The screenshot below shows the first page of a daily firewall report book the dashboard Copyright NETASQ 2010 21 86 5 5 USER GUIDE 4 RUNNING MENU ITEMS gt m Parameters Result Firewall Dashboard Select the Period or Other for a Date Select the Date if Other selected 7 5 2010 F Firewall Ignore for all Source Ignore for all O Destination Ignore for all EN ES 7 Signets x Options Jic 4 Traffic Activity by the Number of Distinct IP Addresses Firewall Dashboar d Ej Accepied Th 5 B d Aa 417 x3 5 Hour of the Dery Saoepied or Blooked rot defined 4 BB _ Useful icons and buttons are explained in the table below u f Home Page Sends you back to the previous report when a report displayed is the result of a drill down link for example when using the HTML output format In a single report or in the last report obtained via a drill down the Home Page icon will display the same report Question Why do the Home Page st icon and the Go button both have the Same consequence that is sending the user back to the previous report Answer because when the generated drill down reports only generate one _ page no naviga
85. tatus of the command The information has been added successfully Click on the Finish button Copyright NETASQ 2010 69 86 NET SQY USER GUIDE 7 CONTENT BUILDER To check the content display that an administrator has just created he can click on the NETASQ icon in the top left corner of the Web Portal to go back to the Home Page and click on the Web Part tab The new information feed will be displayed Title Date 7 6 2010 7 6 2010 lt Page 1 1 gt 7 2 2 Editing an information feed From the menu Content Builder Information Feed follow the steps below Click on the Edit icon to the left of the information feed to edit The following screen will appear in the right panel Add an Information feed to publish Purge existing Information feeds y scie 7 6 2010 6 12 00 PM infromation Report generated fir General Information These are general highlights 08 7 6 2010 6 09 00 PM HH eventanalyzer intranet mycompany com Taupe 5215 Modify the fields as necessary ES Click Y OK icon to confirm your modifications Copyright NETASQ 2010 70 86 NETASQ USER GUIDE 7 CONTENT BUILDER 7 2 3 Deleting an information feed From the menu Content Builder Information Feed follow the steps below hu Click the Remove icon to the left of the information feed to delete The following screen will appear in the right panel Message fr
86. te and Time 7 2 2010 1 00 00 AM Date 5 201 u The l ofaMonth Q The of a Month Run the Scheduled Task an the Following Months January February March April v May v June v July August September October v November v December opecify the Start Date and Time Specify an End Date if necessary Select which day of the month the task must be run between 1 and 31 Select the day of the week between Monday to Sunday and the position of this week in the month between First Second Third Fourth or Last Select the Run the Scheduled Task on the following Months check boxes as appropriate by selecting the required months of the year Copyright NETASQ 2010 58 86 NETASQ 5 USER GUIDE 6 WEB PARTS MANAGEMENT 6 WEB PARTS MANAQEMENT 6 1 DESCRIPTION The Web Parts feature in the NETASQ Event Analyzer web portal allows the administrator to configure the display of different kinds of information The web part is displayed in a right panel tab alone or in addition to home pages as shown in the screen below we secure IT NETASQ Q EVENT ANALYZER Web Server Configuration As displayed below the web part tab is divided into several areas r3 x Add eb Part to this zone by dropping t here T SU T H w I L l all Tr ea w z i ee r a Ue Part m Em mpmmemmimm m ners Emm Ma
87. tilities 3 Address Definition Management 0 1 21 2010 4 07 29 9 2 2004 10 43 08 AM pw Database Status 4 Firewall Aggregation Process Status 0 4 28 2010 6 26 25 PM 9 2 2004 10 43 08 AM Content Filtering Utilities JM Firewall Statistics Utilities Ml intrusion Prevention System Statistics Utilities QU NETASQ Audit n Proxy Statistics Utilities Scheduled Tasks amp Tasks Web Part Configuration Content Builder Web Server Administration NOTE The list of available reports depends on the selected report type The table below describes the different types of report Report type Description Selected Records Provides detailed information on the database records Details E Number of Records Indicates the number of records stored in the database for the for the Table detailed aggregated and dimensions data Aggregation Process Provides information on the aggregation process Status i Address Definition Indicates the naming used for network identication Management Set the parameters for the database reports A Result Both 2 Number of Records in Content Filtering Tables Today Y days OO Start time 16 2 2010 12 00 00 AM stop time 16 3 2010 11 59 59 C UTM Origin Ignore for all NOR Qutput Format PDF Dl note The list of parameters that may be configured depends on the selected report type Copyr
88. tion bar will appear and therefore there will be no Go button o NOTE If you click on the menu branch previously used the last item will be run again without displaying the list B e Copy the URL to the Cone the URL link to the current report or item to the clipboard You will be Clipboard prompted to confirm this copy This link can be used later when defining a Home Page a Shortcut on your desktop or a Web Part wore A URL can end with _ e 0 if you wish to get the criteria parameter and output format page before running the report e 1 if you wish to get the _ report result directly Adobe reader toolbar This is the standard Adobe reader tool bar that allows end users to save or print generated reports Tu Wetneetay ape ono ES Use the arrow to change the date of the report Allows end users to move to _ the previous next day or month depending on the report type Copyright NETASQ 2010 22 86 NETASQ USER GUIDE 4 RUNNING MENU ITEMS In the case of customized generated reports these buttons may have no effect Both These tab controls are only displayed for customized reports They allow end users to browse between the customization parameters and the generated reports 4 1 4 Running customized reports Just after setting the parameters of customized reports or database status reports the end user can run the report generation y clicking on the butt
89. tomized reports and cube 5 2 1 1 Working with the alerts NETASQ Event Analyzer offers the possibility of associating alerts with a task 4 kinds of alerts are available o E mail E mails are sent to e mail recipients with the result file attached Highlight consists of adding a highlight in the web parts Information consists of adding an information feed in the web parts RSS feed consists of adding an RSS feed o o o0 Q NOTE Highlight and Information are related to web parts that will relay the alert depending on the administrator s web portal configuration Copyright NETASQ 2010 44 86 T SQY USER GUIDE 5 TASK SCHEDULING To work with the alerts of the NETASQ Event Analyzer web portal Click on check box Send an Alert in the screen that allows defining the customization parameters of a report customized database utilities or cubing selection The parameters to define depend on the kind of alert that the end user has selected For e mail alerts the screen is as follows Send an Alert Alert Alert Type e mail v From Subject Text Enter your text Attachment Destination Cancel Field Description From Sets valid e mail address as mail sender Sets the valid e mail address es as destination This is the list of recipients that will receive the customized report by
90. ult may be published in the web portal for other users The cube log records may be attached in an e mail and used Saved task with a presentation previously done O NOTE More information about cube presentation will be provided in the section 4 4 3 Analyzing logs 4 4 3 Analyzing logs After running the log record selection the data for the cube will be available for analysis purposes and the following screen will appear tal s Parameters Both Firewall Cube on Detailed Information limited to 100 000 records Cube Chart aja 2 2 ae Vm z mu 98 j imi Firewall Cube on Detailed Information limited to 100 000 records DATE YYYY MM DD HH Y YY DD HH Action Group Action Vide Accepted Bli Source Net Area Destination Net Area Hits Hs Hits El External Totaux 250 6 Bytes ZE Y 83 Elapsed Time E External 10 494 153 759 Hits 345 21 242 a E Action hierarchy Internal 172 2 532 502 Country Destination 4 Internal 192 290 a source Local has 1 310 6 8 DATE Detailed E Internal 172 E DATE YYYY MM DD HH E Destination hierarchy E Firewall a E Rule E E Service P I Source hierarchy Ajouter a 0 NOTE The screen to manage the organization of log attributes may be not displayed To manage the attributes of the logs click on the
91. usque dans x hasta x unt 2 12 J q Bis x Monate fins x mesos fino a x mesi till x manader months mois meses 9 7 OTHER QUARTER FUNCTIONS BY LANGUAGE Invariant Range French German Spanish Catalan ltalian Swedish and English for x QUARTER TRIMESTRES ol A TRIMESTRES TRIMESTRES TRIMESTRI KVARTAL or i i j ee a LM ae trimestre D dieses trimestre trimestre detta trimestre n chstes trimestre trimestre nasta 1 quarter il ya 1 hace 1 i 1 kvartal quarters il yax vor X hace X fa X mA x kvartaler ago trimestres quartalen trimestres trimestres sedan dans 1 in 1 om 1 dans x in X en x en x om x eee ese 2004 to umi 2004 to Qx 2004 to Tx 2004 to Tx 2004 to E 2004 to 2004 to Qx 2013 Tx 2013 Qx 2013 Tx 2013 Tx 2013 Tx 2013 Kx 2013 Copyright NETASQ 2010 85 86 NETASQ b USER GUIDE 9 WORKING WITH DATE KEYWORDS 9 8 OTHER YEAR FUNCTIONS BY LANGUAGE Invariant Range French Spanish Catalan Italian Swedish and English for x YEARS ANNEES JAHREN ANOS ANYS ANNI last year an dernier Letztes Jahr ano pasado any pow anno scorso f rra aret ano anterior any anterior this year cette ann e Dieses Jahr Es a o aquest any quest anno detta ret a o actual any actual next year an prochain Nachstes Jahr eas proper ebd nro n sta ret ano siguiente any seguent prossimo hace 0 anos fa 0 anys este a

Download Pdf Manuals

image

Related Search

Related Contents

C`EST QUOI ? - Communauté d`agglomération Evry Centre Essonne  Samsung J770 User Manual  Trust MiLa 2.0 Speaker Set  Les heures de gloire du football suisse Napoléon III parlait le  Nedis VLSP41000B50 coaxial cable  

Copyright © All rights reserved.
Failed to retrieve file