Main Page

From MetaFlows User Manual

Jump to: navigation, search
  1. The MetaFlows Security System
    1. Introduction
    2. Architecture
      1. Sensors
      2. Controller
    3. Appliances
    4. Sensor Software
      1. Multiple Session Analysis
      2. Soft IPS
      3. SIEM Import Export
      4. File Transmission Logging and Network Antivirus
      5. Historical Flow and Payload Data Storage
  2. System Requirements
    1. Browser
    2. Sensor Hardware and Software
    3. Interface Bonding
    4. Sensor Networking
  3. Sensor Setup
    1. Registering With MetaFlows
    2. Adding A Sensor
    3. Adding Sensor (Advanced)
      1. Log Management
      2. Event Destinations
        1. Additional Details about the Local DB mode
      3. Use Multiple Cores If Available
      4. Use Inline Mode
    4. Sensor Variables
    5. Sensor Application Details
      1. Flow Analysis and Passive Service Discovery
      2. Network Analysis and File Carving
      3. Malware Analysis (BotHunter)
      4. assive OS Fingerprinting
      5. Store Packets On Sensor
      6. Block Communications in Passive Mode (Soft IPS)
      7. File Monitoring
      8. Passive Modsecurity
        1. Modsecurity Alerts
        2. Client or Server Mode
        3. Modsecurity Rule Editor
    6. Automatic Blocking for Priority Rules
    7. Manage Local Rule Source
  1. Sensor Install
    1. Downloading Sensor Image
    2. Linux Sensor Installation Procedures
    3. VMWare Sensor Installation Procedures
      1. Configure Share Folders
      2. VMWare Preferences
      3. Closing VMWare Player
      4. Virtual Machine Sensor Management
      5. Sensor System (MSS)
  2. Browser Setup
    1. Sensor Connection Window
      1. Sensor Connection Status
      2. Sensor Status Lights
  3. Main Menu
  4. Account Management
    1. Preferences
    2. Subscription
    3. Contact Information
  5. Sensor Management
    1. Add Sensors
    2. View Sensors
    3. Edit Sensors
    4. Share Sensors
  6. Historical Reports
    1. Loading Bar
    2. Historical Report Columns and Data
    3. Feedback
    4. Coloring
    5. Historical Report Options
  7. Real-Time Event View
    1. Real-Time Event View Columns
    2. Real-Time Data Management
  8. Command Line Interface
    1. Initialization
      1. Remote Execution
      2. API key revocation
    2. Historical Flow and Payload Data Storage
      1. Full Packet Payload Database
      2. Tracker
      3. IDS Event Packets
      4. Sessions
    3. Historical Flow and Payload Data Queries
      1. Query Syntax
      2. Examples
    4. Historical Event Queries
      1. Syntax
      2. Examples
  9. Event Graphs
  10. Log Management
  11. Event Classification
    1. Creating a Classification
      1. Classification Category
      2. Classification Name
      3. Classification Action
        1. Delete
        2. Change Rank
        3. Email
        4. Block
        5. Classify
        6. Disable Class
      4. Other Details
    2. Viewing Classes
    3. Class Access and Legends
  12. Forensic Tools
    1. Summary Forensic Tools
    2. Flow Detail Forensic Tools
      1. Escalate Flow
      2. Get Service
      3. Packet Data (tcpflow)
      4. Packet Data (tcpdump)
      5. Lookup Server/Client Port
      6. Server/Client Historical Reports
  13. IDS Rules Management Interface
    1. Entering the Rules Management Interface
    2. Selecting a Sensor
    3. Sensor Rules Controls
    4. Updating Your Rules File
    5. Rule File List
    6. Rule Listings Per File
    7. Rule Context Menu
    8. Manual Rule Editor and Rule Info
    9. Edited Rule Color Coding
    10. Tuning a Rule
    11. Relevant Snort Rules Links
  14. Correlation Engine Rules
    1. Introduction
    2. In Practice
    3. CER Full Specification
      1. Actions
        1. Match
        2. Block
        3. Email
        4. Ignore
        5. Rank
        6. Trackint and Trackext
      2. <cond> and <rpc>
      3. Description of Specifications
        1. Field
        2. Op
        3. Value
      4. Examples
        1. Simple Matches: No Preconditions
        2. One Precondition: Multiple Triggers and Multiple Actions
        3. One Precondition and A Pure Flow Match
  15. Amazon Web Services (AWS) Setup
    1. Using the MetaFlows Amazon Marketplace AMI
    2. MetaFlows Sensor as a Collector / Agent Model
      1. Introduction/Notes
      2. Install and Start the Collector Software
      3. Configure the Sensor
      4. Add Linux or Windows Agents
        1. Linux Agents:
        2. Windows Agents:
    3. MetaFlows Security Gateway on Amazon EC2
      1. Architecture
      2. Setup Instructions
        1. Launch a VPC
        2. Create Subnets
        3. Setup the NAT Gateway
        4. Add Additional IP Addresses
        5. Setup the Routing Tables
        6. Launch the EC2 Instances
        7. Add Port Forwarding Rules
  16. MetaFlows Honeypots
    1. Overview
    2. Types of Honeypots
      1. Windows Server
      2. Windows Client
      3. CentOS Linux Server
      4. Ubuntu Metasploitable Server
    3. Requirements
    4. Adding a Sensor to the Honeypot
    5. Preparing the Host System
    6. Additional Notes
      1. Complications
      2. If Traffic Is Not Reaching the Honeypot
      3. Viewing the Honeypot as a Guest
      4. Modifying the Honeypot VMware Image

Next Chapter

Views
Personal tools
Navigation
Toolbox