McAfee® Network Protection Industry-leading network security solutions System Status Monitoring Guide McAfee® Network Security Platform Network Security Manager version 6.0 revision 3.0 COPYRIGHT Copyright ® 2001 - 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARKS ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, McAfee, McAfee (AND IN KATAKANA), McAfee AND DESIGN, McAfee.COM, McAfee VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE AND PATENT INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO McAfee OR THE PLACE OF PURCHASE FOR A FULL REFUND. License Attributions This product includes or may include: * Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). * Cryptographic software written by Eric A. Young and software written by Tim J. Hudson. * Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL, which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. * Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. * Software originally written by Robert Nordier, Copyright (C) 1996-7 Robert Nordier. * Software written by Douglas W. Sauder. * Software developed by the Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. * International Components for Unicode ("ICU") Copyright (C) 1995-2002 International Business Machines Corporation and others. * Software developed by CrystalClear Software, Inc., Copyright (C) 2000 CrystalClear Software, Inc. * FEAD(R) Optimizer(R) technology, Copyright Netopsystems AG, Berlin, Germany. * Outside In(R) Viewer Technology (C) 1992-2001 Stellent Chicago, Inc. and/or Outside In(R) HTML Export, (C) 2001 Stellent Chicago, Inc. * Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper, (C) 1998, 1999, 2000. * Software copyrighted by Expat maintainers. * Software copyrighted by The Regents of the University of California, (C) 1996, 1989, 1998-2000. * Software copyrighted by Gunnar Ritter. * Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., (C) 2003. * Software copyrighted by Gisle Aas. (C) 1995-2003. * Software copyrighted by Michael A. Chase, (C) 1999-2000. * Software copyrighted by Neil Winton, (C) 1995-1996. * Software copyrighted by RSA Data Security, Inc., (C) 1990-1992. * Software copyrighted by Sean M. Burke, (C) 1999, 2000. * Software copyrighted by Martijn Koster, (C) 1995. * Software copyrighted by Brad Appleton, (C) 1996-1999. * Software copyrighted by Michael G. Schwern, (C) 2001. * Software copyrighted by Graham Barr, (C) 1998. * Software copyrighted by Larry Wall and Clark Cooper, (C) 1998-2000. * Software copyrighted by Frodo Looijaard, (C) 1997. * Software copyrighted by the Python Software Foundation, Copyright (C) 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org. * Software copyrighted by Beman Dawes, (C) 1994-1999, 2002. * Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek (C) 1997-2000 University of Notre Dame. * Software copyrighted by Simone Bordet & Marco Cravero, (C) 2002. * Software copyrighted by Stephen Purcell, (C) 2001. * Software developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/). * Software copyrighted by International Business Machines Corporation and others, (C) 1995-2003. * Software developed by the University of California, Berkeley and its contributors. * Software developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http:// www.modssl.org/). * Software copyrighted by Kevlin Henney, (C) 2000-2002. * Software copyrighted by Peter Dimov and Multi Media Ltd. (C) 2001, 2002. * Software copyrighted by David Abrahams, (C) 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation. * Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, (C) 2000. * Software copyrighted by Boost.org, (C) 1999-2002. * Software copyrighted by Nicolai M. Josuttis, (C) 1999. * Software copyrighted by Jeremy Siek, (C) 1999-2001. * Software copyrighted by Daryle Walker, (C) 2001. * Software copyrighted by Chuck Allison and Jeremy Siek, (C) 2001, 2002. * Software copyrighted by Samuel Krempp, (C) 2001. See http://www.boost.org for updates, documentation, and revision history. * Software copyrighted by Doug Gregor (gregod@cs.rpi.edu), (C) 2001, 2002. * Software copyrighted by Cadenza New Zealand Ltd., (C) 2000. * Software copyrighted by Jens Maurer, (C) 2000, 2001. * Software copyrighted by Jaakko Järvi (jaakko.jarvi@cs.utu.fi), (C) 1999, 2000. * Software copyrighted by Ronald Garcia, (C) 2002. * Software copyrighted by David Abrahams, Jeremy Siek, and Daryle Walker, (C) 1999-2001. * Software copyrighted by Stephen Cleary (shammah@voyager.net), (C) 2000. * Software copyrighted by Housemarque Oy <http://www.housemarque.com>, (C) 2001. * Software copyrighted by Paul Moore, (C) 1999. * Software copyrighted by Dr. John Maddock, (C) 1998-2002. * Software copyrighted by Greg Colvin and Beman Dawes, (C) 1998, 1999. * Software copyrighted by Peter Dimov, (C) 2001, 2002. * Software copyrighted by Jeremy Siek and John R. Bandela, (C) 2001. * Software copyrighted by Joerg Walter and Mathias Koch, (C) 2000-2002. * Software copyrighted by Carnegie Mellon University (C) 1989, 1991, 1992. * Software copyrighted by Cambridge Broadband Ltd., (C) 2001-2003. * Software copyrighted by Sparta, Inc., (C) 2003-2004. * Software copyrighted by Cisco, Inc and Information Network Center of Beijing University of Posts and Telecommunications, (C) 2004. * Software copyrighted by Simon Josefsson, (C) 2003. * Software copyrighted by Thomas Jacob, (C) 2003-2004. * Software copyrighted by Advanced Software Engineering Limited, (C) 2004. * Software copyrighted by Todd C. Miller, (C) 1998. * Software copyrighted by The Regents of the University of California, (C) 1990, 1993, with code derived from software contributed to Berkeley by Chris Torek. Issued SEPTEMBER 2010 / System Status Monitoring Guide 700-2375-00/ 3.0 - English iii Contents Preface vi Introducing McAfee Network Security Platform vi About this Guide vi Audience vi Conventions used in this book vii Related Documentation vii Contacting Technical Support ix Chapter 1 Using the Threat Analyzer 1 Defining terms 1 The life cycle of an alert 2 Understanding the alert cache and the database 2 Host Intrusion Prevention alerts 4 Chapter 2 Navigating to the Threat Analyzer 5 Real-Time Threat Analyzer 6 Historical Threat Analyzer 6 Selecting time constraints for Historical Threat Analyzer 6 Sample drilldown scenario 7 Threat Analyzer Home 8 Chapter 3 Alert Aggregation in Network Security Central Manager 10 Threat Analyzer of the Central Manager 10 Understanding alert aggregation and monitoring in Central Manager 11 Navigating to the Threat Analyzer from the Central Manager 12 Central Manager Threat Analyzer Home 13 Chapter 4 Viewing Alerts Dashboards 14 NSP Health view 14 Customized Dashboards and Monitors 15 Monitoring Sensor Performance metrics 27 Messages from McAfee 36 Status of Activities 36 Operational Status Summary 36 Sensor Update Summary 36 Viewing Operational Status 37 Viewing IPS alerts summary 38 Time view 39 Consolidated view 40 Viewing NAC summary 44 NTBA 45 The NTBA Monitors 46 Chapter 5 Viewing Alerts details 50 iv Viewing alert attributes 51 Action buttons 53 Alerts view: Right-click options 54 Sorting alerts by attributes 57 Viewing data in the Count view 59 Sorting alerts using multiple criteria 60 Creating display filters for alerts 61 Acknowledging alerts 62 Show details of a specific attack 64 Viewing the Attack-Type 65 Performing a response action 70 Viewing a packet log 71 Sending a TCP Reset 72 Blocking further DoS packets for statistical attacks 72 Configuring attack filter association 73 Viewing and editing attack responses 75 Running a script 75 Viewing and saving an Evidence Report 77 IPS Quarantine options in Alerts page 78 Adding hosts for IPS Quarantine from the Alerts page 78 Quarantine of hosts from Alert Details 79 Manual Quarantine of a Host 81 Quarantining options for NTBA Policy Violation Alerts, Botnet, and Behavioral Alerts 82 Performing an NSLookup 84 Querying host details from the ePO server 84 Viewing details of Source and Destination Hosts 85 Viewing host details using IP address 88 Deleting alerts 93 Hiding alerts 93 Creating incidents 94 Adding alerts to an incident 96 Adding occurrences to an incident 96 Exporting incidents 97 Identifying new attacks in the Threat Analyzer 97 Setting preferences for viewing new threats 98 Viewing the first seen alerts in the Alerts page 100 Assigning a new threats monitor to a new dashboard 100 Chapter 6 Viewing Hosts details 104 Viewing host attributes 106 Hosts view: right-click options 106 NAC options in the Hosts page 107 Creating display filters for hosts 109 Viewing historical host data using display filter 110 IPS Quarantine options from the Hosts page 111 Chapter 7 Using Incident Viewer 113 Viewing incidents 115 Chapter 8 Viewing Host Forensics 116 Viewing ePO Information 116 Viewing host details using IP address 116 Launching ePO console form the Host Forensics page 118 Viewing Latest events from the Host Forensics page 119 On-demand Scan of Hosts listed in Alerts in the Threat Analyzer 120 Viewing Vulnerability Manager scans 122 Vulnerability Manager scan option 123 Rescanning the host 126 Concurrent scans 126 Fault messages for Vulnerability Manager on-demand scan 127 Vulnerability Manager scan from Hosts page 127 Network scenarios for Vulnerability Manager scan 128 v Chapter 9 Setting Preferences 131 General Panel 131 Enabling IP address name resolution 132 Alerts View Panel 134 Hosts View Panel 135 Watch List 136 Historical Constraints 138 Chapter 10 Monitoring Operational Status 140 Operational Status condition indicator 140 Operational Status interface 141 Viewing a summary of selected fault messages 144 Fault window action buttons 144 Viewing the details of a specific fault 145 Action buttons 146 System fault messages 146 Index 147 vi Preface This preface provides a brief introduction to the product, discusses the information in this document, and explains how this document is organized. It also provides information such as, the supporting documents for this guide and how to contact McAfee Technical Support. Introducing McAfee Network Security Platform McAfee ® Network Security Platform [formerly McAfee ® IntruShield ® ] delivers the most comprehensive, accurate, and scalable Network Access Control (NAC), network Intrusion Prevention System (IPS) and Network Threat Behavior Analysis (NTBA) for mission-critical enterprise, carrier and service provider networks, while providing unmatched protection against spyware; known, zero-day, and encrypted attacks. McAfee ® Network Threat Behavior Analysis Appliance provides the capability of monitoring network traffic by analyzing NetFlow information flowing through the network in real time, thus complementing the NAC and IPS capabilities in a scenario in which McAfee Network Security Sensor, NAC Sensor, and NTBA Appliance are installed and managed through a single Manager. About this Guide This System Status Monitoring Guide provides different sections on two functionalities of the Threat Analyzer interface- Monitoring alerts and system health. Alerts section describes the Threat Analyzer functionality, configuration, and field descriptions. Operational Status section describes the health interface and the messages related to the status of your installed Network Security Platformcomponents. This guide will walk you through:  Using the Threat Analyzer (on page 1 ): gives you detailed information on how to navigate through the Threat Analyzer, starting the Threat Analyzer, generating user incidents, and setting the Threat Analyzer preferences.  Operational Status: details the functional status for all of your installed Network Security PlatformIPS components, Operational Status indicators and viewing summaries of selected faults in the Operational Status interface. Audience This guide is intended for use by network technicians responsible for maintaining McAfee ® Network Security Manager and analyzing and disseminating the resulting data. It is assumed that you are familiar with IPS-related tasks, the relationship between tasks, and the commands necessary to perform particular tasks. McAfee® Network Security Platform 6.0 Preface vii Conventions used in this book This document uses the following typographical conventions: Convention Example Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI) are shown in Arial Narrow bold font. The Service field on the Properties tab specifies the name of the requested service. Menu or action group selections are indicated using a right angle bracket. Select My Company > Admin Domain > Summary. Procedures are presented as a series of numbered steps. 1. On the Configuration tab, click Backup. Names of keys on the keyboard are denoted using UPPER CASE. Press ENTER. Text such as syntax, key words, and values that you must type exactly are denoted using Courier New font. Type: setup and then press ENTER. Variable information that you must type based on your specific situation or environment is shown in italics. Type: Sensor-IP-address and then press ENTER. Parameters that you must supply are shown enclosed in angle brackets. set Sensor ip <A.B.C.D> Information that you must read before beginning a procedure or that alerts you to negative consequences of certain actions, such as loss of data is denoted using this notation. Caution: Information that you must read to prevent injury, accidents from contact with electricity, or other serious consequences is denoted using this notation. Warning: Notes that provide related, but non- critical, information are denoted using this notation. Note: Related Documentation The following documents and on-line help are companions to this guide. Refer to Quick Tour for more information on these guides  Quick Tour  Installation Guide  Upgrade Guide McAfee® Network Security Platform 6.0 Preface viii  Getting Started Guide  IPS Deployment Guide  Manager Configuration Basics Guide  I-1200 Sensor Product Guide  I-1400 Sensor Product Guide  I-2700 Sensor Product Guide  I-3000 Sensor Product Guide  I-4000 Sensor Product Guide  I-4010 Sensor Product Guide  M-1250/M-1450 Sensor Product Guide  M-1250/M-1450 Quick Start Guide  M-2750 Sensor Product Guide  M-2750 Quick Start Guide  M-3050/M-4050 Sensor Product Guide  M-3050/M-4050 Quick Start Guide  M-6050 Sensor Product Guide  M-6050 Quick Start Guide  M-8000 Sensor Product Guide  M-8000 Quick Start Guide  Gigabit Optical Fail-Open Bypass Kit Guide  Gigabit Copper Fail-Open Bypass Kit Guide  10 Gigabit Fail-Open Bypass Kit Guide  M-8000/M-6050/M-4050/M-3050 Slide Rail Assembly Procedure  M-2750 Slide Rail Assembly Procedure  M-series DC Power Supply Installation Procedure  Administrative Domain Configuration Guide  Manager Server Configuration Guide  CLI Guide  Device Configuration Guide  IPS Configuration Guide  NAC Configuration Guide  Integration Guide  System Status Monitoring Guide  Reports Guide  Custom Attack Definitions Guide  Central Manager Administrator's Guide  Best Practices Guide  Troubleshooting Guide  Special Topics Guide—In-line Sensor Deployment  Special Topics Guide—Sensor High Availability  Special Topics Guide—Virtualization  Special Topics Guide—Denial-of-Service  NTBA Appliance Administrator's Guide  NTBA Monitoring Guide  NTBA Appliance T-200 Quick Start Guide McAfee® Network Security Platform 6.0 Preface ix  NTBA Appliance T-500 Quick Start Guide Contacting Technical Support If you have any questions, contact McAfee for assistance: Online Contact McAfee Technical Support http://mysupport.mcafee.com. Registered customers can obtain up-to-date documentation, technical bulletins, and quick tips on McAfee's 24x7 comprehensive KnowledgeBase. In addition, customers can also resolve technical issues with the online case submit, software downloads, and signature updates. Phone Technical Support is available 7:00 A.M. to 5:00 P.M. PST Monday-Friday. Extended 24x7 Technical Support is available for customers with Gold or Platinum service contracts. Global phone contact numbers can be found at McAfee Contact Information http://www.mcafee.com/us/about/contact/index.html page. Note: McAfee requir es that you provide your GRANT ID and the serial number of your system when opening a ticket with Technical Support. You will be provided with a user name and password for the online case submission. 1 C HAPTER 1 Using the Threat Analyzer The Threat Analyzer is used for the analysis of the alerts detected by your McAfee ® Network Security Platform [formerly McAfee ® IntruShield ® ] Sensors as well as those processed by an integrated Host Intrusion Prevention Server. The Threat Analyzer works in conjunction with the policies applied to your McAfee ® Network Security Sensor and Host Intrusion Prevention Sensors. For more information on policies, see IPS Configuration Guide. When a transmission violating your enforced security policies is detected by a Sensor, the Sensor compiles information about the offending transmission and sends this “attack” data to McAfee ® Network Security Manager in the form of an alert. Alert details include transmission data such as source and destination IP addresses in the packet, as well as security analysis information (performed by the Sensor) such as attack type and severity. Alerts are backed up to the database and archived in order of occurrence. Note: Security analysis information can be determined by a signature match, set threshold parameters, and abnormal spiking in traffic levels. All of these measures are enforced through policy configuration and application. The Threat Analyzer opens in a separate browser window from that of the Manager Home page, providing a concentrated view for alert analysis. When you open the Threat Analyzer, you specify a time frame to retrieve alerts from the database. The Manager retrieves the alerts matching your criteria and displays them in the Threat Analyzer. By examining and acknowledging the alerts, you can use the information your analysis provides to determine your system weaknesses and modify your defenses. Note: If you make configuration changes while maintaining an open Threat Analyzer session, your configuration changes will not take affect in regards to actually seeing the changes in the Threat Analyzer. The Threat Analyzer must be closed and re- opened to view your changes. Configuration changes can include changing the policy of a VIPS, splitting a port pair into two single ports and applying a separate policy to each port; exporting User-defined Signature to the Manager’s attack database, then applying a policy containing custom attacks to a VIPS; and so forth as configuration changes that affect policy application are made. Defining terms An attack is any violation of your set McAfee ® Network Security Platform policy parameters. An alert is one or more attack instances. In many cases, an alert represents a single detected attack. A multi-attack alert is generated when multiple instances of identical attacks (same source IP, destination IP, specific attack name, and VIPS [interface or sub-interface ID where alert was detected]) are detected within a two-minute period (by default); data for all attacks is throttled into one alert instance; however, you can also choose to configure how many of each throttled attacks you want to see in an individual alert (For more information, see Configuring alert suppression with packet log response, Devcie Configuration Guide. ). Each of the two main [...]... Alert Aggregation in Network Security Central Manager McAfee Network Security Central Manager provides you with a single sign-on mechanism to manage the authentication of global users across all Managers configuration Threat analysis tasks are performed at the Manager level and aggregated at the Network Security Central Manager (Central Manager) Local Managers attached to the Central Manager push new alerts... alerts In the local Manager, a secured communication is established between the local Manager and the Threat Analyzer Each local Manager pushes new alerts and modifications into the Central Manager The Threat Analyzer of the Central Manager connects to the Central Manager for retrieving live alerts 11 McAfee® Network Security Platform 6.0 Alert Aggregation in Network Security Central Manager Navigating... number of alerts the Threat Analyzer can display has a direct correlation to your system’s memory Since you can access McAfee® Network Security Manager (Manager) from the local host or a remote connection, this depends on the machine used for Manager 5 McAfee® Network Security Platform 6.0 Navigating to the Threat Analyzer login The memory overhead for alerts, including the code base and Java virtual... 12 McAfee® Network Security Platform 6.0 Alert Aggregation in Network Security Central Manager Central Manager Threat Analyzer Home The Central Manager Threat Analyzer Home page is the central interface of the Threat Analyzer and displays the Dashboards page by default The Threat Analyzer pages are logically divided into 2 sections: the top menu bar and the lower display area Figure 8: Central Manager. .. monitoring in the Central Manager extends the model of alert monitoring in the local Manager Local Managers managed by the Central Manager push alerts to the Central Manager The Alerts from the local Managers are aggregated in the Central Manager Threat Analyzer Any changes triggered by a Threat Analyzer that is connected to a local Manager, are placed in the notification cache in the local Manager These notifications... Central Manager These alerts are aggregated in the Central Manager Threat Analyzer Alerts from the Managers managed by the Central Manager can be monitored and managed from the Central Manager The Real-Time Threat Analyzer of the Central Manager consolidates alerts from the local Managers and displays them for monitoring purposes Threat Analyzer of the Central Manager The Threat Analyzer in the Central Manager. .. applying a separate 10 McAfee® Network Security Platform 6.0 Alert Aggregation in Network Security Central Manager policy to each port, exporting custom attacks to the Manager' s attack database, then applying a policy containing the custom attacks to a VIPS and so forth as configuration changes that affect policy application are made Understanding alert aggregation and monitoring in Central Manager Alert monitoring... Analyzer from the Network Security Platform Security Manager Home page, the Historical Constraints page is displayed Figure 3: Setting parameters for Historical Threat Analyzer 1 Select the Start Time and End Time for viewing alerts historical data from the database 2 (Optional) Click More Constraints to select filtering parameters for your historical query 6 McAfee® Network Security Platform 6.0 Navigating... Manager aggregates, alert information from the Managers attached to the Central Manager The Threat Analyzer is used for analysis of alerts detected by your McAfee Network Security Sensors integrated and configured through the Managers attached to the Central Manager The Threat Analyzer works in conjunction with the policies applied to your McAfee Network Security Sensor and Host Intrusion Prevention... number of alerts that can be viewed at a time, the oldest alerts are dropped to accommodate new alerts Since no modifications have been made, the database version is maintained and the cached version is deleted 3 McAfee® Network Security Platform 6.0 f Using the Threat Analyzer A Historical query pulls alerts only from the database; there is no interaction between the alert cache and a Historical query . Guide  M- 305 0/M- 405 0 Sensor Product Guide  M- 305 0/M- 405 0 Quick Start Guide  M - 60 50 Sensor Product Guide  M - 60 50 Quick Start Guide  M- 800 0 Sensor. (C) 200 0- 200 2. * Software copyrighted by Peter Dimov and Multi Media Ltd. (C) 200 1, 200 2. * Software copyrighted by David Abrahams, (C) 200 1, 200 2. See