7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
1/210
PARTNUMBER: 005-0034 REV A1PUBLISHED: MARCH 2007
ALCATEL-LUCENT
26801 WEST AGOURA ROA D
CALABASAS, CA 91301 USA(818) 880-3500
WWW.ALCATEL-LUCENT.COM
OmniVista SafeGuardManager
Release 3.0
Administration Guide
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
2/210
OmniVista SafeGua rd Ma nager Ad ministration Guide2
Alcatel-Lucent Proprietary
Copyright 2007 Alcatel-Lucent. All rights reserved. This document may not be reproduced in wholeor in part without the expressed written permission Alcatel-Lucent. Alcatel-Lucent and the Alcatel-Lucent logo are registered trademarks of Alcatel-Lucent. All other trademarks are the property of theirrespective owners.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
3/210
OmniVista SafeGua rd Manag er Adm inistration Guide 3
Contents
Preface
Ab out This Guid e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Intend ed Aud ience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Guide Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Conve ntions Used in This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Rela ted Doc um enta tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Ad d itiona l Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Chapter 1: Getting StartedOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Gett ing Sta rted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Syste m Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Om niVista Sa feG ua rd Mana ger Clien t Req uirem ents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Sta rting the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Insta lling the Clien t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Logg ing In to the Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Na vig a tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Da shb oards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Menus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Page Ba r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Ac tion Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Viewing Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Mod ifying Your Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Ad d ing a Devic e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 2: Installa tion and Setup
Insta lling the Om niVista Sa feG ua rd M ana ger Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Upgrad ing the Om niVista Sa feG ua rd Mana ger Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Pre-Upgrade Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Uninsta lling the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Sta rting the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Shutt ing Down the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
http://-/?-http://-/?-7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
4/210
Contents
OmniVista SafeGua rd Ma nager Ad ministration Guide4
Insta lling the Om niVista Sa feG ua rd Mana ger Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Log ging into the Om niVista Sa feG ua rd Mana ger Clien t. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Connec ting Ove r Firew a ll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Chap ter 3: General Naviga tion
View ing Visua liza tion Tab les . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
View ing Tab le Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Naviga ting betwee n Differen t Tab le Views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Choosing Columns in a Tab le . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Sea rch ing and Sorting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Searching Tab le Da ta Loca lly. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Sorting Tab le Data Loc a lly. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Sea rching and Sorting Da ta in the Entire Data base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Exporting and Print ing Da ta . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Using the Sta tus Bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Chapter 4: Visualization
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Da shb oards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Sec urity Inc idents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
User Sessions with Inc idents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Netw ork Aw areness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Configuring Dashb oards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Defining Modules w ithin a Dashb oard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Defining Bars within a Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
View ing Visua liza tion Da ta . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
View ing Policy Inc idents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
View ing Ma lwa re Inc idents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Viewing Posture Inc idents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Viewing User Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
View ing Ap p lica tion Typ es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
View ing Ap p lica tion Insta nc es. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
View ing Ap p lica tion Flow s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Crea ting Policy Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
View ing Time -based Da ta . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Ad d itiona l Time -based Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94View ing Ac tive Data Ag a inst Histo rica l Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
5/210
OmniVista SafeGua rd Manag er Adm inistration Guide 5
Contents
Chap ter 5: Device Configuration
Mana ging Devic es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Checking a Devic e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Ad d ing a New Devic e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Configuring Devic e Ob jec ts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Ap p lica tion G roup s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Ap p lica tion Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Netw ork Zone s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
Polic ies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Role Deriva tions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
LDAP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Ed iting Devic e Ob jec ts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Ed iting Inte rfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Template s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Crea ting a New Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Importing Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Delet ing an Existing Devic e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136
Polling a Devic e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Sync hronizing a Devic e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Ma nua lly Sync hron izing a Devic e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Devic e Ac tions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Ma na ge Configura tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Mana ge Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
Reboot Devic e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Other Ac tions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Exec ute Show Command s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
ICS Admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Delete Visua liza tion Da ta . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Update Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Discard No n-te mp late Cha ng es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Und ersta nd ing De vice M ana geme nt Disp lay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Rec om mended Dev ice Ma na gem ent Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Chapter 6: Query and Reports
Query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Defining a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Sc heduling a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Generat ing a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
6/210
Contents
OmniVista SafeGua rd Ma nager Ad ministration Guide6
Chap ter 7: Managing the Server
User Authent ica tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Authe ntic a tion G uidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
User Ac counts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Ad d ing a New User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Ena b ling Dua l-Ad min or 4-Eye Mo de . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
File Rep osito ry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Client Sett ing s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182
Server Sett ing s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183
Sett ing Visua liza tion Filte rs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183
Exporting the Da ta base. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
Purging the Da ta base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Bac king Up the Da ta base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Resto ring the Da ta base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
Ma iling Ma lwa re a nd Rep ort No tifica tions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Period ic Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194Gene ral . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Chapter 8: Audit Logs and Statistics
Aud it Log s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Om niVista Sa feG uard M ana ger Log Me ssages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Devic e Hea lth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
View ing Devic e Hea lth Sta tistic s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Server Hea lth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
View ing Server Hea lth Sta tistic s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Index
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
7/210
Preface
In this prefac e:
Ab out This Guide
Conve ntions Used in This Guide
Related Docum entation
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
8/210
OmniVista SafeGua rd Ma nager Ad ministration Guide8
Preface
About This Guide
This guide describes the OmniVista SafeGuard Manager command center features,including how to use and navigate through different views. This guide also providesdetailed installation procedures for the server and client.
Intended Audience
The OmniVista SafeGuard Manager Administration Guide is for experienced networkadministrators who are responsible for installing, configuring, and maintaining theAlcatel-Lucent devices and OmniVista SafeGuard Manager command center.
Guide Overview
The information in this guide is separated into several chapters to make it easy for you tofind exactly what you are looking for.
Chapter Description
Cha p ter 1, Ge tting Started Prov ides insta lla tion p roced ures and a b rief ove rviewof the key fea tures of the Om niVista Sa feGuardManag er com ma nd center.
Cha p ter 2, Insta lla tion andSetup
Provid es deta iled insta lla tion a nd setup instructions.
Chap ter 3, GeneralNavigation
Desc ribes d ifferent na viga tion technique s suc h as,search and sorting.
Cha pter 4, Visua liza tion Desc ribes the c onfiguration o f da shboa rds and thechec king o f user ac tivity, hea lth of the ho st system ,violation histories, and other netw ork ac tivity.
Cha pte r 5, DeviceConfiguration
Provides instructions for co nfiguring d evic e ob jec tsand temp late s.
Cha pte r 6, Que ry and Rep orts Desc ribes the c rea tion, printing, and viewing o frep orts on netw ork tra ffic and inc idents.
Chap ter 7, Mana ging theServer
Desc ribes c lient sett ings, user ac c ounts, and userauthentication. Additionally, it describes serversett ings: how to restore, purge , or bac k up theda taba se a nd set up the Om niVista Sa feGua rd
Ma nage r ma iler so e ma il notific ations can be senton Malwa re e vents and rep orts.
Cha pte r 8, Audit Log s andSta tistic s
Provides aud it log informa tion a nd d evice andserver health and statistics.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
9/210
OmniVista SafeGua rd Manag er Adm inistration Guide 9
Preface
Conventions Used in This Guide
This document uses the following conventions:
Italic Ita lic s a re used the first time a g lossary term is introd uc ed ,
for the titles of b oo ks, and for menu items.
Bulle te d lists Bulle te d lists d esig na te ite ms o f e qua l im po rta nc e.
1 Num be re d lists Num be re d lists d esig na te a sp ec ific se que nc e of ste psreq uired to c omp lete a p roc ed ure.
Boldfac e type Boldfa c e typ e is used for button na me s.
Code Cod e exce rpts and co mm and line seq uenc es areshow n in this type fac e.
Ellipsis.... Is used in cod e a nd a rgum ent syntax to ind ica te tha tinco nseq uent ial informa tion is not show n.
NOTE: Means readers pay special attention to the information. Notes containhelpful suggestions or references to materials covered in the guide.
CAUTION: Informs users to be careful of situation described inCautions. In this situation, you could do something that could resultin deletion of information or damage of equipment.
WARNING: Informs users of safety conditions. In this situation, youcould do something that could result in bodily injury or electricshock.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
10/210
OmniVista SafeGuard Ma nag er Ad ministration Guide10
Preface
Related Doc umentation
OmniAccess SafeGuard Controller Installation Guide
Describes the OmniAccess SafeGuard Controller. The guide provides detailedinstallation instructions and technical specifications for the OmniAccessSafeGuard Controller.
OmniAccess SafeGuard OS Administration Guide
Provides concepts and configuration instructions for the major features ofOmniAccess SafeGuard OS and its supported products, which includes End PointValidation (EPV) the integral component for using ICS.
ICS Dissolvable Agent for SafeGuard Administration Guide
Describes how to configure the Integrity Clientless Security (ICS) module of theAlcatel-Lucent Network Admission Control (NAC).
Additional Resources
Alcatel-Lucent publishes documents for Alcatel-Lucent customers at:www.Alcatel-Lucent.com
http://www.alcatel-lucent.com/http://www.alcatel-lucent.com/7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
11/210
chap te r
1 Getting Started
This sec tion inc lude s the follo wing :
Overview
Key Features
Getting Sta rted
Navigation
View ing Tips
Modifying Your Password
Add ing a Devic e
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
12/210
OmniVista SafeGua rd Ma nager Ad ministration Guide12
Chapter 1: Getting Started
Overview
The OmniVista SafeGuard Manager command center provides centralized and easy-to-use management of one or more Alcatel-Lucent devices, enabling network administratorsto perform basic configuration, management, and monitoring of several devices in a
single interface. OmniVista SafeGuard Manager provides the foundation for gainingusage awareness and flagging network security incidents by users; it also enables globalpolicy configuration with the ability to take real-time action from the control panel.Powerful predefined reports provide clear views on enterprise network health and useractions.
Unlike traditional network management systems that report at the MAC or IP level,OmniVista SafeGuard Manager maps events to the network users. A user is identified bythe SafeGuard Controller enforcement devices during the authentication phase. This userID is then bound to the MAC and IP addresses of the computer, such that, that any futurecommunication from that machine is bound to the user ID. This allows an administratorto identify any user incidents or identify the location of the violating machine.
User-based features combined with drillable data navigation enable OmniVistaSafeGuard Manager to communicate business information simply at a top level, yet thedetails are only a click away. This real-time correlation of network incident or awarenessevents to the user saves hours of manual association and custom scripting.
OmniVista SafeGuard Manager 3.0 supports the following:
Devices: OAG 1000, OAG 2400, OAG 4048x
SafeGuard platform: SafeGuard software release 3.0
Key Features
The OmniVista SafeGuard Manager command center Release 3.0 supports the followingfeatures:
Device ConfigurationAllows you to manage devices with detailed views ofdevices and physical ports. Also keeps your network under a single managementsystem allowing you to select actions on the canned policies and push down todevices.
User AuthenticationIn addition to local database authentication, OmniVistaSafeGuard Manager users can be authenticated using an external RADIUS server.
Visualization FiltersAllows you to set up visualization filters such that you canselectively view events based on VLAN ID, application type, or user role.
VLAN FiltersAllows you set up visualization filters based on VLAN IDs.
Drillable Database QueryAllows you to execute pre-defined and customqueries.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
13/210
OmniVista SafeGua rd Manag er Adm inistration Guide 13
Chapter 1: Getting Started
Policy Creation Using FlowsAllows you to create policy filters from dataavailable in an application flow.
CSV/HTML Report GeneratorAllows you to create customized reports withserver-side Scheduler; these reports can be e-mailed and printed easily.
Real-time Incident DashboardDisplays total number of users, authenticatedand unauthenticated, device health, and policy, posture, and malware incidents.Also displays incidents for unauthenticated users and top user roles withincidents/incident counts. Administrators can remove offending machines off thenetwork and revoke user privileges by de-authenticating users.
Real-time User Incident DashboardDisplays authentication failures by users,users with policy, posture, and malware incidents, and top user roles withincidents.
Real-time Awareness DashboardDisplays top 10 user sessions by bandwidth,top 10 destinations, top 10 Web Sites, top 10 applications by flow count, bottom 10applications by flow count, or top 10 applications by bandwidth.
Audit LogsProvides logs that indicate who did what and when and on whichdevice. These logs are for user and device operations and can be helpful forauditing purposes.
Device and Server HealthAllows you to collect, view, and store statisticsrelating to device or server health. These statistics are helpful in analyzing eachdevices performance and its current connections.
Software UpgradeAllows you to upgrade the software version on the device.
File DistributionAllows you to manage files in a repository and distribute asnecessary.
RebootThis feature allows you to reboot the selected device(s).
Online HelpThe online help feature is available using the F1 function key.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
14/210
OmniVista SafeGua rd Ma nager Ad ministration Guide14
Chapter 1: Getting Started
Getting Started
The OmniVista SafeGuard Manager command center has client and server components.The server runs on a Windows server system, and the client runs on a Windows clientsystem using Internet Explorer. The client can be deployed directly from the server using
the Java Web Start technology.
To quickly get started with OmniVista SafeGuard Manager, you need the following:
System Requirements
OmniVista SafeGuard Manager Client Requirements
Starting the Server
Starting the Server
Installing the Client
Logging In to the Client Dashboards
Menus
Adding a Device
System Req uirements
The following requirements are for OmniVista SafeGuard Manager server installation.The software installation enforces these requirements, and exits you out of theinstallation if the minimum requirements are not met. For more installation information,see Installing the OmniVista SafeGuard Manager Server.
2-GB RAM
60-GB free disk space
Microsoft Windows Server 2003 (Enterprise, Standard, or Web Edition)
NOTE: The disk space is allocated as 5GB for installation and 55GB fordata. Installation needs to be performed using the C drive and thisdrive should have a minimum of 5GB free space; however, data can besaved to the D drive that should have a minimum of 55GB space.
NOTE: Microsoft Windows Server 2003 should have SP1 installed.Alcatel-Lucent supports 32 bit versions only.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
15/210
OmniVista SafeGua rd Manag er Adm inistration Guide 15
Chapter 1: Getting Started
2.8-GHz processor speed
2 processors
OmniVista SafeGuard Manager Client Requirements
The OmniVista SafeGuard Manager client can be run on most Windows systems.Minimum requirements are:
One of the following Windows platforms:
Microsoft Windows Server 2000
Microsoft Windows Server 2003 (Enterprise or Standard)
Microsoft Windows XP Professional
2.8-GHz single CPU
512-MB RAM
2-GB hard disk
Internet Explorer 6.0 or higher
Screen resolution of 1024 x 768 pixels
Internet connectivity to install Java Web Start
NOTE: The appliance that ships from Alcatel-Lucent meets all theserequirements.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
16/210
OmniVista SafeGua rd Ma nager Ad ministration Guide16
Chapter 1: Getting Started
Starting the Server
When you boot up the OmniVista SafeGuard Manager appliance, the OmniVistaSafeGuard Manager server is started automatically. However, if you upgraded thesoftware version or re-installed the software, you must manually start the server. Formore information on installing, upgrading, or uninstalling, see Installation and Setup.
To manually start the server:
1 Use the Windows shortcut from the Start menu, Programs > OmniVista SafeGuardManager > Start Server.
A GUI window displays. This window performs checks to verify that all portsneeded for the server are available, starts all the server components as Windowsservices, and informs you when the server is ready.
2 Click OK to close the window.
The OmniVista SafeGuard Manager server runs in the background. If you now
reboot the system, the server should come up automatically.
Installing the Client
The OmniVista SafeGuard Manager client is based on Java Web Start technology,allowing you to install the client automatically with a single click over the network. Formore information on client installation, see Installation and Setup.
To install the client:
1 Launch Internet Explorer.
2 Access the OmniVista SafeGuard Manager system by typing the following URL:
http://
If the client does not have Java Web Start already installed, you are prompted toinstall Java Runtime Environment (JRE). Follow the on-screen prompts using thedefault options to install JRE. Java Web Start is included with JRE.
After Java Web Start is installed, the OmniVista SafeGuard Manager client code isdownloaded and installed. Java Web Start displays a dialog box informing you
NOTE: The automatic installation of JRE requires ActiveX controls to beenabled on your Internet Explorer. If ActiveX controls are not enabled, adownload Java Web Start link displays. Internet Explorer also alerts you if
ActiveX controls are not enabled and gives you an option to enable ActiveXcontrols. You can choose to enable ActiveX controls for automatic installationof Java Web Start, or you can download JRE version 1.5.0 by going to thedownload link. If you manually install Java Web Start, repeat Step 2.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
17/210
OmniVista SafeGua rd Manag er Adm inistration Guide 17
Chapter 1: Getting Started
that the application is authored by Alcatel-Lucent and needs some privileges onyour client system (Figure 1).
Figure 1 Sec urity Warning
3 Click Start. A prompt appears asking if you want to create a shortcut on thedesktop.
4 Select Yes to create a shortcut. If you select No, you can still launch the client
using the URL from Step 2.The client launches. See Logging In to the Client for information on loggingprocedures.
NOTE: Every time the OmniVista SafeGuard Manager client is launched, itcompares its version with the OmniVista SafeGuard Manager server. If theclient version is different than that of the server, the client automaticallyupdates itself from the new version of the server.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
18/210
OmniVista SafeGua rd Ma nager Ad ministration Guide18
Chapter 1: Getting Started
Logging In to the Client
To log in to the client:
1 Launch the client using either of the following methods:
Double-click on the shortcut that was created on your desktop when you firstinstalled the client.
Invoke from Internet Explorer by typing the URL (http://ip-address-of-OmniVistaSafeGuardManager-server).
Launch from the start menu using start menu > OmniVista SafeGuardManager > Client
The Login screen appears (Figure 2).
Figure 2 OmniVista SafeGuard Manager Client Login Sc reen
2 In the Username field, type admin as the default user.
3 In the Password field, type password.
NOTE: If you are launching the client from the server for the firsttime, you might be prompted to install certain applications. SeeInstalling the Client for more information.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
19/210
OmniVista SafeGua rd Manag er Adm inistration Guide 19
Chapter 1: Getting Started
4 Click Login. If you are logging in for the first time to the OmniVista SafeGuardManager server, the Alcatel-Lucent License Agreement will be displayed. Youmust accept it to use OmniVista SafeGuard Manager.
The client is successfully launched, and the OmniVista SafeGuard Managercommand center panel displays (Figure 3).
Figure 3 OmniVista SafeGuard Manager Dashboard
NOTE: The license agreement is a one-time acknowledgement foreach server and is not displayed for this client or any other client orthis server.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
20/210
OmniVista SafeGua rd Ma nager Ad ministration Guide20
Chapter 1: Getting Started
Navigation
When you log into the OmniVista SafeGuard Manager command center, a navigationpanel displays that allows you to access the various features by simply clicking a buttonor using a menu item. You can navigate the OmniVista SafeGuard Manager command
center using the following:
Dashboards
Menu Bar
Page Bar
Action Bar
Figure 4 OmniVista SafeGuard Manager Navigation Elements
Dashboards
The OmniVista SafeGuard Manager command center has three dashboards that provide ahigh-level network summary. These dashboards can be used to further investigate either
actionable user incidents or informational and user traffic patterns. For more informationon how to use the visualization features of the dashboard, see Visualization. The threedashboards are:
IncidentsDisplays total number of users, authenticated and unauthenticated,device health, and policy, posture, and malware incidents. Administrators canremove offending machines off the network and revoke user privileges by de-authenticating users.
User IncidentsDisplays authentication failures by users, users with policy,posture, and malware incidents, and top user roles with incidents.
Network AwarenessDisplays various application usage patterns and statisticsfor active users, such as top 10 user sessions by bandwidth, top 10 user sessionswith most blocked incidents, top 10 destinations, top 10 Web Sites, and so forth.The modules are automatically refreshed every 5 minutes.
Menu Bar
Page Bar
Action Bar
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
21/210
OmniVista SafeGua rd Manag er Adm inistration Guide 21
Chapter 1: Getting Started
Menus
You can access the OmniVista SafeGuard Manager features by selecting menu commandsthat are located in the menu bar, which is the toolbar located at the top of the screen(Figure 4).
Page Bar
The OmniVista SafeGuard Manager Page Bar icons allow you to access the variousfeatures of OmniVista SafeGuard Manager while retaining the context as much aspossible. The Page Bar icons provide a quick single-click action that is synonymous withthe menu items:
Table 1 Navigating within OmniVista SafeGuard Manager
Pag e Bar
IconMenu Seque nce
Key
SequenceDisplays View Desc ription
View > G o To >Dashboard
C trl + 0 Da shb o ard s Disp la ys Inc id ents, Use r Inc id e nts,and Globa l Awarenessdashboards.
View > G o To >Policy Incidents
Ctrl + 1 Polic yIncidents
Disp lays a ll po lic y inc idents.
View > G o To >Ma lwa re Incidents
Ctrl + 2 Ma lwareIncidents
Disp lays a ll ma lwa re incidents.
View > G o To >
Posture Inc idents
Ctrl + 3 Posture
Incidents
Disp lays all posture Inc ide nts.
View > G o To >Users
Ctrl + 4 Users Disp lays network ac tivity per user.
View > G o To >Applications
C trl + 5 Ap p lic a tio ns Disp la ys ne tw ork a c tivity p erapplication.
View > G o To >ApplicationInstances
Ctrl + 6 App lic a tionInstances
Disp lays the user ba ndwidthusage for ea ch user, ap plica tiontype , destination po rt, anddestination IP address.
View > G o To >Ap plic at ion Flows
Ctrl + 7 App lic a tionFlows
Disp lays app lica tion flows for a llapplication.
View > G o To >Reports
Ctrl + 9 Reports Allows you to c rea te and viewrep orts on netwo rk tra fficpa tterns and a nom alies.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
22/210
OmniVista SafeGua rd Ma nager Ad ministration Guide22
Chapter 1: Getting Started
When you click on any of the Page Bar icons, a table view is displayed that shows the
Navigation Tree on the left-side, the contents in the upper-half of the screen and detailsfor the selected object in the lower-half of the screen. The Navigation Tree and the ActionBar change based on the action task selected in the Page Bar.
Ac tion Bar
The Action Bar allows you to access commands, as you need them, by a simple click of abutton.
To use the Action Bar, do any of the following:
To choose a command from the bar, click the command button orActions >command
To view what a command does, position the mouse over the command button tosee its tooltip.
To close the Action Bar, choose View > Toolbars > Actions.
View > G o To >ConfigManagement
Shift + 1 ConfigManagement
Enab les you to ma nag e Alca tel-Lucent device s, view inventory,and pe rform m inima lco nfiguration o f the d evic esystem and ports.
View > G o To >Aud it Log s
Shift + 2 Aud it Log s Disp la ys log entries tha t a rerelevant for auditing purposes.
View > G o To >Sta tistic s
Shift + 3 Sta tistic s Disp la ys d evic e a nd server hea lthsta tistic s.
Table 1 Navigating within OmniVista SafeGuard Manager (continued)
Pag e BarIcon
Menu Seque nceKeySequence
Displays View Desc ription
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
23/210
OmniVista SafeGua rd Manag er Adm inistration Guide 23
Chapter 1: Getting Started
Viewing Tips
The following tips expedite your navigation through the OmniVista SafeGuard ManagerManager panels and windows:
Buttons in the Action Bar are used to execute actions. Select a row and then clickthe action button. If an action is not applicable for the selected row, thecorresponding button is disabled.
In the table views, some information about the table size is displayed above thetable (the number of rows) and the alarm and infection status is displayed in thestatus bar below the table.
You can search the data from the visualization database using filters. To viewfilters, click Find in the Action Bar. A free-form search field is displayed whereyou can type keywords to search data displayed in table views. To search the datafrom the database, click Database Search. A new search and sort header opens atthe top of the table header. Click on the search bar of the column to specify the
filtering criteria for that column. Click on the sort bar for the column to specify thesort criteria for that column. You can select multi-column sort order. After youhave finished setting filters for one or more columns, click Refresh to see the newresults. To clear all filters, click Clear. For more information on how to use thesearch and sort features, see General Navigation.
Select a row to view detailed information on the selected row.
Right-click on a row to display applicable actions.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
24/210
OmniVista SafeGua rd Ma nager Ad ministration Guide24
Chapter 1: Getting Started
Modifying Your Password
The Account Management feature of OmniVista SafeGuard Manager allows anadministrator to perform basic modifications to user accounts, such as adding users,changing passwords, and configuring dual-admin.
To modify your password:
1 Select Tools > OmniVista SafeGuard Manager Users > User Accounts... The AccountManagement window (Figure 5) displays.
Figure 5 Account Management Window
2 Select one of the following Admin Login Setting:
Standardrequires a single login and password
Dual-adminrequires two logins and passwords
3 Click Apply to apply the login setting.
4 Select the admin user and click Modify to change the password for the adminuser. The Modify User Account dialog box (Figure 6) displays.
NOTE: The Enabled checkbox shows the status of the user account.This is used to indicate whether the user can log in or not. For all useraccounts, except admin, when an authentication method is changedfrom Radius to local, the account is set to disabled. The accountremains in a disabled state until the administrator resets the passwordfor the account.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
25/210
OmniVista SafeGua rd Manag er Adm inistration Guide 25
Chapter 1: Getting Started
Figure 6 Modify User Acc ount Dialog Box
5 Modify the password, as needed, and click Modify Password.
6 Click Modify Account if you are changing the admin role or user information.
Add ing a Device
Before you can visualize any data, you need to add a device. For more information ondevice management, see Device Configuration.
To add a single device:
1 Select the Device Configuration icon from the Page Bar or select the View > Go To >Config Management menu item.
2 Click the New icon from the Action Bar.
3 Select Single Device. The New Device (Figure 7) dialog box displays.
NOTE: For more information on adding a new user or the differenttypes of user roles, see User Accounts.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
26/210
OmniVista SafeGua rd Ma nager Ad ministration Guide26
Chapter 1: Getting Started
Figure 7 New Device Dialog Box
4 Enter the following device attributes:
Table 2 Add Device Attributes
Attribute Desc rip tion
IP Address The Management IP address of the devic e.
SNMP Comm unityString (Rea d)
Simp le Network Ma nage ment Proto col (SNMP) rea dco mm unity name tha t wa s c onfigured when the
devic e w as initially set up .
SNMP Comm unity(Read/Write)
SNMP rea d/ write c omm unity name that w asconfigured whe n the d evice wa s initially set up .
Name Devic e name.
Region Name of the region in which the devic e is loc a ted .
Build ing Name of the build ing in whic h the devic e is loca ted .
Enable ApplicationFlow Collection
Clic k this box if you wa nt to c ollec t ap plica tion flowdata.
Associated Template Select a template f rom the pull-down l ist that you
wa nt to a ssoc iate w ith the device. For moreinformation on templates, see Tem plates.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
27/210
OmniVista SafeGua rd Manag er Adm inistration Guide 27
Chapter 1: Getting Started
5 Click OK to add the device. The add process reads the system configuration andthe list of outstanding visualization events from the device using a combination ofSNMP and Alcatel-Lucent proprietary OmniVista SafeGuard ManagerVisualization Channel.
The device displays in the All Devices panel and the device objects display in theDevice Hierarchy navigation tree.
To add multiple devices:
1 Select the Device Configuration icon from the Page Bar or select the View > Go To >Config Management menu item.
2 Click the New icon from the Action Bar.
3 Select Multi Device. The Create Devices (Figure 8) dialog box displays. You canpopulate this table using either the Import From File or the Add Entry option.
Figure 8 Add Multip le Devices
NOTE: Make sure that the attributes are specified correctly; otherwise,adding a device fails producing one of the following error messages,Device unreachable, or Device is not a Alcatel-Lucent device, or Unableto communicate with IP Address.
NOTE: The device periodically ages out the visualization data; therefore,some of the events may be lost by the time you add the device.
NOTE: The device must be reachable with appropriate communitystrings for the device to be added.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
28/210
OmniVista SafeGua rd Ma nager Ad ministration Guide28
Chapter 1: Getting Started
4 Click Import From File to import a list of devices written in a specific format. Forexample:
#########################################################################
Name: Device List File #Purpose: For bulk device addition into OmniVista
SafeGuard Manager Syntax of each line: #
ip,read,readwrite,name,region,building,enable-flow-collection-in-true-
false # # Example: 172.16.3.125,public,private,controller,R1,B1,true
#########################################################################
172.16.3.125,public,private,controller,R1,B1,true
172.16.1.53,public,private,switch,R1,B2,true
5 Click Add Entry to add another entry in the table. This can be used to create a list.
6 The following device attributes are displayed:
7 Click Clear Entries to clear all entries from the table.
8 Click Execute. The server schedules and processes each entry and providesfeedback and action detail in the Action Status column.
Table 3 Add Device Attributes
Attribute Desc rip tion
Se le ct De vic e Se le ct the Se le ct De vic e c he ckb ox to se le ct a lldevices in the list.
Device Show the devic e name with its IP address.
IP Address The Management IP address of the devic e.
SNMP Comm unityString (Rea d)
Simp le Network Ma nage ment Proto col (SNMP) rea dco mm unity name tha t wa s c onfigured when thedevic e w as initially set up .
SNMP Comm unity(Read/Write)
SNMP rea d/ write c omm unity name that w asconfigured whe n the d evice wa s initially set up .
Devic e Name Devic e name.Ac tion Sta tus Sta tus of the ac tion you selec ted .
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
29/210
chap te r
2 Installation and Setup
This sec tion inc lude s the follo wing :
Insta lling the O mniVista Sa feG ua rd Ma na ger Server
Upgrad ing the OmniVista Sa feGua rd M anage r Server
Uninsta lling the Server
Sta rting the Server
Shutt ing Down the Server
Insta lling the Om niVista Sa feGua rd Ma nage r Client
Insta lling the Om niVista Sa feGua rd Ma nage r Client
Log g ing into the O mniVista Sa feGuard M anage r Client
Connecting Over Firewall
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
30/210
OmniVista SafeGua rd Ma nager Ad ministration Guide30
Chapter 2: Installation and Setup
Installing the OmniVista SafeGuard Manager Server
To install the OmniVista SafeGuard Manager server:
1 Double-click the executable file (omnivista-safeguard-.exe).
The Installation Wizard prepares Java Virtual Machine (JVM) and initializes theinstallation wizard. This could take a few seconds.
After the initialization process is completed, the Welcome screen displays(Figure 9).
Figure 9 Installation Welcome Screen
2 Click Next. The Alcatel-Lucent license agreement displays (Figure 10).
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
31/210
OmniVista SafeGua rd Manag er Adm inistration Guide 31
Chapter 2: Installation and Setup
Figure 10 Alca tel-Lucent License Ag reem ent
3 Accept the licensing terms and click Next.
4 The Directory Location screen displays (Figure 11).
Figure 11 OmniVista SafeGua rd Manag er Alca tel-Lucent Installation Direc toryLocation
5 Accept the default location to which the installation files will be downloaded forthe Install Location, or click Browse to choose a different directory. The defaultlocation is C:\Alcatel-Lucent\OmniVistaSafeGuardManager. Specify a datadirectory where all application, application flow, and visualization data is saved.The data directory allows you to save data when you uninstall or upgrade to anewer version of OmniVista SafeGuard Manager.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
32/210
OmniVista SafeGua rd Ma nager Ad ministration Guide32
Chapter 2: Installation and Setup
6 If a previous version of OmniVista SafeGuard Manager already exists on yoursystem, a warning is displayed and you are given an option to exit theinstallation.
7 Click Exit Installation to quit the installation process. Uninstall OmniVistaSafeGuard Manager and then re-install.
8 If a previous version is not installed, click Next. The Summary screen displaysgiving you a summary of where the installation files will be downloaded and thesize of the files for the server and client installation.
Figure 12 Installation Summ ary
9 Click Next. The installation process begins. You can see the progress bar as thefiles are downloaded. A console window displays informing you of services anddatabase being started.
10 After installation is completed, the OmniVista SafeGuard Manager SuccessfullyInstalled screen displays. Click Finish.
OmniVista SafeGuard Manager server and client are now installed on yoursystem. The server is installed as a Windows service. An icon for the OmniVistaSafeGuard Manager client is created on your desktop.
11 Server start screen displays asking if you want to start the server. Click Yes torestart the server.
Figure 13 Server Start
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
33/210
OmniVista SafeGua rd Manag er Adm inistration Guide 33
Chapter 2: Installation and Setup
Upgrading the Om niVista SafeGuard Manager Server
When the appliance is shipped from Alcatel-Lucent it comes pre-installed withOmniVista SafeGuard Manager. You need to uninstall OmniVista SafeGuard Managerand then re-install to upgrade. For more information on installing, upgrading, and
uninstalling the server, see Installation and Setup.
Pre-Upgrad e Tasks
When upgrading the OmniVista SafeGuard Manager server from version 2.x to 3.0, 2.xdata is not upgraded. Before performing an uninstall, administrators must export thedevice data using the following procedure, this will help them import back all thepreviously added devices:
1 Execute cimExportData.bat. This creates a file called devices.txt under theC:\Alcatel-Lucent\OmniVistaSafeGuardManager|ExportData directory.
2 Uninstall the older version of the OmniVista SafeGuard Manager server.
3 Install the newer version of the OmniVista SafeGuard Manager server.
4 Import all devices through using the Add Multiple Devices > Import from Fileoption. For more information, seeAdding Multiple Devices.
To upgrade the OmniVista SafeGuard Manager command center to the latest release:
1 Log in to the system using the administrator account.
2 Uninstall the existing version using the Windows shortcut from the Start menu,Programs > OmniVista SafeGuard Manager > Uninstall > Uninstall OmniVistaSafeGuard Manager.
3 Follow the on-screen prompts using default options.
4 Reboot the system when the uninstallation is completed.
5 After the system is rebooted, double-click on the installation package (omnivista-safeguard-.exe) available on the installation CD.
WARNING: When you upgrade the OmniVista SafeGuard Manager server,the existing database and reports are overwritten. Make sure that you makea backup copy of the database and the reports.
NOTE: To uninstall or upgrade software, you must haveadministrator-level privileges. Make sure you log in using the useraccount that is set up with these privileges.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
34/210
OmniVista SafeGua rd Ma nager Ad ministration Guide34
Chapter 2: Installation and Setup
6 Follow the on-screen prompts using default options.
7 After the installation is completed, you have to start the OmniVista SafeGuardManager server. For more information on starting the server, see Starting theServer.
Uninstalling the Server
To uninstall the server:
1 From the Start menu, click Programs > OmniVista SafeGuard Manager > Uninstall >Uninstall OmniVista SafeGuard Manager. The Welcome screen displays (Figure 14).
Figure 14 Uninstallation Welc om e Sc reen
2 Click Next. A summary information window displays with directory locationinformation.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
35/210
OmniVista SafeGua rd Manag er Adm inistration Guide 35
Chapter 2: Installation and Setup
Figure 15 Uninstallation Summ ary
3 Install asks you if you want to delete backup and data directories. Select No if youwant to save the data.
Figure 16 Delete Data Direc tory
4 Follow the on-screen prompts to uninstall the server. The uninstall wizard stops
the server and database, cleans the log files and begins the uninstallation process.The status is displayed in a console window.
The uninstall process completes and a OmniVista SafeGuard Managersuccessfully uninstalled window is displayed.
5 Click Next. Uninstall will ask you to restart the system.
6 Select the restart option and click Finish to complete the uninstall. All associatedfiles and shortcuts are removed from your system.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
36/210
OmniVista SafeGua rd Ma nager Ad ministration Guide36
Chapter 2: Installation and Setup
Starting the Server
When you boot up the OmniVista SafeGuard Manager appliance, the OmniVistaSafeGuard Manager server is started automatically. However, if you upgraded thesoftware version or re-installed the software, you must manually start the server.
To manually start the server:
1 Use the Windows shortcut from the Start menu, Programs > OmniVista SafeGuardManager > Start Server. A GUI window displays. This window performs checks toverify that all ports needed for the server are available, starts all the servercomponents as Windows services, and informs you when the server is ready.
2 Click OK to close the window.
The OmniVista SafeGuard Manager server runs in the background. If you now reboot thesystem, the server should come up automatically.
Shutting Down the Server
To shut down the server:
1 From the Start menu, click Programs > OmniVista SafeGuard Manager > Stop Server.The OmniVista SafeGuard Manager server is stopped along with the Windowsservices.
NOTE: When you shut down the OmniVista SafeGuard Manager appliance,
the OmniVista SafeGuard Manager server is stopped automatically.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
37/210
OmniVista SafeGua rd Manag er Adm inistration Guide 37
Chapter 2: Installation and Setup
Installing the OmniVista SafeGuard Manager Client
The OmniVista SafeGuard Manager client is based on Java Web Start technology,allowing you to install the client automatically over the network with a single click.
To install the client:
1 Launch Internet Explorer.
2 Access the OmniVista SafeGuard Manager system by typing the following URL:
http://
If the client does not have Java Web Start already installed, you are prompted toinstall Java Runtime Environment (JRE). Follow the on-screen prompts using thedefault options to install JRE. Java Web Start is included with JRE.
After Java Web Start is installed, the OmniVista SafeGuard Manager client code isdownloaded and installed when you access the OmniVista SafeGuard Managerserver (Step 2).
Java Web Start displays a dialog box informing you that the application isauthored by Alcatel-Lucent and needs some privileges on your client system.
NOTE: If the client machine has a JRE version that is earlier than 1.5, then theclient is automatically upgraded to JRE 1.5.
NOTE: Currently, only Internet Explorer version 6.0 or higher is supported.
NOTE: The automatic installation of JRE requires ActiveX controls to beenabled on your Internet Explorer. If ActiveX controls are not enabled, adownload Java Web Start link displays. Internet Explorer also alerts you if
ActiveX controls are not enabled and gives you an option to enable ActiveXcontrols. You can choose to enable ActiveX controls for automatic installationof Java Web Start, or you can download JRE version 1.5.0 by going to thedownload link. If you manually install Java Web Start, repeat Step 2.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
38/210
OmniVista SafeGua rd Ma nager Ad ministration Guide38
Chapter 2: Installation and Setup
Figure 17 Sec urity Warning
3 Click Start. A prompt appears asking if you want to create a shortcut on thedesktop.
4 Select Yes to create a shortcut. If you select No, you can still launch the clientusing the URL from Step 2.
The client launches. See Logging into the OmniVista SafeGuard Manager Clientfor information on logging in procedures.
NOTE: Every time the OmniVista SafeGuard Manager client islaunched, it compares its version with the OmniVista SafeGuardManager server. If the client version is different than that of the server,the client automatically updates itself with the new version of theserver.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
39/210
OmniVista SafeGua rd Manag er Adm inistration Guide 39
Chapter 2: Installation and Setup
Logging into the OmniVista SafeGuard Manager Client
To log into the client:
1 Launch the client using either of the following methods:
Double-clicking on the shortcut that was created on your desktop when youfirst installed the client.
Invoking from the Internet Explorer by typing the URL (http://ip-address-of-OmniVistaSafeGuardManager-server).
The Login screen displays (Figure 18).
Figure 18 OmniVista SafeGuard Manag er Client Log in Sc reen
2 In the Username field, type admin as the default user.
3 In the Password field, type password.
NOTE: If you are launching the client from the server for the firsttime, you might be prompted to install certain applications. SeeInstalling the OmniVista SafeGuard Manager Client for moreinformation.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
40/210
OmniVista SafeGua rd Ma nager Ad ministration Guide40
Chapter 2: Installation and Setup
4 Click Login. If you are logging in for the first time to the OmniVista SafeGuardManager server, the Alcatel-Lucent License Agreement displays. You must acceptit to use OmniVista SafeGuard Manager.
The client is launched and the dashboard is displayed (Figure 19).
Figure 19 OmniVista SafeGuard Mana ger Client - Dashboa rd
NOTE: The Alcatel-Lucent license agreement is a one-timeacknowledgement for each server and is not displayed for this clientor any other client or this server.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
41/210
OmniVista SafeGua rd Manag er Adm inistration Guide 41
Chapter 2: Installation and Setup
Connec ting Over Firewall
If a firewall exists between the OmniVista SafeGuard Manager client and the OmniVistaSafeGuard Manager server, or between the OmniVista SafeGuard Manager server and theSafeGuard OS device, certain ports must be opened for successful deployment. Table 4
gives the number of ports that must be open:
Table 4 Ports that must be op en for succ essful deployment
When c onnec ting... Ports that need to be open...
Between the OmniVistaSafeG uard Manag erserver and c lient
TCP 80
TCP 1099
TCP 8003
TCP 8004
TCP 8011
Between the OmniVistaSafeG uard Manag erserver and the SafeGuardOS device
UDP 161
TCP 16001
TCP 16002
TCP 16005
UDP 69
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
42/210
OmniVista SafeGua rd Ma nager Ad ministration Guide42
Chapter 2: Installation and Setup
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
43/210
chap te r
3 General Navigation
This sec tion inc lude s the follo wing :
Viewing Visua liza tion Tab les
Cho osing Columns in a Tab le
Sea rc hing a nd Sorting
Exporting a nd Printing Data
Using the Status Bar
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
44/210
OmniVista SafeGua rd Ma nager Ad ministration Guide44
Chapter 3: General Navigation
Viewing Visualization Tables
Visualization allows administrators to track what a user is doing, what applications arebeing used, and what is being done to a network. Such tracking is useful for forensic andpostmortem purposes, that is, for debugging and ensuring that the network is
performing at its optimum and there are no threats to the network. SafeGuard collectsthis data and periodically pushes it in tabular format to OmniVista SafeGuard Manageras visualization data.
Visualization data can be viewed in tabular format for the following objects:
When you click on a table view, you are presented with a table that shows all visible dataand a column to the left that lets you customize or view data by time, incident, location,and so forth (Figure 20).
Ta ble 5 Ta ble Vie ws
Table Type Desc rip tion
Policy Incidents Displays a list of all policy incidents aga inst a user. For more informat ion,see View ing Polic y Incidents.
Malware Incidents Displays a list of malwa re incidents. This table also displays the counts ofva rious seve rities of the infec tion eve nts. For more info rma tion, seeViewing Ma lwa re Incidents.
Posture Incidents Displays all posture incidents, including EPV incident ID, host IP and MACaddresses. For more info rma tion, see Viewing Posture Incidents.
User Disp lays user authentic ation and bandwid th usage tha t is aggrega tedfor each user. Typ ica lly this has a naviga tion tree on the left p anel tha thelps finds users be longing to a spe c ific g roup / role or co nnec ted to aspe c ific port of a spec ific d evice . For more information, see , ViewingUser Sessions.
Applicat ion Type Displays the user bandwidth usage that is aggregated for each type of
application. For more information, see View ing Ap plic at ion Types.App lica tion Instance Displays the user ba ndwidth usage for eac h user, ap plica tion type,
destination po rt, and destination IP add ress. For mo re informa tion, seeViewing Application Instances.
Appl ica t ion Flows Allows an administrator to view app lica t ion flows for a selected user orapplication. For more information, see View ing Ap plica tion Flows.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
45/210
OmniVista SafeGua rd Manag er Adm inistration Guide 45
Chapter 3: General Navigation
Figure 20 Tab le View (Users)
Viewing Table Data
To view table data:
1 Use the Action Bar buttons to navigate from one type of table view to another. SeeViewing Visualization Tables for more information on different table views.
2 Use the scroll buttons at the top of the table to scroll through the data, one page ata time, previous page, next page, first page, or last page.
3 Use the fields in the left column to customize viewable data as follows:
Attribute Desc ription
Sta tus From the d ropd own list, selec t to view inc id ents by sta tus:
Ac tived isplays all ac tive incidents
Inactivedisplays all inactive incidents
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
46/210
OmniVista SafeGua rd Ma nager Ad ministration Guide46
Chapter 3: General Navigation
In general, all table views allow you to search and sort the data. You can search and sortdata:
at the currently displayed page level
at the database level
For more information on how you can search and sort data, see Searching and Sorting.
Tim e Ra ng e Fro m the d ro pd ow n list c ho ose a tim e fo r w hic h yo u w ant to vie w ta bledata . Follow ing va lues are a vailable:
Current Hourdisp lays incidents for the current hour
Last Hourdisp lays inc ide nts for the last hour Current Da ydisp lays incidents for the c urrent d ay
Last Daydisp lays incidents for the d ay befo re
Previous Daydisp lays inc ide nts for the p revious 24 hours.
Previous Hourdisp lays incidents for the hour be fore the current time.
Custom allow s you to enter a spec ific time in the From a nd To timefields
Time Filter Disp lay inc idents by:
Detec tion Timetime whe n inc ident was detec ted (first oc currenc e,last oc c urrenc e, log in time, a nd log out time d ep ending o n the view)
Clea red Timetime whe n inc ident w as c lea red
Fro m/ To The se fie ld s a re o nly a p plic a ble if yo u se le ct Custo m in the tim e ra ng e. Adropd ow n arrow provide s you with a c alenda r to spe c ify the d ate andtime in the From and To fields.
And ... Clic k And to spec ify add itiona l time filters. For mo re informa tion on usingthe this field , see Ad d itiona l Time-b ased Filte ring.
Users Selec t to view users b y authentic ation sta te, type, app lic ation g roup ,and so fo rth.
All roles Selec t to view inc idents for a spec ific role.
VLAN Filtering Allows you set up v isualizat ion filters based on VLAN IDs.
A ll lo c a tio ns Se le c t to vie w inc id e nts fo r a sp ec ific b uild ing or lo c atio n.
Attribute Desc rip tion
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
47/210
OmniVista SafeGua rd Manag er Adm inistration Guide 47
Chapter 3: General Navigation
Navigating between Different Table Views
The single-window design in OmniVista SafeGuard Manager lets you navigate from oneview to another with a single click of a button. Figure 21 below shows the different viewsto which you can navigate from a given table view. For example, from the User view you
can use the Action Bar buttons to access Posture Incidents, Malware Incidents, PolicyIncidents, Applications, and Application Instances.
Figure 21 Naviga ting between Different Tab le Views
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
48/210
OmniVista SafeGua rd Ma nager Ad ministration Guide48
Chapter 3: General Navigation
Choosing Columns in a Table
OmniVista SafeGuard Manager allows you to choose and set the order in which you viewthe columns in a given table view. These settings are remembered in Windows for eachuser and are applied when you visit the same table again. However, you can reset the
column order to its default value at any given time. From the menu bar, select Tools >Client Settings> Reset Views>.
To hide or select the columns in a table view:
1 From a table view (All Users, All Application Types, and so on), click the Edit
icon from the Action Bar. The Column Editor displays with a list of hidden anddisplayed columns (Figure 22).
Figure 22 Column Editor
2 Use the Column Editor buttons as described to hide or display a column in thetable view:
Table 6 Column Editor Buttons
Button Name Func tion
Disp lay All Selec t Displa y A ll to d isplay a ll the c olumns ava ilab le in thetable.
Disp la y Hig hlig ht a co lum n in the Hid den Colum ns p anel a nd c lic k Dis-play to a dd to the Displayed Columns pa nel.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
49/210
OmniVista SafeGua rd Manag er Adm inistration Guide 49
Chapter 3: General Navigation
The Table Preview panel (bottom of the Editor window) gives you a preview ofyour table as you make these selections.
3 Click OK to apply the changes. When you go into the table view, the columns aredisplayed in the order you selected here.
4 Click Reset to reset the columns to the previous settings.
5 Click Cancel to exit out of the Column editor without making any changes.
Hide Selec t a c olumn in the Disp layed Columns panel a nd c lic k Hideto remo ve it from the d isp lay list. This will hide the c olumn from
the tab le view.
Hide All Selec t Hide A ll to hide all the c olumns from the ta ble view.
Top Selec t a c olumn in the Disp lay Columns panel and clic k Top tomo ve the selec ted c olumn to the to p of the list. This will be thefirst c olumn d isplaye d in your tab le view.
Up Selec t a c olumn in the Disp lay Columns panel and c lic k Up tomo ve the selec ted c olumn one level up in the list.
Down Selec t a c olumn in the Disp lay Columns p anel and clic k Down tomo ve the selec ted c olumn one level dow n in the list.
Bottom Selec t a c olumn in the Disp la y Co lum ns p anel a nd clic k Bottom
to m ove the selec ted c olumn to the b ottom of the list. This will bethe last column in the tab le view .
NOTE: When in table view, you can also change the display order of thecolumns in a table by selecting and dragging a column. You can also changethe column width by dragging the column header separator. These settings areremembered by the Windows client machine for each user.
Table 6 Column Editor Buttons (continued)
Button Name Func tion
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
50/210
OmniVista SafeGua rd Ma nager Ad ministration Guide50
Chapter 3: General Navigation
Searching and Sorting
Most of the visualization tables display a maximum of 1,000 rows. When the number ofrows that exist in the database is more than can be displayed in a window, pagenavigation buttons are shown in the top-right corner of the screen (Figure 23).
Figure 23 Tab les - Partial View
You can search and sort the data displayed in tabular views using either of the followingmethods:
Search and sort the data displayed in table views by entering text in the free-formsearch panel. This method applies a search and sort order that is local to the datacurrently displayed.
Search the whole database by applying database queries and search criteria. Thismethod applies the search to the server database and refreshes the client data.
NOTE: If you increase the page size from 1,000 rows, data retrievalmay take longer.
NOTE: The page forward, page back, first page, and last page buttonsallow you to navigate between multiple pages of the search/sortresults. You can also change the limit on the number of records that aredisplayed. Simply, click on the page number at the top of the table andenter the page size in the text box that is displayed.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
51/210
OmniVista SafeGua rd Manag er Adm inistration Guide 51
Chapter 3: General Navigation
Sea rching Table Data Loc ally
To search table data locally:
1 Select View > Go To > Users (or any other menu item, or click an icon from the Page
Bar to get to a table view). In a table view, click the Find icon. A free-form
text search field displays (Figure 24).
Figure 24 Free-Form Sea rch Fields
2 Enter a keyword on which to base the search.
Sorting Table Data Loc ally
To sort the table data locally:
1 In table view, click on a column header. The first column header that you click onbecomes the primary sort field (indicated by a slightly larger arrow). You can clickon several column headers to add them to the sort as a secondary sort andperform a multi-level sort.
2 Double-click on a column header to reset the sort to a single column and clear thesort on all other fields.
3 Single-click on an already sort-enabled header to toggle the sort order betweenascending or descending.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
52/210
OmniVista SafeGua rd Ma nager Ad ministration Guide52
Chapter 3: General Navigation
Sea rching and Sorting Data in the Entire Datab ase
Most table columns allow search and sort on the database; however, certain columns donot have this functionality.
To search and sort the database on the server:
1 In a table view, click the Find icon. A search panel displays (Figure 24).
2 Click Database Search. The column headers now have search fields and sortbuttons (Figure 25).
Figure 25 New Sea rch Fields for Tab le Head ers
3 Click on the search bar of the column. A search criteria dialog box opens, allowingyou to specify the search criteria.
Figure 26 Sea rch Criteria Dialog
4 Select a condition from the dropdown list, and specify a search condition(username, IP address, and so on). If you want to specify more than one searchcondition, select a condition from the condition dropdown list; then click More toadd more than one parameter. Up to 5 search conditions can be applied using thefollowing operators combined together:
= equa l to
!= more than one
< less than
grea ter than
>= grea ter than or equa l to
Search bar sort button
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
53/210
OmniVista SafeGua rd Manag er Adm inistration Guide 53
Chapter 3: General Navigation
5 Click OK. Your search criteria are applied.
6 Click on the sort button (Figure 25) to apply the sort criteria for that column. Youcan apply multi-level sorts. The numbers on the sort buttons signify the sortingorder. A sort can be applied in either an ascending or a descending order. If youwant to reset the sort order, double-click a column to make it the primary sort and
reset all other columns.
7 After you have set the filters for one or more columns, click the Refresh icon
in the Action Bar to see new results.
Exporting and Printing DataOmniVista SafeGuard Manager allows you to export data into a comma-separated value(CSV) file format. CSV format is often used to exchange data between disparateapplications. CSV files can easily be exported, for example, into Excel worksheets. Youcan also print any visualization tables or columns or reports.
To export data in CSV format:
1 From a table view, click the Export icon. A Windows file browser dialog box
displays.
2 Specify the name and location for the file. The file is saved with a csv extension.
To print data:
1 From a table view, click the Print icon. A Windows Print browser dialog box
displays.
2 Select a printer and click OK. The file is printed to the printer you specified.
NOTE: Toggle the Advance button to clear the advance filters.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
54/210
OmniVista SafeGua rd Ma nager Ad ministration Guide54
Chapter 3: General Navigation
Using the Status Bar
The status bar displays the progress of an action, for example, when you synchronize adevice or retrieve data, and when there are any alarms or infections on a device(Figure 27).
Figure 27 Status Bar
The little green icon on the right corner of the status bar has a tool tip which displays
the current OmniVista SafeGuard Manager Server Health parameters. A sample displayof current values using tooltip is shown below.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
55/210
chap te r
4 Visualization
This sec tion inc lude s the follo wing :
Overview
Dashboards
Configuring Dashbo ards
Viewing Visua liza tion Da ta
View ing Time -ba sed Data
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
56/210
OmniVista SafeGua rd Ma nager Ad ministration Guide56
Chapter 4: Visualization
Overview
Network visualization is the ability to determine detailed information about what usersare doing in the network. Data collected during visualization is aggregated andmaintained in a relational database using a set of tables (see Table 10 for more information
on the kind of data collected).
By having the events be user-based, network visualization allows an administrator tomonitor data in a manner that presents the data in a drillable and easily digestible format.You can take remediation steps faster when you have a better understanding of aproblem and can act upon a network event.
For example, you have a vendor working on site on a regular basis. You might want togive this vendor more privileges than a visitor, but might also want to restrict vendor useto certain applications or file types. Network visualization allows you to configurepolicies to block access and log information about that access to OmniVista SafeGuardManager. You can also set up visualization filters that enable you to selectively viewevents based on VLAN ID, application type, or user role.
Network visualization provides all the user, application, and performance informationyou need to have visibility into the network usage through the real-time dashboards (formore information, see Dashboards). This usage is constant and covers all points in thenetwork. Visualization events are collected and stored for each user or application. TheOmniVista SafeGuard Manager command center provides dynamic, high-level views ofsecurity information, including:
Providing real-time and historical data
Identifying who is using the network and viewing aggregated data for each user
Identifying applications and resources as they interact with each other andviewing aggregated data for each application
Identifying traffic patterns that represent normal and legitimate use of thenetwork
Identifying which traffic patterns represent abnormal (and possibly abusive)behavior
Identifying when important events occur
Identifying classified documents that passed over the network
Maintaining the malware state of all hosts and allowing administrators to reset
the malware state of hosts
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
57/210
OmniVista SafeGua rd Manag er Adm inistration Guide 57
Chapter 4: Visualization
Dashboards
The OmniVista SafeGuard Manager command center comes with three pre-defined real-time dashboards:
Security Incidents
User Sessions with Incidents
Network Awareness
These dashboards display current day counters.
Security Incidents
The Security Incidents dashboard refreshes every 60 seconds but can also be refreshedusing the F5 key. You can access this dashboard (Figure 28) by clicking the Incidents tabon the dashboard. The Incidents tab displays statistics based on incident instancesirrespective of users. For example, if user U1 has 100 incidents and user U2 has oneincident, this tab is going to show 101 incidents. Any new incident will raise the barheight.
Figure 28 Dashboa rds - Sec urity Inc idents Tab
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
58/210
OmniVista SafeGua rd Ma nager Ad ministration Guide58
Chapter 4: Visualization
The Incidents dashboard displays the following information:
Security Level Meter
User Sessions Summary
Device Status
Authentication Failures
Policy Incidents
Malware Incidents by Category
Incidents for Unauthenticated Users
Top User Roles with Incidents/Incident Counts
Security Level Meter
The Sec urity Leve l Mete r (top -left p anel) show s weigh ted incident s per user. The g auge
mo ves to the right a s the incidents grow . The seve rity leve l is indica ted on a sca le of 1-5,where 1 is the lowe st a nd 5 is the highest seve rity level.
Figure 29 Sec urity Leve l Meter
User Sessions Summary
The User Summa ry tab le (top -ce nter panel) d isplays important sta tistics about the host-side user counts: tota l ac tive users, authe ntica ted ac tive users, unauthe ntic ate d ac tive
users.
Figure 30 User Sessions Summary
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
59/210
OmniVista SafeGua rd Manag er Adm inistration Guide 59
Chapter 4: Visualization
Device Status
The Device Hea lth pie chart show s the c onnec tivity hea lth of a device . Device s tha t arehealthy show up in green and de vice s that c annot b e reac hed, show up in red .
Figure 31 Device Health
You c an a c cess Device Mana ge me nt by c lic king on the Device Health pa nel. For moreinforma tion on Device Ma nag em ent, see Cha pte r 5, Device Configuration.
Authentic ation Failures
The Authentication Failures bar chart displays the various kinds of access control
incidents:
Captive Portaldisplays the number of users that have failed authenticationusing the Captive Portal.
Kerberosdisplays login failures occurred authenticating users throughKerberos.
RADIUSdisplays the number login failures occurred authentication usersthrough RADIUS.
Figure 32 Authentica tion Failures
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
60/210
OmniVista SafeGua rd Ma nager Ad ministration Guide60
Chapter 4: Visualization
Policy Incidents
The Policy Incidents bar chart shows various types of policy incidents, all policyincidents, Web, IM, or network connectivity incidents only. For more information onpolicy incidents, see Viewing Policy Incidents.
Figure 33 Policy Incidents
Malware Incidents by Category
The Malware Incidents bar chart shows various types of malware incidents: by category:
number of IP scans that were blocked
number of IP scans that were unblocked
number of port scans that were blocked
number of port scans that were unblocked
number of DoS incidents that were blocked
number of DoS incidents that were unblocked
Click on each bar to display a corresponding list of malware events. For moreinformation on viewing malware incident details, see Viewing Malware Incidents.
Figure 34 Malwa re Inc idents by Ca tegory
For more information on viewing malware incident details, see Viewing Malware Incidents.
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
61/210
OmniVista SafeGua rd Manag er Adm inistration Guide 61
Chapter 4: Visualization
Inc idents for Unauthenticated Users
The Incidents for Unauthenticated Users chart summarizes the various incidents in thenetwork that are caused by unauthenticated users:
Users with Policy Incidentsnumber of unauthenticated users that are violating
resource access policies. Users with Malware Incidentsnumber of unauthenticated users that are
violating malware policies.
Posturenumber of unauthenticated users that are causing posture incidents.
Figure 35 Incidents for Unauthentica ted Users
Click on each bar to view user details including corresponding incidents. For moreinformation on viewing user details, see Viewing User Sessions.
Posture Incidents
The Posture Incidents bar chart shows various types of posture incidents, unknown,unhealthy, or bypass. For more information on posture incidents, see Viewing PostureIncidents.
Figure 36 Posture Incide nts
7/31/2019 Alcatel-OmniVista SafeGuard Manager Admin Guide
62/210
OmniVista SafeGua rd Ma nager Ad ministration Guide62
Chapter 4: Visualization
Top User Roles with Inc idents/ Inc ident Counts
The Top User Roles w