Version: Cisco Router series 800, 2600, 2800, 1900, 2900, 3900, 7200, 7500 with IOS 12.x and 15.x
A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet.
Netsurion Open XDR compiles and inspects critical events from Cisco router to provide an insight on user behavior, authentication failure etc
Netsurion Data Source Integrations for Cisco Router allows you to monitor the following components:-
- Operations – Port status changes, Administrative and Network activity.
- Security – User logon behavior.
- Compliance – User authentication failures, Configuration changes, Routing protocol
Once Cisco Router is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Cisco Router: Configuration changed
|Operations||Cisco Router – Border Gateway Protocol(BGP) neighbours up or down||This alert is generated when Border Gateway Protocol(BGP) neighbours up or down event occurs.|
|Operations||Cisco Router – Hot Standby Router Protocol(HSRP) state||This alert is generated when Hot Standby Router Protocol(HSRP) state change occurs.|
|Operations||Cisco Router – Interface down or detached||This alert is generated when interface down or detached event occurs.|
|Operations||Cisco Router – Internal software error||This alert is generated when internal software error occurs.|
|Operations||Cisco Router – IP-EIGRP neighbour is up or down||This alert is generated when IP-EIGRP neighbour is up or down.|
|Operations||Cisco Router – Line protocol down||This alert is generated when line protocol is down.|
|Operations||Cisco Router – Runaway processes||This alert is generated when runaway processes occur.|
|Compliance||Cisco Router – Configuration changed||This alert is generated when any configuration change event occurs.|
|Security||Cisco Router – Access denied||This report provides information related to connection denial events occurring on router or switch which includes Source address, Source Port, Destination Address, Destination port and Packets Transferred fields.|
|Security||Cisco Router – Administrative account activity||This report provides information related to account activities that is done by the administrator.|
|Operations||Cisco Router – Port status change||This report provides information related to port status changed from UP to DOWN or vice-versa which includes Device Address, Interface Name and Port Status fields.|
|Operations||Cisco Router – Authentication failure||This report provides information related to authentication failure that is whenever the user tries to login into one of the Cisco Router.|
|Compliance||Cisco Router – User logon success||This report provides information related to user logon success which includes User Name, Source Address and Source Port fields.|
|Compliance||Cisco Router – User logon failure||This report provides information related to user logon failure which includes User Name, Source Address, Source Port and Reason fields.|
|Compliance||Cisco Router – Configuration changed||This report provides information related to configuration changes which include Device Address, User Name, and Command Issued fields.|
|Compliance||Cisco Router – VTP management||This report provides information related to activities that occurs with the VTP.|
|Compliance||Cisco Router – Routing protocol||This report provides information related to routing protocol.|
The configuration details are consistent with Netsurion Open XDR 7.x and later, Cisco Router.
Download Integration Guide for configuration instructions and more information.