Dashboard Overview
Beginning with Version 4.5, the Security Manager client has a new launch point—a configurable dashboard, for which this topic presents an overview.
The dashboard is one of the six client applications that you can select as your default client application when you start the Security Manager client. (The others are Configuration Manager, Event Viewer, Report Manager, Health and Performance Manager, and Image Manager; there is also an application designed for mobile devices called CSM Mobile.) The dashboard is a convenient way for you to accomplish tasks that are found in several other areas of Security Manager, such as the IPS Health Monitor page, Report Manager, Health and Performance Monitor, and IP Intelligence Settings.
The dashboard contains the widgets shown in the following table, categorized by whether they are for use with IPS, firewalls, or both. (Not all of these widgets are shown by default). In addition to the original dashboard, you can create new, additional dashboards, which are displayed as tabs. You can customize all dashboards, both the original dashboard and any new, additional dashboards that you create. To customize a dashboard, you can drag and drop widgets from the list of available widgets into any dashboard.
Widgets for IPS |
|
---|---|
Widgets for Firewalls |
|
Widgets for Both IPS and Firewalls |
|
The way in which you use the dashboard and its widgets depends upon your goals in using Security Manager. For example, you can use the following four widgets to observe device health trends:
-
IPS Inspection Load Trends
-
IPS Missed Packet Trends
-
Memory Usage Trends
-
Firewall CPU Usage Trends
Individual widgets are described in the following table. One of the key widgets is the Device Health Summary widget. One reason it is important is that it provides the same information accessible through CSM Mobile, which is designed specifically for mobile devices. For more information about CSM Mobile, see CSM Mobile. For information on enabling or disabling CSM Mobile, see CSM Mobile Page.
IPS Inspection Load Trends |
A measure of the IPS inspection load trends. The inspection load trend data will appear in this widget only when an IPS device issues an alert because of inspection load, and the data will disappear when the alert is cleared. Indicates how much traffic inspection capacity the sensor is using. 0 indicates that there is no traffic backup, and 100 indicates that the buffers are completely backed up. Inspection load trends are affected by the following things:
You can set monitoring parameters on the IPS Health Monitor page at [IPS device in Device View] Platform > Device Admin > Health Monitor. |
||
---|---|---|---|
Top 10 Reports for IPS Attackers, Victims, and Signatures |
Pre-defined system reports that you can use to analyze top attackers, victims, and signatures for IPS alerts in your network. Clickable Link—In the Top Attackers widget, the IP address is an active hyperlink; click it to display IP intelligence. For details on IP intelligence in Security Manager, refer to IP Intelligence>. Clickable Link—In the Top Signatures widget, the Signature ID is an active hyperlink; click it to display signature information. To use these reports, use Report Manager (Launch > Report Manager...). To cross-launch Event Viewer from one of these top ten reports, select a particular attacker, victim, or signature, and click the number of occurrences. The number of occurrences is listed for the last 24 hours by default; you can change it to the last hour if desired.
|
||
IPS Missed Packet Trends |
A measure of the IPS missed packets trends. The missed packets trend data will appear in this widget only when there is an alert based on missed packets, and the data will disappear when the alert is cleared. You can set monitoring parameters on the IPS Health Monitor page at [IPS device in Device View] Platform > Device Admin > Health Monitor. |
||
IPS License |
Displays IPS devices for which the license will expire in 30 days or 60 days. (Use the dropdown list to choose 30 days or 60 days.) If the license will expire in 30 days or 60 days (whichever you select) this widget displays the license expiry date. |
||
IPS Update Packages |
Displays sensor updates and signature updates that are available on Cisco.com or on a local download server but not downloaded to the Security Manager server. If there are many such updates, then this widget displays only the 10 most recent updates. |
||
IPS Sensors Out of Date |
Sensors requiring a signature update. |
||
Top 10 Reports for Firewall Sources, Destinations, and Services |
Pre-defined system reports that you can use to identify the top destinations, services, and sources for firewall ACL events. The statistics are based on the events collected by the Event Manager service (as displayed in Event Viewer). To use these reports, use Report Manager (Launch > Report Manager...). |
||
Top 10 Reports for Botnet Malware Sites, Ports, and Hosts |
Pre-defined system reports that you can use to analyze botnet traffic filtering. The statistics are based on the botnet events collected by the Event Manager service (as displayed in Event Viewer) for sites on the block list and gray list. To use these reports, use Report Manager ( ...). |
||
Firewall CPU Usage Trends |
A measure of the firewall CPU usage trends. The CPU usage trend data will appear in this widget only when a firewall issues an alert because of CPU usage, and the data will disappear when the alert is cleared. |
||
Device Health Summary |
Shows current high- or medium-severity active alerts generated by HPM. Alerts can be grouped by Alert-Description, Predefined-Category, Device, or Alert Technology. Clickable Link—The device name is an active hyperlink; click it to display the Device Summary dialog box in the Dashboard. This link works for any option in the Group by _____ dropdown list: Alert, Category, Device, or Technology. To configure these alerts, use HPM (Launch > Health and Performance Monitor...).
Acknowledge Alert—To acknowledge an alert, follow these steps:
Clear Alert—To clear an alert, follow these steps:
You can also access device health summary information from mobile devices. To do this, use the CSM Mobile application. The information available to you from CSM Mobile is the same as that available in the Device Health Summary widget in the Dashboard. For information on enabling or disabling CSM Mobile, see CSM Mobile Page. |
||
Memory Usage Trends |
A measure of IPS health status or firewall health trends. For IPS devices, you can set monitoring parameters on the IPS Health Monitor page at [IPS device in Device View] Platform > Device Admin > Health Monitor. |
||
Deployment |
Shows the deployment status for all devices for the past 24 hours You can also monitor deployment status by using Deployment Manager (Configuration Manager > Manage > Deployments...) . |
||
IP Intelligence |
Information about an IP address related to the following things:
For IP Intelligence settings in Security Manager, navigate to Configuration Manager > Tools > Security Manager Administration > IP Intelligence Settings. |
||
CSM Monitor |
Shows server information in three categories:
Knowing if you have a dangling backup lock file is important for the following reason: When a CSM backup is performed, it fails with an error similar to this: "Backup failed.ERROR(383): C:\PROGRA~2\CSCOpx\backup.LOCK file exists." The solution can be described as follows: Security Manager creates a new lock file (backup.LOCK) in the backup directory before it starts a backup. If a backup is interrupted or fails, the file does not get cleaned up. You must delete the current backup.LOCK file from the Security Manager server, and then execute the backup process again. The CSM Monitor widget makes it faster and more convenient for you to detect a dangling backup lock file. For detailed information, refer to the Cisco TAC document at the following URL: http://www.cisco.com/en/US/products/ps6498/products_tech_note09186a0080c13cdd.shtml |
Note |
In some cases, Top Infected Hosts, for example, the dashboard report has a slightly different appearance than the report generated by Report Manager. This is caused by a difference in sorting, but the data is identical. Such a case will occur when more than one entry in the dashboard report has the same count. |
Basic dashboard operations are listed in the following table:
Launch Dashboard |
Configuration Manager or other Security Manager client application > Launch > Dashboard... |
||
---|---|---|---|
Add a new dashboard |
File > New Dashboard |
||
Re-arrange Dashboard Tabs for a Default View |
You can re-arrange the dashboard tabs so that you can set a default view. For example, you might want the IPS tab to be first (on the extreme left):
|
||
Display a different dashboard |
Click the tab for the desired dashboard, such as Summary, Firewall, or IPS. |
||
Show or hide widgets |
File > Show Widgets or File > Hide Widgets |
||
Add a widget |
Drag-and-Drop Method:
Menu Method:
|
||
Remove a widget |
Click the Remove icon in the title bar of the widget that you want to remove. |
||
Expand a widget |
If a widget is shown in the dashboard, you can expand it with the down arrow. The down arrow becomes visible when you hover the mouse pointer over the right side of the widget title bar. The tooltip for the down arrow is labeled "Expand."
|
||
Collapse a widget |
If a widget is shown in the dashboard, you can collapse it with the up arrow. The up arrow becomes visible when you hover the mouse pointer over the right side of the widget title bar. The tooltip for the up arrow is labeled "Expand" (not "Collapse"). |
||
Group by _____ (Device Health Summary widget only) |
A dropdown list offering you the following choices:
|
In the Dashboard, many of the icons can be clicked to accomplish a particular action, such as "Refresh" or "Add Dashboard." Most of these "clickable" icons have a tooltip to document the action that clicking the icon will accomplish, but a few do not. Clickable icons that have no tooltip in the dashboard are documented in the following table.
Icon |
Appearance |
Widget |
Description |
---|---|---|---|
Black exclamation point (bang) on a yellow background in a triangle. |
Deployment widget |
Deploying icon. Indicates that a job is in the deploying state. Click this icon to open/close the job description:
|
|
White rectangle (a document) with red and yellow dots. |
Deployment widget |
Status Report icon. Click this icon to see a detailed Deployment Status report |
|
White checkmark in a green circle with a grey border. |
Deployment widget |
Succeeded icon. Indicates that a job is in the success state. Click this icon to open/close the job description:
|
|
White "X" in a red circle with a grey border. |
Deployment widget |
Failed icon. Indicates that a job is in the failed state. Click this icon to open/close the job description:
|
|
Clipboard with a pencil making annotations on a sheet of paper. |
Device Health Summary widget |
Details icon. Click this icon to open/close the job description:
|