Configuration and Discovery

Download this manual as a PDF file

The following sections describe how to configure and discover Cisco Email Security Appliances for monitoring by SL1 using the Cisco: ESA PowerPack:

Prerequisites for Monitoring Cisco Email Security Appliances

To configure SL1 to monitor Cisco Email Security Appliances using the Cisco: ESA PowerPack, you must first have the following information about the appliance that you want to monitor:

  • The appliance's IP address.
  • The appliance's SNMP community string.

Creating an SNMP Credential for Cisco ESA

To configure SL1 to monitor Cisco Email Security Appliances, you must create an SNMP credential. This credential allows the Dynamic Applications in the Cisco: ESA PowerPack to connect with the Cisco ESA and collect data from it.

To create an SNMP credential:

  1. Go to the Credential Management page (System > Manage > Credentials).

  1. Click the Actions button, and then select Create SNMP Credential. The Create New SNMP Credential modal page appears.

  • Supply values in the following fields:
  • Profile Name. Name of the credential. Can be any combination of alphanumeric characters. This field is required.

  • SNMP Version. SNMP version. Choices are SNMP V1, SNMP V2, and SNMP V3. The default value is SNMP V2. This field is required.
  • Port. The port SL1 will use to communicate with the external device or application. The default value is 161. This field is required.
  • Timeout (ms). Time, in milliseconds, after which SL1 will stop trying to communicate with the SNMP device. The default value is 1500. This field is required.
  • Retries. Number of times SL1 will try to authenticate and communicate with the external device. The default value is 1. This field is required.

SNMP V1/V2 Settings

These fields appear if you selected SNMP V1 or SNMP V2 in the SNMP Version field. Otherwise, these fields are grayed out.

  • SNMP Community (Read Only). The SNMP community string (password) required for read-only access of SNMP data on the remote device or application. For SNMP V1 and SNMP V2 credentials, you must supply a community string, either in this field or in the SNMP Community (Read/Write) field.
  • SNMP Community (Read/Write). The SNMP community string (password) required for read and write access of SNMP data on the remote device or application. For SNMP V1 and SNMP V2 credentials, you must supply a community string, either in this field or in the SNMP Community (Read Only) field.

SNMP V3 Settings

These fields appear if you selected SNMP V3 in the SNMP Version field. Otherwise, these fields are grayed out.

  • Security Name. Name for SNMP authentication. This field is required.

  • Security Passphrase. Password to authenticate the credential. This value must contain at least 8 characters. This value is required if you use a Security Level that includes authentication.
  • Authentication Protocol. Select an authentication algorithm for the credential. Choices are MD5 or SHA. The default value is MD5. This field is required.

  • Security Level. Specifies the combination of security features for the credentials. This field is required. Choices are:
  • No Authentication / No Encryption.
  • Authentication Only. This is the default value.
  • Authentication and Encryption.

  • SNMP v3 Engine ID. The unique engine ID for the SNMP agent you want to communicate with. (SNMPv3 authentication and encryption keys are generated based on the associated passwords and the engine ID.) This field is optional.
  • Context Name. A context is a mechanism within SNMPv3 (and AgentX) that allows you to use parallel versions of the same MIB objects. For example, one version of a MIB might be associated with SNMP Version 2 and another version of the same MIB might be associated with SNMP Version 3. For SNMP Version 3, specify the context name in this field. This field is optional.

  • Privacy Protocol. The privacy service encryption and decryption algorithm. Choices are DES or AES. The default value is DES. This field is required.
  • Privacy Protocol Passphrase. Privacy password for the credential. This field is optional.

  1. Click Save.

Discovering a Cisco Email Security Appliance

To discover the Cisco ESA that you want to monitor:

  1. On the Devices page () or the Discovery Sessions page (Devices > Discovery Sessions), click the Add Devices button. The Select page appears:

Image of the Add Devices wizard, page 1

  1. Click the Unguided Network Discovery button. Additional information about the requirements for discovery appears in the General Information pane to the right.
  1. Click Select. The Add Devices page appears.
  2. Complete the following fields:
  • Name. Type a unique name for this discovery session. This name is displayed in the list of discovery sessions on the Discovery Sessions tab.
  • Description. Optional. Type a short description of the discovery session. You can use the text in this description to search for the discovery session on the Discovery Sessions tab.
  • Select the organization to add discovered devices to. Select the name of the organization to which you want to add the discovered devices
  1. Click Next. The Credentials page of the Add Devices wizard appears:

Image of the Add Devices wizard, page 2

  1. On the Credentials page, select the SNMP credential you created for ESA.
  1. Click Next. The Discovery Session Details page of the Add Devices wizard appears:

Image of the Add Devices wizard, page 2

  1. Complete the following fields:
  • List of IPs/Hostnames. Type the IP address for the ESA device that you want to monitor.
  • Which collector will monitor these devices?. Required. Select an existing collector to monitor the discovered devices.
  • Run after save. Select this option to run this discovery session as soon as you save the session.

In the Advanced options section, click the down arrow icon () to complete the following fields:

  • Model Devices. Enable this setting.
  1. Click Save and Run if you enabled the Run after save setting, or Save and Close to save the discovery session. The Discovery Sessions page (Devices > Discovery Sessions) displays the new discovery session.
  2. If you selected the Run after save option on this page, the discovery session runs, and the Discovery Logs page displays any relevant log messages. If the discovery session locates and adds any devices, the Discovery Logs page includes a link to the Device Investigator page for the discovered device.

Discovering a Cisco Email Security Appliance in the SL1 Classic User Interface

To discover the Cisco ESA that you want to monitor:

  1. Go to the Discovery Control Panel page (System > Manage > Classic Discovery or System > Manage > Discovery in the classic user interface).

  1. Click the Create button. The Discovery Session Editor page appears.

  1. On the Discovery Session Editor page, define values in the following fields:
  • Name. Type a name for the discovery session.

  • IP Address/Hostname Discovery List. Type the IP address for the ESA device that you want to monitor.
  • SNMP Credentials. Select the SNMP credential you created for ESA.
  • Model Devices. Select this checkbox.
  1. Optionally, you can enter values in the other fields on this page. For more information about the other fields on this page, see the Discovery & Credentials section.
  2. Click Save, and then close the Discovery Session Editor window.
  3. The discovery session you created appears at the top of the Discovery Control Panel page. Click its lightning-bolt icon () to run the discovery session.
  4. When the ESA is discovered, click its device icon () to view its Device Properties page.