Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

SIM questions...

Updated: 22 May 2010 | 2 comments
Greg_Houston's picture
Greg_Houston
0 0 Votes
Login to vote
This issue has been solved. See solution.

Few questions I'm hoping others can help with:

I saw several articles indicated the Symantec SIM has a built in sniffer option to build an asset table.
So far, I am not able to find if this is true or how to enable.

Also, what about the SIM having a built in vulnerability scan feature?

Lastly,   I have a need to determine what traffic is flowing over range of IP addresses 999.999.*.*.
Using our SIM, netlfow provides significant amount of network traffic information.
The problem is how to search an IP range or use a wildcard.

How can I use the SIM to pull together the traffic data?

I appreciate your help.

discussion Filed Under:
, , ,

Comments

shaun_b's picture
17
Jun
2009
1 Vote +1
Login to vote
shaun_b
Accredited

1. Asset population needs to

1. Asset population needs to be imported. SSIM doesn't have a "scanning" feature to import this data. However, importing this data can be simplified. You can use comma delimited file to import, or you can use Nessus, Qualys or Retina collectors to automatically populate the asset table. I believe there are a bunch of other collectors that will allow automatic asset population as well. Your best bet would simply be to get a nessus scan of your network completed, integrate the nessus collector, and then once the first pull of the database happens all of your assets will be populated, along with the vulnerability information which works to your advantage with the correlation process.

2. No built in Vulnerability Scan feature. It's a information management solution. However, using some of the suggestions above would give you the ability to easily obtain this data.

3. You need to create specific "Queries" in order to gather this information using the defined criteria. Use the admin guide to learn more about creating queries but it's pretty simple for the task you have.

SOLUTION
Laurent_c's picture
17
Jun
2009
0 Votes 0
Login to vote
Laurent_c
Symantec Employee
Accredited

As Shaun pointed out the

As Shaun pointed out the automatic asset population is done by Collector product. Nessus is popular, but you can also use the SEP State Collector or the ESM Collector and it will work very well.

There is an option to import a CSV file too, you can export the machine in your list from your AD and modify a bit the csv, then it will import you entire active directory. (but this won't be automatically updated with vulnerabilities like a network scanner.)

Laurent

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,949