Using the Cisco Network Security Database

Using the Cisco Network Security Database

The Cisco Network Security Database, or NSDB as it is commonly referred to, is Cisco's version of a security vulnerability database. The entries in the NSDB correspond with an event or a signature in the IDS. When researching and investigating alarms, the NSDB is used to make sense of what is going on within your enterprise.

Each IDS Management Console accesses the NSDB in the same manner. In order for you to access the NSDB entry for a signature, perform the following steps:

  1. Access the events in the Event Viewer for IDM or CSPM or drill down to the event in the Director. You can either view the live database or a log file.

  2. Select the record you want information about.

  3. Right-click the record and select NSDB.

  4. The NSDB will open in a Web browser with information about the signature in question (see Figure 4.57).

    Click To expand
    Figure 4.57: The NSDB Screen

If there are related vulnerabilities for a particular signature, there will be links to those vulnerabilities.

You can view the entire database by clicking the Main link in the left pane. This offers a numerical list of all the signatures currently in the database (see Figure 4.58).

Click To expand
Figure 4.58: NSDB Main Menu

Note

If you are using the Director, you have to specify a browser preference to access NSDB. Open nrConfigure, select Preferences from the File menu and enter the path to the browser, then click OK