Microolap EtherSensor
Brief description of features
EtherSensor scope of application
System requirements
Description of operation
Administrator skills
List of operational documents
About EtherSensor PCAP Edition
Delivery of traffic analysis results
Microolap EtherSensor installation and configuring
Content of the software distribution kit
Connection Microolap EtherSensor to Ethernet
Management interface
Listening Interface
Switch configuration
Using Third-Party Information Security Tools
Sensor settings
Sources of data and metadata
EtherSensor PCAP service
EtherSensor PCAP settings
EtherSensor PCAP configuration file
EtherSensor PCAP packet filters
EtherSensor EtherCAP service
EtherSensor EtherCAP settings
EtherSensor EtherCAP configuration file
EtherSensor EtherCAP packet filters
EtherSensor ICAP service
EtherSensor ICAP settings
EtherSensor LotusTXN service
EtherSensor LotusTXN settings
EtherSensor Identity service
EtherSensor Identity settings
Domain Controllers
Alternative: logon script
DNS servers
DNSBL servers
Authentication Logs
Lua scripts
EtherSensor Agens server
EtherSensor Agent
System requirements for the Agent
Agent Installation
Agent files
Logic modules of the Agent
Data transferred to EtherStat
Data transferred to EtherSensor
Working with the Agent
Possible options for the Agent's work
Configuration of the EtherSensor Agent service
Agent work logging
Problems and solutions
Analysis of events and objects
EtherSensor Analyser settings
Pre-filtration
Detection and normalization of events
INCLUDE: Lua scripts functions
Final filtration
Generated events/messages
Filtering interception results
Filtration basics
Filer configuration
Table
Rules
Criteria and conditions
Condition ALL, *
Condition DETECTOR
Codition PROTOCOL
Condition MSG-SIZE, TOTAL-SIZE
Condition CHECK-MD5
Condition CHECK-MESSAGE-ID
Condition HOSTNAME
Condition IP
Condition HEADER
Condition ATTACH-NAME
Condition ATTACH-EXIST
Condition TAG
Condition FROM, TO, CC, BCC, ADDRESS, SUBJECT
Condition TEXT
Actions
Action ACCEPT
Action DROP
Action JUMP
Action RETURN
Action LABEL
Action TAG
Action DATETIME
Action DNS
Action DNSBL-LH, DNSBL-RH
Action SAVE RAW DATA
Action TRANSPORT
Action HEADER
Action HEADER_EX
Action LOG
Brief rules for writing filters
Tips
Pre-filtering HTTP requests
Conditions
Condition ALL, *
Condition METHOD
Condition IP
Condition REQ-SIZE, RESP-SIZE, SIZE
Condition REQ-HEADER, RESP-HEADER
Condition URL
Condition TAG
Actions
Action ACCEPT
Action DROP
Action JUMP
Action RETURN
Action COPY
Action ACCESS-LOG
Action TAG
Action LABEL
Examples of applying filters
Adding hostname
Filtering by hosts
Filtering by URL
Filtering by HTTP + DNSBL
Filtering large HTTP objects
Delivery of results to systems-consumers
ARCHVING profiles
FILEDROP profiles
FTP profiles
IMAP profiles
SFTP profiles
SMB profiles
SMTP profiles
DLP profiles
DEVICELOCK profiles
FALCONGAZE profiles
INFOWATCH profiles
SIEM profiles
SYSLOG profiles
Lua scripts
SANDBOX profiles
VIRUSTOTAL profiles
ATHENA profiles
STATS profiles
NETFLOW profiles
GROUP profiles
General delivery settings
EtherSensor Watcher logging
Configure EtherSensor Watcher logging
EtherSensor Watcher stats settings
Remote management and monitoring of EtherSensor
EtherSensor RAPI profiles settings
Microolap EtherSensor update service
Microolap EtherSensor update service settings
Sensor routine maintenance
Sensor maintenance issues
Emergency response
What's new
GUI localization
Licensing Microolap EtherSensor
License file
Uhid (HardwareID) of the runtime environment
Working with the licensing system
After purchasing the license
License agreement