omnivista-2500-advanced-quarantine-manager-aqm
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
omnivista-2500-advanced-quarantine-manager-aqm [2022/05/22 08:48] – Updated the links to the whitepapers benny | omnivista-2500-advanced-quarantine-manager-aqm [2023/03/08 09:37] (aktuell) – [Weiterführende Links - Whitepaper / Application Note] benny | ||
---|---|---|---|
Zeile 40: | Zeile 40: | ||
< | < | ||
benny@tiger: | benny@tiger: | ||
+ | </ | ||
+ | |||
+ | * Hat man keine Linux-VM/ | ||
+ | |||
+ | < | ||
+ | % echo device_id=FGT50xxxxxxxxxxx log_id=0420070000 type=ips subtype=signature pri=alert attack_id=103022660 src=192.168.11.164 dst=1.2.3.4 src_port=2098 dst_port=80 src_int=internal dst_int=n/a status=dropped proto=6 | nc -u 192.168.2.15 514 | ||
</ | </ | ||
Zeile 130: | Zeile 136: | ||
< | < | ||
benny@tiger: | benny@tiger: | ||
+ | </ | ||
+ | |||
+ | * Hat man keine Linux-VM/ | ||
+ | |||
+ | < | ||
+ | % echo device_id=FGT50xxxxxxxxxxx log_id=0420070000 type=ips subtype=signature pri=alert attack_id=103022660 src=192.168.11.164 dst=1.2.3.4 src_port=2098 dst_port=80 src_int=internal dst_int=n/a status=released proto=6 | nc -u 192.168.2.15 514 | ||
</ | </ | ||
Zeile 135: | Zeile 147: | ||
{{ :: | {{ :: | ||
+ | |||
+ | ===== Benachrichtung per eMail ===== | ||
+ | |||
+ | Es ist möglich Responder einzurichten die bei Events eine Benachrichtung senden. | ||
+ | |||
+ | * Konfiguration für die eMail | ||
+ | |||
+ | < | ||
+ | Action - The action being taken, a ban or a release. | ||
+ | $Action$ | ||
+ | |||
+ | Reason - The Reason field from the QM object. | ||
+ | $Reason$ | ||
+ | |||
+ | MacAddress - The MAC address of the device being banned or release. | ||
+ | $MacAddress$ | ||
+ | |||
+ | IpAddress - The IP address of the device being banned or release. If the IP address is unknown it will be displayed as 0.0.0.0 | ||
+ | $IpAddress$ | ||
+ | |||
+ | VlanName - The name of the VLAN that the device was banned to or released from: | ||
+ | $VlanName$ | ||
+ | |||
+ | MacGroupName - The MAC group that the device was banned to or released from: | ||
+ | $MacGroupName$ | ||
+ | |||
+ | Details - Contains a message with the Action, Mac, IP address, Vlan, and MacGroupName: | ||
+ | $Details$ | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | OmniVista AI/ML disconnected a malicious network device! | ||
+ | |||
+ | Action - The action being taken, a ban or a release. | ||
+ | Banned | ||
+ | |||
+ | Reason - The Reason field from the QM object. | ||
+ | <13>1 2022-05-22T17: | ||
+ | |||
+ | MacAddress - The MAC address of the device being banned or release. | ||
+ | dca632: | ||
+ | |||
+ | IpAddress - The IP address of the device being banned or release. If the IP address is unknown it will be displayed as 0.0.0.0 | ||
+ | 192.168.11.164 | ||
+ | |||
+ | VlanName - The name of the VLAN that the device was banned to or released from: | ||
+ | Quarantined | ||
+ | |||
+ | MacGroupName - The MAC group that the device was banned to or released from: | ||
+ | Quarantined | ||
+ | |||
+ | Details - Contains a message with the Action, Mac, IP address, Vlan, and MacGroupName: | ||
+ | Device dca632: | ||
+ | </ | ||
===== Weiterführende Links - Whitepaper / Application Note ===== | ===== Weiterführende Links - Whitepaper / Application Note ===== | ||
- | * [[https:// | + | * [[https:// |
- | * [[https:// | + | * [[https:// |
+ | |||
+ |
omnivista-2500-advanced-quarantine-manager-aqm.1653209327.txt.gz · Zuletzt geändert: 2022/05/22 08:48 von benny