Scribd Logo
Upload

Welcome to Scribd!

  • HIPS30S06L03

    Uploaded by

    api-3699464
    39 views13 pages
    Application Behavior Investigation, when deployed on a host, monitors the actions of designated applications on that host and logs them. Behavior Analysis categorizes application resources into file, registry, network, and COM components, and creates access control rules for each of these categories. Behavior Analysis creates File Access Control rules to protect the application data from being exposed to external attacks.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Application Behavior Investigation, when deployed on a host, monitors the actions of designated applications on that host and logs them. Behavior Analysis categorizes application resources into file, registry, network, and COM components, and creates access control rules for each of these categories. Behavior Analysis creates File Access Control rules to protect the application data from being exposed to external attacks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    39 views13 pages

    HIPS30S06L03

    Uploaded by

    api-3699464
    Application Behavior Investigation, when deployed on a host, monitors the actions of designated applications on that host and logs them. Behavior Analysis categorizes application resources into file, registry, network, and COM components, and creates access control rules for each of these categories. Behavior Analysis creates File Access Control rules to protect the application data from being exposed to external attacks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    Using CSA Analysis

    Configuring Application Behavior


    Investigation

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-1


    Objectives

    At the end of this lesson, you will be able to meet


    these objectives:
    • Identify the function of Application Behavior Investigation
    • Describe how to configure Behavior Analysis

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-2


    Application Behavior Investigation Process

    Policy for Application Behavior Investigation deployed

    Events logged for Application Behavior

    CSA MC Host

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-3


    Behavior Analysis

    Before configuring Behavior Analysis for an


    application, ensure that you have these details:
    • The application you want to analyze
    • The host you want to select for application analysis

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-4


    Configuring Behavior Analysis
    Investigation

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-5


    Configuring Behavior Analysis
    Investigation (Cont.)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-6


    Configuring Behavior Analysis
    Investigation (Cont.)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-7


    Configuring Behavior Analysis
    Investigation (Cont.)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-8


    Monitoring the Behavior Analysis

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-9


    Starting the Behavior Analysis

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-10


    Reviewing the Rule Module

    You can maintain integrity between the application


    and the system by:
    • Protecting the application from the system: Behavior
    Analysis creates File Access Control rules to protect the
    application data from being exposed to external attacks.
    • Protecting the system from the application: Behavior
    Analysis categorizes application resources into file, registry,
    network, and COM components, and creates access control
    rules for each of these categories.

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-11


    Summary

    • The Application Behavior Investigation feature serves as a data analysis


    and policy creation tool for administrators.
    • The three different contributing components for Application Behavior
    Investigation are CSA MC, the Behavior Investigation functionality, and
    the Agent.
    • Application Behavior Investigation, when deployed on a host, monitors
    the actions of designated applications on that host and logs all attempts
    to access system resources.
    • Application Behavior Investigation analyzes the logging data, prepares
    detailed reports for the designated application, and generates a rule
    module to implement the results.
    • The rule module created during Behavior Analysis helps in enforcing
    normal application behavior and maintaining integrity between the
    application and the system.
    • You can monitor the progress of the Behavior Analysis process on a
    host by using the Progress Status fields on the Behavior Analysis
    configuration page.

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-12


    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-13

    You might also like