Presentation is loading. Please wait.

Presentation is loading. Please wait.

Classification 10/24/2015 Presenter Name Presenter Title Threat Discovery Appliance 2.0 Debug feature and troubleshooting.

Published bySusan Russell Modified over 9 years ago

Similar presentations

Presentation on theme: "Classification 10/24/2015 Presenter Name Presenter Title Threat Discovery Appliance 2.0 Debug feature and troubleshooting."— Presentation transcript:

1 Classification 10/24/2015 Presenter Name Presenter Title Threat Discovery Appliance 2.0 Debug feature and troubleshooting

2 Copyright 2007 - Trend Micro Inc. TDA main debug UI Please log in TDA web console and modify the URL to: https://[TDA_Management_IP]/html/rdqa.htm[TDA_Management_IP]/html/rdqa.htm

3 Copyright 2007 - Trend Micro Inc. Log Enable/Disable To enable/disable the detection logs

4 Copyright 2007 - Trend Micro Inc. Rule disable/enable Why? –TDA provide customized rule detection for customer/analyzer How? –URL: https://[TDA_Management_IP]/cgi-bin/cav_edit.cgihttps://[TDA_Management_IP]/cgi-bin/cav_edit.cgi It will ask you to logon TDA first to avoid non-authorized communication –Check  Mark as  Apply (TDA takes effect immediately) Note –Rule enable/disable setting will be overwritten after update Network Content Correlation Pattern

5 Copyright 2007 - Trend Micro Inc. Rule disable/enable (cont) Web console:

6 Copyright 2007 - Trend Micro Inc. Debug Log URL: https://[TDA_Management_IP]/cgi-bin/cgiSetDebugLog.cgi It will ask you to logon TDA first to avoid non-authorized communication Debug Level and Module Settings –Debug Level disable,0-fatal,1-error,2-warning,3-info,4-debug –Debug Module ID 1-cav, 3-fstream_serv, 4-mr_system_logger, 5-preconf, all Export Debug Log Debug Log Maintenance (Reset Debug Log) Note –debug log will rotate when it reaches size of 10 M bytes.

7 Copyright 2007 - Trend Micro Inc. Debug Log (cont) Web console:

8 Copyright 2007 - Trend Micro Inc. Kernel mode status Show TDA kernel status:

9 Copyright 2007 - Trend Micro Inc. ATOP A tool to show system performance

10 Copyright 2007 - Trend Micro Inc. PS Show TDA process status

11 Copyright 2007 - Trend Micro Inc. Trouble Shooting - 1 After TDA is deployed, check if TDA can “see” the traffic mirrored from the switch –Execute Putty to logon TDA and execute the command: #tcpdump –ni br0 You will find a lot of “traffic” shown on screen. => traffic copied to TDA

12 Copyright 2007 - Trend Micro Inc. Trouble Shooting - 2 Check if packet is not dropped when mirrored to TDA –https://[TDA_Management_IP]/htm/kmod_main.html –“conntrack_count” : concurrent connection including all TCP state –No packet dropped : “nr_corrupt” is 0 –No packet dropped : “ESTABLISHED” is almost equal to “conntrack_count”

13 Copyright 2007 - Trend Micro Inc. Trouble Shooting - 3 SYN_SENT: the number of TCP sessions that are in SYN_SENT state at the moment ESTABLISHED : the number of TCP sessions that are in ESTABLISHED state at the moment nr_corrupt : accumulated number of TCP sessions that are timed-out (60 seconds) in established state => numbers of sessions that had packet dropped clientserver Data communication 1:syn : SYN_SENT 2:synack : SYN_RECV 3:ack : ESTABLISHED

14 Copyright 2007 - Trend Micro Inc. Trouble Shooting - 4 A case that TDA is “seeing” packets, however, TCP sessions is not established maybe due to asymmetric routing of the network TDA can not scan such network traffic Customer should re-consider the position of TDA or use 2 ports for monitoring

15 Copyright 2007 - Trend Micro Inc. Known threat logging disable Why? –TDA can disable the log in database when it detects known threat (VSAPI, Network Virus) –Customer doesn’t want to see duplicate detection logs before the victim client is taken care of How? –URL: https://[TDA_Management_IP]/cgi-bin/cav_log.cgihttps://[TDA_Management_IP]/cgi-bin/cav_log.cgi It will ask you to logon TDA first to avoid non-authorized communication –Select VSAPI or Network Virus then save (TDA takes effect immediately)

16 Copyright 2007 - Trend Micro Inc. 2015/10/24 16 Classification Thank You

Download ppt "Classification 10/24/2015 Presenter Name Presenter Title Threat Discovery Appliance 2.0 Debug feature and troubleshooting."

Similar presentations

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
© 2003, Cisco Systems, Inc. All rights reserved..

© 2003, Cisco Systems, Inc. All rights reserved..
Altai Certification Training Operation & Maintenance

Altai Certification Training Operation & Maintenance
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Module Summary BGP has reliable transport provided by TCP, a rich set of metrics called BGP.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Module Summary BGP has reliable transport provided by TCP, a rich set of metrics called BGP.
Implementing a Highly Available Network

Implementing a Highly Available Network
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Content Switch. Introduction of content web switch.. Some content switch products in the market.. Design of a content switch.

Content Switch. Introduction of content web switch.. Some content switch products in the market.. Design of a content switch.
Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.

Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Network Forensics Networking Basics Collecting Network-Based Evidence (NBE) Collection of Packets using Tools Windows Intrusion UNIX Intrusion.

Network Forensics Networking Basics Collecting Network-Based Evidence (NBE) Collection of Packets using Tools Windows Intrusion UNIX Intrusion.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
PC and Server Protection with Trend Micro Worry Free Business Security Troubleshooting Client Server Connectivity Ian Thiele 1.

PC and Server Protection with Trend Micro Worry Free Business Security Troubleshooting Client Server Connectivity Ian Thiele 1.
1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.

IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
Intrusion Protection Mark Shtern. Protection systems Firewalls Intrusion detection and protection systems Honeypots System Auditing.

Intrusion Protection Mark Shtern. Protection systems Firewalls Intrusion detection and protection systems Honeypots System Auditing.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.

Similar presentations

Ads by Google