Cisco Catalyst

Version: Cisco Catalyst 6500, CatOS 7.5(1) Later

Catalyst is the brand name for a variety of network switches sold by Cisco Systems. While commonly associated with ethernet switches, several different interfaces have been available throughout the history of the brand. The industry-leading Cisco Switch appliances support high-speed connectivity, applications, and communications systems for customers worldwide.

Netsurion Open XDR helps to monitor events from Cisco Catalyst. Its dashboard, alerts and reports will help you to track login activities, port activity and any new detections. It will trigger alert whenever user tries to login and fails and any new IP to tackle security issues.

Netsurion Data Source Integrations for Cisco Catalyst allows you to monitor the following components:-

  • Security – Bad packet received, login fail, new IP found, new server connection, port link down, protocol audit, device audit.
  • Operations – User login failure, interface management
  • Compliance – User login success, device connection activity

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Cisco Catalyst – Bad packet received This alert is generated when malformed packet is received.
Security Cisco Catalyst – Login fail This alert is generated when user fails to login.
Security Cisco Catalyst – Port link down This alert is generated when a broken link for the port is detected.
Security Cisco Catalyst – Privilege enable fail This alert is generated when privilege enable fails.

Reports

Type Name Description
Security Cisco Catalyst – New IP Detected This report gives information about all the New IP address has been learned on a port detected in Cisco Catalyst. Report contains IP address, username, successful login or login failure, and other useful information.
Security Cisco Catalyst – User login Failure This report gives information about all the login failure detected in Cisco Catalyst. Report contains IP address, username, and other useful information.
Operations Cisco Catalyst – Interface Management This report gives information about all the broken/active link on the port activities in Cisco Catalyst. Report contains module, port, and other useful information.
Compliance Cisco Catalyst – User Login Success This report gives information about all the login successful detected in Cisco Catalyst. Report contains IP address, username, and other useful information.
Compliance Cisco Catalyst – Device Connection Activity This report gives information about all the device connection detected/lost in Cisco Catalyst. Report contains module, port and other useful information.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.2x and later, and Cisco Catalyst.

Download Integration Guide and How to Guide for configuration instructions and more information.