Chapter 4 Quick Start Configuration
View Registered Hosts
4-12
Installing Management Center for Cisco Security Agents 5.2
78-17916-01
View Registered HostsFrom CSA MC, you can see which hosts have successfully registered by
accessing Hosts from the Systems link in the menu bar. This takes you to the
Hosts list page. On the right side of this page is a column that displays varying
types of information on each host. Use the pulldown menu for this column to filter
your host list based on the status in question.
To search for specific hosts based on more status data, use the Search option in
CSA MC. Search for Hosts using available status information such as:
• Active hosts—A host is active if it polls into CSA MC at regular intervals.
• Not active hosts—A host is inactive if it has missed a certain number polling
intervals or if it has not polled into the server for at least one hour.
You can also view registered hosts by accessing the Groups page. From the
groups list view, click the link for the group you created in the previous sections.
Now click the Modify host membership link. All hosts who installed the kit
created using this group should appear here as part of the group. (You might want
to click the Refresh button on your browser to ensure you are viewing updated
information.)
Configure a Rule ModuleThis section provides brief instructions for configuring and distributing a policy
to Cisco Security Agents. For a full discussion of rule modules and policies, you
should refer to the User Guide. In the meantime, use the following instructions to
distribute a fairly simple policy to the agents that are currently installed on end
user systems.
When you configure a policy, you are combining rule modules under a common
name. Those rule modules are then attached to a policy. That policy is attached to
a group of hosts and it uses the rules that comprise the policy to control the actions
that are allowed and denied on those hosts.
For this example, we will configure a rule module containing file access control
rule that protects systems from a known email virus. In this example, a VBS file
(badfile.vbs) is detected, correlated across systems, and quarantined b y CSA MC.