M86 Security Threat Analysis Reporter User manual
M86 Threat Analysis Reporter
USER GUIDE
Software Version: 2.1.10
Document Version:06.01.10
II M86 SECURITY USER GUIDE
M86 THREAT ANALYSIS REPORTER USER
GUIDE
© 2010 M86 Security
All rights reserved.
828 W. Taft Ave., Orange, CA 92865, USA
Version 1.01, published June 2010 for software release 2.1.10
Printed in the United States of America
This document may not, in whole or in part, be copied, photo-
copied, reproduced, translated, or reduced to any electronic
medium or machine readable form without prior written con-
sent from M86 Security.
Every effort has been made to ensure the accuracy of this
document. However, M86 Security makes no warranties with
respect to this documentation and disclaims any implied war-
ranties of merchantability and fitness for a particular purpose.
M86 Security shall not be liable for any error or for incidental
or consequential damages in connection with the furnishing,
performance, or use of this manual or the examples herein.
Due to future enhancements and modifications of this product,
the information described in this documentation is subject to
change without notice.
The latest version of this document can be obtained from
http://www.m86security.com/support/Threat-Analysis-
Reporter/documentation.asp
Trademarks
Other product names mentioned in this manual may be trade-
marks or registered trademarks of their respective companies
and are the sole property of their respective manufacturers.
Part# TAR-UG_v1.01-1006
M86 SECURITY USER GUIDE iii
CONTENTS
I
NTRODUCTORY
S
ECTION
.................................................. 1
Threat Analysis Reporter ........................................................... 1
About this User Guide ................................................................ 2
How to Use this User Guide ....................................................... 3
Conventions ...................................................................................... 3
Terminology ...................................................................................... 4
Environment Requirements ....................................................... 8
Workstation Requirements ................................................................ 8
Network Requirements ...................................................................... 9
Installation Prerequisite ..................................................................... 9
Getting Started .......................................................................... 10
Initial Setup ..................................................................................... 10
Procedures for Logging On, Off ...................................................... 11
Access the TAR Administrator Login window ........................... 11
Log in ........................................................................................ 12
Navigation toolbar menu links and topics ................................. 13
Exit the user interface ............................................................... 14
Navigation Tips and Conventions ...........................................15
P
RELIMINARY
S
ETUP
S
ECTION
........................................ 17
Introduction ............................................................................... 17
Chapter 1: User Groups Setup ................................................. 18
View User Group Information .......................................................... 20
User group status key ............................................................... 20
View a list of members in a user group ..................................... 20
Add a User Group ........................................................................... 22
Patterns frame .......................................................................... 23
Add a new pattern ............................................................... 23
View users resolved by the pattern .................................... 24
Remove a pattern................................................................ 24
CONTENTS
iv M86 SECURITY USER GUIDE
IP Ranges frame ....................................................................... 25
Specify an IP range ............................................................ 26
Remove an IP address range ............................................. 27
Single Users frame . .................................................................. 28
Add one or more individual users ....................................... 29
Use the filter to narrow Available Users results ............ 29
Select users to add to the Assigned Users list ............. 29
Remove users from the Add tab ........................................ 30
Edit a User Group ........................................................................... 31
Rebuild the User Group .................................................................. 32
Delete a User Group ....................................................................... 32
Chapter 2: Admin Groups Setup ............................................. 33
Add a Group .................................................................................... 34
View, Edit an Admin Group’s Permissions ...................................... 36
View Admin Group settings ...................................................... 36
Edit Admin Group settings . ....................................................... 37
Delete an Administrator Group ........................................................ 37
Chapter 3: Admins Setup ......................................................... 38
Add an Administrator Profile ........................................................... 39
View, Edit Admin Detail ................................................................... 42
View Admin Details ................................................................... 42
Edit Account Info . ..................................................................... 43
Delete Admin ................................................................................... 44
C
ONFIGURATION
S
ECTION
............................................... 45
Introduction ............................................................................... 45
Chapter 1: Gauge Components ............................................... 46
Types of Gauges ............................................................................. 46
Anatomy of a Gauge ....................................................................... 47
How to Read a Gauge ..................................................................... 48
Bandwidth Gauge Components ...................................................... 49
Gauge Usage Shortcuts .................................................................. 51
Chapter 2: Custom Gauge Setup, Usage ................................53
Add a Gauge ................................................................................... 55
Specify Gauge Information . ...................................................... 56
Define Gauge Components ...................................................... 57
CONTENTS
M86 SECURITY USER GUIDE v
Assign user groups ................................................................... 58
Save gauge settings ................................................................. 59
Modify a Gauge ............................................................................... 60
Edit gauge settings ................................................................... 60
Hide, Disable, Delete, Rearrange Gauges ...................................... 62
Hide a gauge . ........................................................................... 64
Disable a gauge ........................................................................ 64
Show a gauge ........................................................................... 64
Rearrange the gauge display in the dashboard ........................ 64
Delete a gauge ......................................................................... 65
View End User Gauge Activity ........................................................ 66
View Overall Ranking ............................................................... 66
View a Gauge Ranking table .................................................... 67
Monitor, Restrict End User Activity .................................................. 69
View User Summary data ......................................................... 69
Access the Threat View User panel ......................................... 70
URL Gauges tab selection .................................................. 70
Bandwidth Gauges tab selection ........................................ 72
Manually lock out an end user .................................................. 73
Low severity lockout............................................................ 74
Medium and High severity lockout ..................................... 75
End user workstation lockout .............................................. 75
Low severity URL, medium URL/bandwidth lockout..... 75
High severity URL, low/high bandwidth lockout............ 76
Chapter 3: Alerts, Lockout Management ................................77
Add an Alert .................................................................................... 79
Email alert function ................................................................... 80
Configure email alerts ......................................................... 80
Receive email alerts............................................................ 81
System Tray alert function ........................................................ 81
Lockout function . ...................................................................... 82
View, Modify, Delete an Alert .......................................................... 83
View alert settings . ................................................................... 84
Modify an alert . ......................................................................... 85
Delete an alert .......................................................................... 86
View the Alert Log ........................................................................... 87
Manage the Lockout List ................................................................. 89
View a specified time period of lockouts ................................... 90
Unlock workstations .................................................................. 91
Access User Summary details .................................................. 91
CONTENTS
vi M86 SECURITY USER GUIDE
Chapter 4: Analyze Usage Trends ...........................................92
View Trend Charts .......................................................................... 93
View activity for an individual gauge ......................................... 93
View overall gauge activity . ...................................................... 95
Navigate a trend chart .............................................................. 96
View gauge activity for a different time period ................... 97
Analyze gauge activity in a pie chart .................................. 98
Analyze gauge activity in a line chart ................................. 99
View In/Outbound bandwidth gauge activity .................... 101
Print a trend chart from an IE browser window ................. 101
Access Web Filter, ER Applications .............................................. 102
Access the Web Filter ............................................................. 102
Access the ER Web Client application ................................... 102
Access the ER Administrator console ..................................... 102
Chapter 5: Identify Users, Threats ......................................... 103
Perform a Custom Search ............................................................. 103
Specify Search Criteria . .......................................................... 104
View URLs within the accessed category ........................ 106
A
DMINISTRATION
S
ECTION
............................................ 107
Introduction ............................................................................. 107
Chapter 1: View the User Profiles List .................................. 109
Search the User Database ............................................................ 110
View End User Activity ........................................................... 110
Chapter 2: View Administrator Activity ................................. 111
Perform a Search on a Specified Activity ...................................... 112
Search results ......................................................................... 114
Chapter 3: Maintain the Device Registry ..............................115
Generate an SSL Certificate for TAR ............................................ 117
Restart the TAR server ................................................................. 117
Shut down the TAR server ............................................................ 117
Web Filter Device Maintenance .................................................... 118
View, edit Web Filter device criteria ........................................ 118
Add a Web Filter to the device registry ................................... 119
Delete a Web Filter from the device registry ........................... 119
Threat Analysis Reporter Maintenance ......................................... 120
CONTENTS
M86 SECURITY USER GUIDE vii
View TAR device criteria ........................................................ 120
Add, remove a bandwidth range ............................................. 121
ER Device Maintenance ................................................................ 122
Add an ER to the device registry ............................................ 122
View, edit ER device criteria ................................................... 123
Delete the ER device from the registry ................................... 123
View Other Device Criteria ............................................................ 124
View SMTP device criteria ...................................................... 124
View Patch Server device criteria ........................................... 124
View NTP Server device criteria ............................................. 125
View Proxy Server device criteria ........................................... 125
Sync All Devices ........................................................................... 125
Chapter 4: Perform Backup, Restoration .............................. 127
Execute a Backup on Demand ...................................................... 129
Restore User Settings ................................................................... 130
Restore to Factory Default Settings .............................................. 131
Reset to Factory Default Settings frame ................................. 131
Wizard Login window .............................................................. 132
T
ECHNICAL
S
UPPORT
/ P
RODUCT
W
ARRANTIES
............. 135
Technical Support ................................................................... 135
Hours ............................................................................................. 135
Contact Information ....................................................................... 135
Domestic (United States) ........................................................ 135
International ............................................................................ 135
E-Mail ..................................................................................... 135
Office Locations and Phone Numbers .................................... 136
M86 Corporate Headquarters (USA)................................. 136
M86 Taiwan....................................................................... 136
Support Procedures ...................................................................... 137
Product Warranties ................................................................. 138
Standard Warranty ........................................................................ 138
Technical Support and Service .....................................................139
Extended Warranty (optional) ....................................................... 140
Extended Technical Support and Service ..................................... 140
A
PPENDICES
S
ECTION
................................................... 141
CONTENTS
viii M86 SECURITY USER GUIDE
Appendix A .............................................................................. 141
Disable Pop-up Blocking Software ................................................ 141
Yahoo! Toolbar Pop-up Blocker .................................................... 141
Add the Client to the White List .............................................. 141
Google Toolbar Pop-up Blocker .................................................... 143
Add the Client to the White List .............................................. 143
AdwareSafe Pop-up Blocker ......................................................... 144
Disable Pop-up Blocking ........................................................ 144
Mozilla Firefox Pop-up Blocker ..................................................... 145
Add the Client to the White List .............................................. 145
Windows XP SP2 Pop-up Blocker ................................................ 147
Set up Pop-up Blocking .......................................................... 147
Use the Internet Options dialog box.................................. 147
Use the IE Toolbar ............................................................ 148
Add the Client to the White List . ............................................. 149
Use the IE Toolbar ............................................................ 149
Use the Information Bar ................................................... 150
Set up the Information Bar.......................................... 150
Access the Client ........................................................ 150
Appendix B .............................................................................. 152
System Tray Alerts: Setup, Usage ................................................ 152
LDAP server configuration ...................................................... 152
Create the System Tray logon script................................. 152
Assign System Tray logon script to administrators ........... 156
Administrator usage of System Tray ....................................... 158
Use the TAR Alert icon’s menu ......................................... 158
Status of the TAR Alert icon.............................................. 159
View System Tray alert messages.................................... 160
Appendix C .............................................................................. 161
RAID Maintenance and Troubleshooting ...................................... 161
Part 1: Hardware Components . .............................................. 162
Part 2: Server Interface .......................................................... 162
LED indicators in SL and HL units .................................... 162
Front control panels on H, SL, and HL units ..................... 164
Rear panels on H and HL units ......................................... 166
Part 3: Troubleshooting .......................................................... 167
Hard drive failure............................................................... 167
Step 1: Review the notification email.......................... 167
Step 2: Verify the failed drive in the Admin console ... 168
CONTENTS
M86 SECURITY USER GUIDE ix
Step 3: Replace the failed hard drive.......................... 169
Step 4: Rebuild the hard drive .................................... 170
Step 5: Contact Technical Support ............................. 171
Power supply failure.......................................................... 171
Step 1: Identify the failed power supply ...................... 171
Step 2: Unplug the power cord ................................... 171
Step 3: Replace the failed power supply .................... 172
Step 4: Contact Technical Support ............................. 172
Fan failure ......................................................................... 173
Identify a fan failure .................................................... 173
Appendix D .............................................................................. 174
Glossary ........................................................................................ 174
I
NDEX
........................................................................... 177
CONTENTS
xM86 SECURITY USER GUIDE
INTRODUCTORY SECTION THREAT ANALYSIS REPORTER
M86 SECURITY USER GUIDE 1
INTRODUCTORY SECTION
Threat Analysis Reporter
As perimeter security becomes more mature, user-gener-
ated Web threats increase and become critical aspects of
maintaining networks. Network administrators need tools to
monitor these threats so management can enforce corpo-
rate Internet usage policies.
M86's Threat Analysis Reporter (TAR) is designed to offer
administrators or management dynamic, real time graphical
snapshots of their network’s Internet traffic, supported by
remediation tools to manage and control user-generated
Web threats. Working in conjunction with M86’s Web Filter,
TAR interprets end user Internet activity from the Web
Filter’s logs and provides data that can be viewed via an
easy-to-read dashboard of gauges the administrator can
drill down into, thereby identifying the source of the threat.
INTRODUCTORY SECTION ABOUT THIS USER GUIDE
2M86 SECURITY USER GUIDE
About this User Guide
The Threat Analysis Reporter User Guide addresses the
network administrator designated to configure and manage
the TAR appliance on the network (referred to as the “global
administrator” throughout this user guide, since he/she has
all rights and permissions on the TAR appliance), as well as
administrators designated to manage user groups on the
network (referred to as “group administrators” throughout
this user guide).
This user guide is organized into the following sections:
• Introductory Section - This section provides general
information on how to use this user guide to help you
configure the TAR appliance.
• Preliminary Setup Section - This section includes infor-
mation on creating and maintaining user accounts.
• Configuration Section - This section includes informa-
tion on configuring TAR to alert you to any end user
Internet activity not within your organization’s Internet
usage policies.
• Administration Section - This section includes func-
tions for maintaining the TAR appliance or its database.
• Technical Support / Product Warranties Section -
This section contains information on technical support
and product warranties
• Appendices - Appendix A explains how to disable pop-
up blocking software installed on a workstation in order to
use TAR. Appendix B provides details on setting up and
using the System Tray feature for TAR alerts. Appendix C
includes information about RAID maintenance and trou-
bleshooting on a TAR “H”, “HL”, or “SL” server. Appendix
D features a glossary of technical terminology used in
this user guide.
INTRODUCTORY SECTION HOW TO USE THIS USER GUIDE
M86 SECURITY USER GUIDE 3
• Index - This section includes an index of subjects and
the first page numbers where they appear in this user
guide.
How to Use this User Guide
Conventions
The following icons are used throughout this user guide:
NOTE: The “note” icon is followed by italicized text providing
additional information about the current subject.
TIP: The “tip” icon is followed by italicized text giving you hints on
how to execute a task more efficiently.
WARNING: The “warning” icon is followed by italicized text
cautioning you about making entries in the application, executing
certain processes or procedures, or the outcome of specified
actions.
INTRODUCTORY SECTION HOW TO USE THIS USER GUIDE
4M86 SECURITY USER GUIDE
Terminology
The following terms are used throughout this portion of the
user guide. Sample images (not to scale) are included for
each item.
•accordion - one of at least two or
more like objects, stacked on top of
each other in a frame or panel, that
expands to fill a frame or collapses
closed when clicked.
•alert box - a pop-up box that
informs you about informa-
tion pertaining to the execu-
tion of an action.
• button - an object in a dialog box, alert
box, window, or panel that can be clicked
with your mouse to execute a command.
• checkbox - a small square in a dialog
box, window, or panel used for indi-
cating whether or not you wish to select an option. This
object allows you to toggle between two choices. By
clicking in this box, a check mark or an “X” is placed, indi-
cating that you selected the option. When this box is not
checked, the option is not selected.
• dialog box - a box that
opens in response to a
command made in a
window or panel, and
requires your input. You must choose an option by
clicking a button (such as “Yes” or “No”, or “Next” or
“Cancel”) to execute your command. As dictated by this
box, you also might need to make one or more entries or
selections prior to clicking a button.
INTRODUCTORY SECTION HOW TO USE THIS USER GUIDE
M86 SECURITY USER GUIDE 5
• field - an area in a dialog box,
window, or panel that either
accommodates your data entry, or
displays pertinent information. A text box is a type of
field.
• frame - a boxed-in area in a
dialog box, window, or panel
that includes a group of
objects such as fields, text
boxes, list boxes, buttons,
radio buttons, checkboxes,
accordions, tables, tabs, and/
or tables. Objects within a
frame belong to a specific
function or group. A frame
often is labeled to indicate its
function or purpose.
• list box - an area in a dialog
box, window, or panel that
accommodates and/or
displays entries of items that
can be added or removed.
• panel - the central
portion of a screen
that is replaced by
a different view
when clicking a
pertinent link or
button.
INTRODUCTORY SECTION HOW TO USE THIS USER GUIDE
6M86 SECURITY USER GUIDE
• pop-up box or pop-up window - a
box or window that opens after you
click a button in a dialog box,
window, or panel. This box or
window may display information, or
may require you to make one or
more entries. Unlike a dialog box,
you do not need to choose between options.
• pull-down menu - a field in a
dialog box, window, or panel that
contains a down arrow to the right.
When you click the arrow, a menu of items displays from
which you make a selection.
• radio button - a small, circular object in a
dialog box, window, or screen used for
selecting an option. This object allows you to toggle
between two choices. By clicking a radio button, a dot is
placed in the circle, indicating that you selected the
option. When the circle is empty, the option is not
selected.
• re-size button - positioned between two frames,
this button enlarges a frame or makes the frame
narrower when clicked and dragged in a specific
direction.
• screen - a main
object of an applica-
tion that displays
across your
monitor. A screen
can contain panels,
windows, frames,
fields, tables, text
boxes, list boxes,
icons, buttons, and radio buttons.
INTRODUCTORY SECTION HOW TO USE THIS USER GUIDE
M86 SECURITY USER GUIDE 7
• slider - a small,
triangular-shaped
object—posi-
tioned on a line—that when clicked and dragged to the
left or right decreases or increases the number of records
displayed in the grid to which it pertains.
•tab - one of at least two objects posi-
tioned beside one another that display
content specified to its label when clicked. A tab can
display anywhere in a panel, usually above a frame.
• text box - an area in a dialog box, window, or screen that
accommodates your data entry. A text box is a type of
field. (See “field”.)
• window - can contain
frames, fields, text
boxes, list boxes,
icons, buttons, and
radio buttons. Types
of windows include
ones from the system
such as the Save As
window, pop-up
windows, or login
windows.
INTRODUCTORY SECTION ENVIRONMENT REQUIREMENTS
8M86 SECURITY USER GUIDE
Environment Requirements
Workstation Requirements
System requirements for the administrator include the
following:
• Windows XP, Vista, or 7 operating system running:
• Internet Explorer (IE) 7.0 or 8.0
• Firefox 3.5
• Macintosh OS X Version 10.5 or 10.6 running:
• Safari 4.0
• Firefox 3.5
• Flash plug-in version 9 or later
• Screen resolution set at 1024 x 768 with color quality set
at 16 bits
•256MBRAM
• Pentium III 600 MHz or higher, or equivalent
• Network card and ability to connect to the TAR server
and Web Filter server
• Email client that can be set up to receive email alerts
• JavaScript enabled
• Java Virtual Machine
• Java Plug-in (use the version specified for the Web Filter
software version)
INTRODUCTORY SECTION ENVIRONMENT REQUIREMENTS
M86 SECURITY USER GUIDE 9
Network Requirements
• High speed connection from the TAR server to client
workstations
• HTTPS connection to M86’s software update server
• Internet connectivity for downloading Java virtual
machine/Flash, if not already installed
Installation Prerequisite
• M86 Web Filter running software version 4.0.00 or later
INTRODUCTORY SECTION GETTING STARTED
10 M86 SECURITY USER GUIDE
Getting Started
Initial Setup
To initially set up your TAR server, the administrator
installing the unit should follow the instructions in the Instal-
lation Guide, the booklet packaged with your TAR unit. This
guide explains how to perform the initial configuration of the
server so that it can be accessed via an IP address on your
network.
NOTE: If you do not have the Threat Analysis Reporter Installation
Guide, contact M86 Security immediately to have a copy sent to
you.
Once the TAR unit is set up on the network, the designated
global administrator of the TAR server should be able to
access the unit via its URL, using the user name and pass-
word registered during Step 1 of the wizard hardware instal-
lation procedures.
This manual suits for next models
1
Table of contents
Other M86 Security Security System manuals
