Cisco Switch
Version: Cisco Switch series 2600, 2800, 1900, 2900, 3900, 4500, 6500 with IOS 12.x and 15.x
Switches are used to connect multiple devices together on the same network. In a properly designed network, LAN switches are responsible for directing and controlling the data flow at the access layer to networked resources.
Netsurion Open XDR compiles and inspects critical events from Cisco switches to provide an insight on traffic anomalies, link flaps etc.
Netsurion Data Source Integrations for Cisco Switch allows you to monitor the following components:-
- Operations – Port status changes, Administrative and Network activity.
- Security – User logon behavior, VTP management, VLAN management
- Compliance – User authentication failures, Configuration changes.
Once Cisco Switch is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Operations | Cisco Switch – Interface down or detached | This alert is generated when interface down or detached event occurs. |
| Operations | Cisco Switch – Internal software error | This alert is generated when internal software error occurs. |
| Operations | Cisco Switch – Line protocol down | This alert is generated when line protocol is down. |
| Operations | Cisco Switch – Runaway processes | This alert is generated when runaway processes occur. |
| Compliance | Cisco Switch – Configuration changed | This alert is generated when any configuration change event occurs. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Cisco Switch – Access denied | This report provides information related to connection denial events occurring on router or switch which includes Source address, Source Port, Destination Address, Destination port and Packets Transferred fields. |
| Security | Cisco Switch – VLAN management | This report provides information related to activities that occurs within the VLAN. |
| Security | Cisco Switch – Administrative account activity | This report provides information related to account activities that is done by the administrator. |
| Security | Cisco Router – VTP management | This report provides information related to activities that occurs with the VTP. |
| Operations | Cisco Switch – Port status change | This report provides information related to port status changed from UP to DOWN or vice-versa which includes Device Address, Interface Name and Port Status fields. |
| Operations | Cisco Switch – Authentication failure | This report provides information related to authentication failure that is whenever the user tries to login into one of the Cisco Switch . |
| Compliance | Cisco Switch – User logon success | This report provides information related to user logon success which includes User Name, Source Address and Source Port fields. |
| Compliance | Cisco Switch – User logon failure | This report provides information related to user logon failure which includes User Name, Source Address, Source Port and Reason fields. |
| Compliance | Cisco Switch – Configuration changed | This report provides information related to configuration changes which include Device Address, User Name, and Command Issued fields. |
| Compliance | Cisco Router – Port security | This report provides information related to port security violation. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x and later, Cisco Switch.
Download Integration Guide for configuration instructions and more information.