Cisco Secure Network Analytics

Cisco Secure Network Analytics

System Configuration Guide 7.4.0

Table of Contents

Introduction

6

Overview

6

Audience

6

Terminology

6

Abbreviations

7

Before You Begin

8

Installation Requirements

8

Hardware

8

Virtual Edition (VE) Appliances

8

Combined Deployment of Data Store 6200 and Virtual Edition (VE) Appliances 8

Configuration Details

9

Downloading Software

9

Licensing

9

TLS

9

Third Party Applications

9

Browsers

9

Host Name

10

Domain Name

10

NTP Server

10

Time Zone

10

1. Configuring Secure Network Analytics

11

Preparation

11

Secure Network Analytics with a Data Store

11

Appliance Setup Tool Requirements

11

Managed

11

Manager Failover

12

Best Practices

12

Appliance Configuration Order

13

? 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

-2-

1. Log In

15

2. Configure the Appliance

16

3. Register the Manager

20

4. Add Appliances to Central Management

21

5. Confirm Appliance Status

23

2. Finishing Appliance Configurations

25

UDP Director

27

Configuring Forwarding Rules

27

Configuring High Availability

28

Primary Node and Secondary Node

28

Requirements

29

1. Configure the Primary UDP Director High Availability

29

2. Configure the Secondary UDP Director High Availability

31

Flow Sensor

33

1. Configure the Application ID and Payload

33

2. Configure the Flow Sensor to Identify Applications (optional)

36

3. Restart the Appliance

37

3. Installing the Desktop Client

38

Install the Desktop Client Using Windows

39

Install the Desktop Client Using macOS

41

4. Verifying Communications

43

Verify NetFlow Data Collection

43

5. Licensing

46

Evaluation Mode

46

Defining a Manager Failover Relationship

48

Configuring Failover

48

Primary and Secondary Roles

48

Enabling the Threat Feed

50

License

50

Enable

50

? 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

-3-

Review Alarms and Security Events

50

Configuring SAML SSO

52

Support Details

52

1. Prepare for Configuration

52

2. Upload Certificates to the Trust Store

53

3. Configure the Service Provider

53

4. Enable SSO

55

5. Configure the Identity Provider

55

6. Add an SSO User

56

7. Test SAML Login

56

Troubleshooting

57

Getting Started with Secure Network Analytics

58

Overview

58

Managing Your Environment

58

Investigating Behavior

58

Responding To Threats

58

Central Management

60

Central Management and Appliance Administration Interface

60

Opening Central Management

61

Opening Appliance Admin

61

Opening Appliance Admin through Central Management

61

Opening Appliance Admin through Direct Login

61

Editing Appliance Configuration

61

Viewing Appliance Statistics

63

Removing an Appliance from Central Management

63

Adding an Appliance to Central Management

64

Enable/Disable SSH

65

Open SSH

65

Enable SSH

66

Disable SSH

66

? 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

-4-

Troubleshooting

67

Config Channel Down

67

Opening Appliance Administration Interface

67

Replacing the Appliance Identity

67

Changing the Host Name, Domain Name, or IP Address

68

Opening the Appliance Setup Tool

68

System Configuration Overview

69

Changing the Trusted Hosts

69

Creating a Diagnostic Pack

69

Resetting Factory Defaults

70

Changing the Flow Settings in a Flow Collector

71

RFD of a Flow Collector (Specical Instructions)

72

Enabling/Disabling Admin Users

72

Enabling or Disabling Password Reset

73

Resetting Passwords to Default Settings

73

Resetting the Admin Password on the Manager

73

Resetting Admin, Root, Sysadmin Passwords to Default

74

Changing Passwords

76

Changing the Sysadmin Password

76

Changing the Root Password

76

Changing the Admin Password on the Manager

76

Changing the Admin Password on All Other Appliances

77

Installing Patches and Updating Software

78

Contacting Support

79

? 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

-5-

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download