39-20
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 39 Configuring Event Action Rules
Configuring IPS Event Action Network Information
OS Map Dialog Box
Use the Add or Edit OS Map dialog box to map a host through its IP address to an OS type. Create
mappings only if you want to statically assign an OS type to an IP address. Because the sensor uses
passive OS fingerprinting to discover the OS associated with an IP address, you might not want to create
any mappings, or create mappings only for mission-critical devices that have static IP addresses. Update
any mappings that you create if you install devices with different operating systems on the address.
Navigation Path
From the OS Identification tab of the IPS Event Actions Network Information policy, click the Add Row
button beneath the OS Maps table, or select a row in the table and click the Edit Row button. For
information on opening the OS Identification tab, see Configuring OS Identification (Cisco IPS 6.x and
Later Sensors Only), page 39-18.
Field Reference
OS Maps table The list of OS mappings, showing the IP addresses of the hosts and the
operating systems to which they are mapped. When looking for a
match, the sensor goes from top to bottom and selects the first rule that
matches the IP address.
To add a mapping, click the Add Row button and fill in the Add OS
Map dialog box (see OS Map Dialog Box, page 39-20).
To edit a mapping, select the rule and click the Edit Row button.
To delete a map, select it and click the Delete Row button.
To change the priority of a rule, select it and click the Up or Down
arrow buttons until the rule is positioned correctly.
Table39-6 OS Identification Tab (Continued)
Table39-7 OS Map Dialog Box
Element Description
IP Addresses The IP addresses for this mapping. You can specify addresses using the
following techniques:
Enter the name of a single network/host object, or click Select to
select an object from a list or to create a new one. The object can
contain a group of networks, hosts, and address ranges.
A comma-separated list of host or network addresses or address
ranges. For example, 10.10.10.0/24, 10.10.10.10,
10.10.10.2-10.10.10.254.