Cisco Cisco Firepower 9300 Security Appliance
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 171 of 256
Chapter 11
– Using Real-Time Security
Monitoring
When an attack is detected, the DefensePro device creates and reports a security event that includes the
information relevant to the specific attack. The Security Monitoring perspective displays information relevant to the
specific attack along with real-time network traffic and statistical parameters. Use the Security Monitoring
perspective to observe and analyze the attacks that the device detected and the countermeasures that the device
implemented.
information relevant to the specific attack. The Security Monitoring perspective displays information relevant to the
specific attack along with real-time network traffic and statistical parameters. Use the Security Monitoring
perspective to observe and analyze the attacks that the device detected and the countermeasures that the device
implemented.
Notes
•
Your user permissions (your RBAC user definition) determine the DefensePro devices and policies that the
Security Monitoring perspective displays to you. You can view and monitor only the attacks blocked by the
DefensePro devices and policies that are available to you.
Security Monitoring perspective displays to you. You can view and monitor only the attacks blocked by the
DefensePro devices and policies that are available to you.
•
APSolute Vision also manages and issues alerts for new security attacks.
•
DefensePro calculates traffic baselines, and uses the baselines to identify abnormalities in traffic levels.
•
When calculating the real-time network traffic and statistical parameters, DefensePro does not include traffic
that exceeded the throughput license.
that exceeded the throughput license.
The following main topics describe security monitoring in APSolute Vision:
•
•
•
•
Risk Levels
The following table describes the risk levels that DefensePro supports to classify security events.
Note:
For some protections, the user can specify the risk level for an event. For these protections, the
descriptions in the following table are recommendations, and the risk level is the user's responsibility.
Table 130: Risk Levels
Risk Level
Description
Info
The risk does not pose a threat to normal service operation.
Low
The risk does not pose a threat to normal service operation, but may be part of a preliminary
action for malicious behavior.
action for malicious behavior.
Medium
The risk may pose a threat to normal service operation, but is not likely to cause complete
service outage, remote code execution, or unauthorized access.
service outage, remote code execution, or unauthorized access.
High
The risk is very likely to pose a threat to normal service availability, and may cause complete
service outage, remote code execution, or unauthorized access.
service outage, remote code execution, or unauthorized access.