Chapter 4 Quick Start Configuration

View Registered Hosts

View Registered Hosts

From CSA MC, you can see which hosts have successfully registered by accessing Hosts from the Systems link in the menu bar. This takes you to the Hosts list page. On the right side of this page is a column that displays varying types of information on each host. Use the pulldown menu for this column to filter your host list based on the status in question.

To search for specific hosts based on more status data, use the Search option in CSA MC. Search for Hosts using available status information such as:

Active hosts—A host is active if it polls into CSA MC at regular intervals.

Not active hosts—A host is inactive if it has missed a certain number polling intervals or if it has not polled into the server for at least one hour.

You can also view registered hosts by accessing the Groups page. From the groups list view, click the link for the group you created in the previous sections. Now click the Modify host membership link. All hosts who installed the kit created using this group should appear here as part of the group. (You might want to click the Refresh button on your browser to ensure you are viewing updated information.)

Configure a Rule Module

This section provides brief instructions for configuring and distributing a policy to Cisco Security Agents. For a full discussion of rule modules and policies, you should refer to the User Guide. In the meantime, use the following instructions to distribute a fairly simple policy to the agents that are currently installed on end user systems.

When you configure a policy, you are combining rule modules under a common name. Those rule modules are then attached to a policy. That policy is attached to a group of hosts and it uses the rules that comprise the policy to control the actions that are allowed and denied on those hosts.

For this example, we will configure a rule module containing file access control rule that protects systems from a known email virus. In this example, a VBS file (badfile.vbs) is detected, correlated across systems, and quarantined by CSA MC.

 

Installing Management Center for Cisco Security Agents 5.2

4-12

78-17916-01

Page 112
Image 112
Cisco Systems DOC-78-17916 manual View Registered Hosts, Configure a Rule Module