How to Send a Test Incident to ASM

---

This tool lets you test and debug the search scopes, and actions to verify ASM's response to an event. You can perform a basic test that sends a inform message directly to ASM, bypassing the SNMPTrap Service or you can configure a more comprehensive test to test the complete path (IDS to SNMPTrap Service/Console to ASM), simulating exactly the workings of an actual inform message. This more comprehensive test requires that the SNMP message be correctly specified (including authentication credentials) and that Console's SNMPTrap Service is running.

	NOTES:	Your client system must have SNMP access to the server to use the Test response by sending an SNMP trap to ASM level of testing. The NetSight SNMPTrap Service (snmptrapd) must be configured with Security User credentials and/or Engine IDs for devices from which Console's SNMPTrap Service (snmptrapd) accepts SNMPv3 Notification messages. Without this information, the SNMPTrap Service drops notification messages. The traps do not appear in the Events view and ASM does not receive notification. Refer to How to Configure the SNMPTrap Service to learn more about configuring SNMPTrap Service.

To test a response by sending threat information directly to ASM:

1. Select Test a response by sending threat information directly to ASM.
2. Set the parameters under the heading Specify parameters of test incident for the test incident that will be sent to ASM:
   • Sender ID - This is a unique identifier associated with the intrusion detection system that detected the security event.
   • Sender Name - The sender name being tested. This is a unique name associated with the intrusion detection system that detected the event. Sender Names are case sensitive.
   • Threat Category - The event category being tested. ASM's default event categories categories are ASM_ATTACK, ASM_COMPROMISE, ASM_INFORMATIONAL, and ASM_MISUSE. Event Category Names are case sensitive.
   • Signature - A signature provides a unique identifier for the threat being tested.
   • Threat IP - The address where the threat is detected and where ASM applies an action if one is configured for this threat.
3. Click Send Incident to ASM. Your incident appears in the table in the ASM Monitor window.

To perform a more comprehensive test:

1. Select Test response by sending an SNMP trap to ASM.
2. Set the parameters for the basic test (Specify parameters of test incident to be sent to ASM).
3. Set the parameters under the heading Specify additional parameters for sending SNMP trap.
   • SNMPv3 User Name - The user name of the simulated user.
   • Authentication Type - The authentication method used for the inform (MD5 or SHA) message.
   • Authentication Password - The authentication password of the simulated user.
   • Privacy Type - The encryption method used for the inform (DES or None) message.
   • Privacy Password - The encryption password for the simulated user.
   • Trap Receiver - The system on which the SNMPTrap Service is running.
4. If necessary, edit the SNMPTrapd.conf file to configure user credentials in Console's SNMPTrap Service. (Refer to How to Configure the SNMPTrap Service for more information about editing this file.)
5. Click Send Incident to ASM. Your incident appears in the table in the ASM Monitor window.

---

Related Information

For information on related windows:

• Automated Security Manager Configuration Window
• Automated Security Manager Options
• Automated Security Manager Activity Monitor

For information on related tasks:

• How to Set Automated Security Manager Options
• How to Create and Edit Automated Security Manager Rules
• How to Use Automated Security Manager Activity Monitor