NSM module only monitors what it sees from its own physical connection to the network, or what it is told by a probe or meter. The two options for feeding data to NSM are described below. You must choose and implement one or more of these methods for NSM to correctly see data on your network.
Use port mirroring: Some switches have a feature that allows the administrator to configure the switch so that all traffic that comes in or goes out on a set of ports is also copied and sent to another port. This mirrored port is then physically connected to BLËSK. The network card connected to the mirrored port doesn’t require an IP address. You will just need to make sure that it comes up during start-up.
Use bProbe: bProbe is a network probe that is configured to run in packet logger mode. It can be installed on a PC and inserted at a key juncture in a network to monitor and collect network activity data. The data collected is automatically sent to a central « receiver » server (in this case, BLËSK ). This method also requires a port mirroring configuration.
BLËSK is already configured as an IDS collector, so you do not have anything to do on the server side in order to achieve this. When data is received, it will automatically be collected and processed by BLËSK. The probe or meter will appear as a sensor on the NSM dashboard.
Vulnerability Assessment
NSM also comes with a “Vulnerability Assessment” software that let you scan devices for know vulnerability. Here how to use it to scan a range of IP addresses on your network.
1 . Click on the “Vulnerability Assessment” link available on the upper right side of NSM GUI.
2 . Go to Configure | Targets to define IP address range to scan.
3 . Once on the “Targets” page, click on the blue icon representing a star located at the upper left of the page (1). Then enter the name you want to give to this IP Network range (2), then provide the IP range information (3) and click on the “Create” button (4).
4 . Now we have to define a schedule for the scan to know when to start. Go to Configure | Schedules.
5 . Once on the “Schedules” page, click on the blue icon representing a star located at the upper left of the page (1). Then enter the name you want to give to this schedule (2), then provide your timezone information (3), the period for the schedule, in our case it’s 1 week (4), and click on the “Create” button (5).
6 . Finally, create the task that will do the job. Go to Scan | Tasks.
7 . On the “Scan” page, click on the blue icon representing a star located at the upper left of the page (0). Then enter the name you want to give to this task (1), then select the target we previously created from the drop down list(2), same thing for the schedule (3), and click on the “Create” button (4).
