Detector Software Appliance User Guide

Similar documents
Network Detective. Network Detective Inspector RapidFire Tools, Inc. All rights reserved Ver 3D

HDA Integration Guide. Help Desk Authority 9.0

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Avalanche Site Edition

Customer admin guide. UC Management Centre

Network Detective. Security Assessment Module Using the New Network Detective User Interface Quick Start Guide

Network Detective. PCI Compliance Module Using the PCI Module Without Inspector RapidFire Tools, Inc. All rights reserved.

Freshservice Discovery Probe User Guide

WatchDox Administrator's Guide. Application Version 3.7.5

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Instructions for installing Microsoft Windows Small Business Server 2003 R2 on HP ProLiant servers

First Time On-Campus VLab Setup Windows XP Edition

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

SevOne NMS Download Installation and Implementation Guide

Getting Started with Vision 6

This document is intended to make you familiar with the ServersCheck Monitoring Appliance

Monnit Wi-Fi Sensors. Quick Start Guide

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

LifeCyclePlus Version 1

Remote Desktop Services User's Guide

Advanced Event Viewer Manual

Workflow Templates Library

Quick Start Guide FLIR Firmware Update Tool

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Novell ZENworks Asset Management 7.5

User Management Guide

Release Notes. Contents. Release Purpose. Platform Compatibility. Windows XP and Internet Explorer 8 Update

genie app and genie mobile app

Job Aid: Creating Additional Remote Access Logins

Xerox EX Print Server, Powered by Fiery, for the Xerox 700 Digital Color Press. Printing from Windows

Flowlink Pro Server Software Installation Guide

138 Configuration Wizards

Stellar Phoenix Exchange Server Backup

Fiery EX4112/4127. Printing from Windows

Online Help StruxureWare Data Center Expert

6.0. Getting Started Guide

Printer Maestro. True Enterprise Print Management for Windows WHITE PAPER

Content Filtering Client Policy & Reporting Administrator s Guide

Internet Explorer 7. Getting Started The Internet Explorer Window. Tabs NEW! Working with the Tab Row. Microsoft QUICK Source

Wireless-N. User Guide. PCI Adapter WMP300N (EU) WIRELESS. Model No.

How to install and use the File Sharing Outlook Plugin

VMware Horizon FLEX User Guide

COMMANDS 1 Overview... 1 Default Commands... 2 Creating a Script from a Command Document Revision History... 10

User Guide for Windows 10

Intelli-M Access Quick Start Guide

Virtual Appliance Setup Guide

Using WhatsUp IP Address Manager 1.0

RPM Utility Software. User s Manual

Wireless LAN g USB Adapter

Backup & Disaster Recovery Appliance User Guide

TSM Studio Server User Guide

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

Ipswitch Client Installation Guide

Rapid Assessment Key User Manual

Novell ZENworks Asset Management

TE100-P21/TEW-P21G Windows 7 Installation Instruction

StarWind iscsi SAN Software: Tape Drives Using StarWind and Symantec Backup Exec

MFC7840W Windows Network Connection Repair Instructions

MGC WebCommander Web Server Manager

BaseManager & BACnet Manager VM Server Configuration Guide

Suite. How to Use GrandMaster Suite. Exporting with ODBC

Charter Business Desktop Security Administrator's Guide

Configuration Information

Smart Control Center. User Guide. 350 East Plumeria Drive San Jose, CA USA. November v1.0

Acceptable Encryption Usage for UTHSC

Trend Micro KASEYA INTEGRATION GUIDE

Legal Notes. Regarding Trademarks KYOCERA Document Solutions Inc.

F-Secure Messaging Security Gateway. Deployment Guide

Deposit Direct. Getting Started Guide

Internet Filtering Appliance. User s Guide VERSION 1.2

Cisco TelePresence Management Suite Extension for Microsoft Exchange

Site Monitor. Version 5.3

Dell SonicWALL Aventail Connect Tunnel User Guide

System Center 2012 R2 SP1 Configuration Manager & Microsoft Intune

Data Center Connector for vsphere 3.0.0

Using Device Discovery

Chapter 10 Encryption Service

Andover Continuum Remote Communication Configuration Guide

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Setting up and Automating a MS Dynamics AX Job in JAMS

SNMP Web Management. User s Manual For SNMP Web Card/Box

Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager. Install Guide. Idera Inc., Published: April 2013

SysPatrol - Server Security Monitor

Setup Cisco Call Manager on VMware

Intel Active Management Technology with System Defense Feature Quick Start Guide

User s Manual. Management Software for ATS

McAfee Endpoint Encryption for PC 7.0

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

ScriptLogic Enterprise Security Reporter. VERSION 3 Installation Guide

1 Download & Installation Usernames and... Passwords

SonicWALL SRA Virtual Appliance Getting Started Guide

NETGEAR genie Apps. User Manual. 350 East Plumeria Drive San Jose, CA USA. August v1.0

How to setup a network printer using HP Universal Printer Driver

R&S AFQ100A, R&S AFQ100B I/Q Modulation Generator Supplement

BillQuick Agent 2010 Getting Started Guide

How to use Pcounter for Windows Common Configurations and Options Revised April 30, 2008

Deployment Guide: Transparent Mode

Wireless Network Guide

CaseWare Time. CaseWare Cloud Integration Guide. For Time 2015 and CaseWare Cloud

Transcription:

Software Appliance User Guide 2017 RapidFire Tools, Inc. All rights reserved 20170119 Ver 4C

Contents Overview... 3 Components of the... 3... 3 Diagnostic Tool... 3 Network Detective Application... 3 Features... 4 Level 1 (Daily) Network Scan... 4 Level 2 (Weekly) Security Scan... 4 Daily Alerts... 4 Weekly Notices... 4 Automated Assessment Reporting... 4 Remote Updating of the... 5 Automated Scanning and Scheduling Best Practices... 5 Getting Started... 6 Deployment Options... 6 Installing the on Hyper-V or VMware... 6 Starting the on Hyper-V or VMware... 6 Connecting the Optional Small Form Factor Server Computer... 6 Creating a Site and Associating the to the Site... 7 Step 1 - Creating a New Site... 7 Step 2 - Adding a to a Site... 8 Warning Concerning the Removal of a Appliance from a Site... 9 Backing Up Smart Tags for Reuse... 9 Defining the Settings... 10 Configuring Daily and Weekly Data Collection Scans and Schedules... 10 Configuring the Scan Settings... 11 Setting Daily Alert and Weekly Notice Schedule... 17 Setting Up Daily Alerts and Weekly Notices... 20 Setting-up Daily Alerts... 20 Example of a Daily Alert... 31 1

Setting Up Weekly Notices... 32 Example of a Weekly Notice... 41 Assigning Smart Tags to Change Events that Refine Alerts and Notices... 42 Examples of Smart Tag Use... 42 Warning Concerning the Removal of a Appliance from a Site... 43 Backing Up Smart Tags for Reuse... 43 Adding and Configuring Smart Tags... 44 Deleting Smart Tags... 53 Viewing the Notifications History and Past Alert Details... 54 Preferences Menu Options... 56 Setting the Master Report Default Preferences... 56 Using the Manage Appliance Feature to Configure Automatic Report Generation... 57 Setting Up Automatic Reports for Network Assessments... 57 Setting Up Automatic Reports for Security Assessments... 63 Updating a Software Appliance... 68 Appendices... 70 Appendix I Software Appliance Diagnostic Tool... 70 Purpose of the Diagnostic Tool... 70 Appendix II Saving and Reusing Smart Tags through Export and Import... 73 Steps to Export and Save Smart Tags for Later Use... 73 Steps to Import Smart Tags for into your Site for Use with... 76 2

Overview is an appliance-based system used for performing scheduled IT assessment scans then issue network change related Daily Alerts and Weekly Notices after Anomalies, Changes, or Threats (ACT) have been identified on the network. This guide is designed to provide an overview and specific steps required to install and configure the appliance and schedule the collection of data remotely, schedule automated assessment scans, and issue network change related Daily Alerts and Weekly Notices. Components of the This is the software application that operates on either on a user supplied Microsoft Hyper-V or VMware based system or the Small Form Factor Server computer available from RapidFire Tools. Optional Small Form Factor Server Computer This is an optional hardware component that can be purchased from RapidFire Tools to host and operate the. It is a small, portable appliance which plugs into the target network through an Ethernet connection. Diagnostic Tool This tool is used for configuring and troubleshooting the. The Diagnostic Tool should be run on the same network as the to perform diagnostics checks such as for connectivity or for available updates. Network Detective Application This is the same Network Detective desktop application and report generator that is used with any other Network Detective modules. This application contains additional features to manage the remotely. 3

Features The one key purpose of the is to perform scans from the point-of-view of the client s internal network and issue Daily Alerts and Weekly Notices. Below is an overview of the scans that can be performed by the. Level 1 (Daily) Network Scan The Level 1 Network and Security Assessment Scan is a Daily Scan performed from the point-of-view of the. The resulting scan can be used to issue Daily Alerts, Weekly Notices, and generate reports from the Network Assessment and Security Assessment modules. Level 2 (Weekly) Security Scan The Level 2 Network and Security Assessment Scan is a Weekly Scan performed from the point-ofview of the. The resulting scan can be used to issue Weekly Notices and generate reports from the Network Assessment and Security Assessment modules. Daily Alerts Daily Alerts is a feature whereby you and other designated recipients within your company can be sent Alerts via email based on automated scans being performed on a daily basis. These Alerts serve the purpose of notifying you of changes identified within your customer s IT infrastructure after pre-scheduled scans/assessments have been performed. Daily Alerts are sent as emails in both Expanded and Compact detail formats. Weekly Notices Weekly Notices is a feature whereby you and other designated recipients within your company can be sent Notices via email based on automated scans being performed on a weekly basis. These Notices serve the purpose of notifying you of changes identified within your customer s IT infrastructure after pre-scheduled scans/assessments have been performed. Automated Assessment Reporting Automatic Report Generation enables you to use the to schedule and generate of a number of assessment reports associated with the following: Network Assessments Security Assessments Note that the: A) Network Assessment Reports are only available to Network Assessment module subscribers. B) Security Assessment Reports are only available to Security Assessment module subscribers. 4

Remote Updating of the The is easy to update remotely. Updates include bug fixes, new features, and additional scans types. Automated Scanning and Scheduling Best Practices It is recommended that scans are scheduled to be performed on a daily and weekly basis using the Level 1 (Daily) Scan and Level 2 (Weekly) Scan respectively. 5

Getting Started Deployment Options There are two deployment options available to users: deployment on a user owned and operated Hyper-V or VMware based system deployment on the Small Form Factor Computer Server available from RapidFIre Tools Installing the on Hyper-V or VMware Please refer to the Virtual Appliance Installation Guide. During the installation process, please take note of the Appliance ID presented to you during the Virtual Appliance installation process. The Appliance ID will be required when you Associate the with the Network Detective application Site that you will set-up for your client s network as detailed in the instructions provided below. Starting the on Hyper-V or VMware Upon the installation of the Virtual Appliance software, will be available for use based on your purchase of the as referenced within you Network Detective account subscription. Connecting the Optional Small Form Factor Server Computer To set up the Small Form Factor Server Computer used to operate the, first go to the physical location of the target network. After finding a secure location for the device, connecting it to the network can be accomplished in two easy steps: Note: When users have purchased a Small Form Factor Server Computer, the Appliance ID can be found on a printed label on the Small Form Factor Server Computer itself. 6

Creating a Site and Associating the to the Site In order to set up the use of to identify security issues and issue alerts, a Site must be created within the Network Detective application and the that is connected to your client s network must be Associated with the created Site. Before using the, the must be associated with a Site in the Network Detective application. Perform the following steps to use Network Detective to create a Site and Associate a with the site: Step 1 - Creating a New Site If you have not yet added any Sites, open the Network Detective application and navigate to New Site from the Home screen. Define a name for the Site. This should be unique and easily identifiable, such as the customer name or physical location. 7

Step 2 - Adding a to a Site Adding a to a Site After starting a new assessment, or within an existing assessment, in order to Associate a with the Site, you must first select the selector symbol to expand the Site s preferences view. This action will expand the Site s preferences window for you to view and to add an Appliance to the Site. To add an Appliance to a Site, from the Site Preferences Window select the Appliances Add button as noted above. Select the Appliance ID of the Appliance from the drop down menu. Note: When users have purchased a Small Form Factor Server Computer, the Appliance ID can be found on a printed label on the Small Form Factor Server Computer itself. 8

After successfully adding a to the Site, it will appear under the Appliance bar in the Site Preferences Window. The status of the Appliance will be indicated as Active. To view a list of all Appliances and their associated Sites, navigate to the Appliance tab from the top bar of the Network Detective Home screen. This will show a summary of all Appliances, their activity status, and other useful information. To return to the Site that you are using to perform your based assessments, click on Home icon above, and select the Site that you are using with the. Warning Concerning the Removal of a Appliance from a Site When a has been Associated with a Site and the Scan Schedule, Alert Schedule, Alert Recipients, and Smart Tags settings have been defined, if the is ever Associated with a different Site, the original Site s settings will be automatically deleted. Backing Up Smart Tags for Reuse You have the ability to Export the Smart Tags associated with a Network Detective Site file that is Associated with. If you wish to save the assigned Smart Tags contained within the existing Site that is Associated with for later use with a new Site, then use the Smart Tags Export and Import options described in Appendix II Saving and Reusing Smart Tags through Export and Import found on page 73. 9

Defining the Settings The setup process of the consists of setting up the following options: Level 1 (Daily) Scan Level 2 (Weekly) Scan Daily Alerts Recipient Assignment, Event Selection, and Scheduling Weekly Notices Recipient Assignment, Event Selection, and Scheduling Automatic Report Generation Smart Tags Configuring Daily and Weekly Data Collection Scans and Schedules based scans can be setup to run on a daily and weekly basis. Below is an overview of the scans that can be set-up and performed using the. Level 1 Scan (Daily) Scan The resulting daily scan can be used to issue Daily Alerts, Weekly Notices, and generate reports from the Network Assessment and Security Assessment modules. Level 2 Scan (Weekly) Scan The resulting weekly scan can be used to issue Daily Alerts, Weekly Notices, and generate reports from the Network Assessment and Security Assessment modules. The next section outlines the steps to set-up the scans to be performed using. 10

Configuring the Scan Settings To set up the scans to be performed by, follow the steps below. Step 1 Select the Site Double click your mouse pointer on the Site that you are configuring automated scan, alerts, and reports to be performed upon in order to view and access the Site. Step 2 Select Manage Appliance and Access the Settings After the Site has been opened, select the icon located within the Site bar. 11

The Settings window will be displayed. Next select the Settings Preferences option by selecting the selector. - The Settings window will be presented. Step 3: Define the Scan Settings To set the Scan Configuration, select the Modify option. 12

The Scan Configuration Wizard window will be displayed. Choose Merge Option from the wizard and click the Next button. Step 4: Input Credentials 13

Input administrative credentials to access the Domain Controller or indicate that the target network does not contain a Domain Controller. Then select the Next button. Step 5: Select Local Domains Choose either to scan all Domains detected on the target network or to restrict the Scan to selected Organizational Units (OUs) and Domains. Then select the Next button. Step 6: Specify IP Ranges The IP ranges from the target network will be auto-detected and included in the scan. To include additional subnets input them here. Then select the Next button. 14

Step 7: Add SNMP Information By default, the will retrieve data from devices with the community string public. If desired, define an additional read community string (such as private ) and enter it here. Then select the Next button. Step 8: Confirm and Finish Scan Settings Click on the Finish button to complete the configuration of the Scan Configuration settings. The result of the setting of the Scan Configuration will be updated to the Settings window with the following information: 15

Step 9: Setting Daily and Weekly Scan Schedules Set the Daily and Weekly Scan schedule by setting the Level 1 (Daily) Scan and Level 2 (Weekly) Scan schedule times and days. To schedule the scans, select the Modify button in the Schedules section of the Settings window. The Schedule window will be displayed. Set the Time Zone, the Level 1 Scan (Daily) scan time, and the Level 2 Scan (Weekly) scan time and day. After these scan Schedule Settings have been defined, select the Save button to save the settings. 16

Setting Daily Alert and Weekly Notice Schedule Daily Alerts and Weekly Notice bulletins can be scheduled to be issued on a daily or weekly basis respectively. The Daily Alerts and Weekly Notice schedule can be defined using the Site s Settings Preferences option. To set up the Daily Alerts and Weekly Notices schedule, follow the steps below. Step 1 Select the Site Double click your mouse pointer on the Site that you are configuring automated scan, alerts, and reports to be performed upon in order to view and access the Site. Step 2 Select Manage Appliance and Access the Settings After the Site has been opened, select the icon located within the Site bar. 17

The Manage Settings window will be displayed. Next select the Settings Preferences option by selecting the selector. 18

The Settings window will be presented. Step 3: Define the Alerts and Notice Schedule Settings Select the Modify button in the Schedules section of the Settings window. The Schedule window will be displayed. Within the Schedule Window set the Time and Days when Daily Alert and Weekly Notice bulletins should be issued. After the Alerts and Notice schedule has been set, select the Save button to save these settings. 19

Setting Up Daily Alerts and Weekly Notices Setting-up Daily Alerts The use of the Daily Alerts feature presumes that the Level 1 (Daily) Scan and/or Level 2 (Weekly) Scan types available on the Appliance have been configured. Daily Alerts will be sent to designated email recipients when a number of changes to your client s network and IT infrastructure have been identified as a result of automated scans being performed by. The changes detected and reported upon include: changes to network users, computers, and the network itself. To send Daily Alerts containing important information to contacts within your company, setup Daily Alerts to be sent to designated recipients by performing the following steps. Step 1 Select the Site Double click your mouse pointer on the Site that you are configuring automated scan, alerts, and reports to be performed upon in order to view and access the Site. Step 2 Select Manage Appliance and Access the Settings After the Site has been opened, select the icon located within the Site bar. 20

The Settings window will be displayed. Step 3 Add Daily Alerts Recipients and Assign Daily Alert Email Notification Subject Text 1. To add a Daily Alerts Recipient, select the Daily Alerts Preferences option by selecting the selector on the Daily Alerts bar. The Daily Alerts Preferences will be displayed to enable access to the Daily Alerts settings. 21

The Daily Alerts settings enable the selection of the Daily Alert recipients, setting the Subject text for the alert, the assignment of the types of changes to the network that issue alerts, and to enable the suppression of No Issue Alerts notifications. 2. Add one or more alert Recipient by selecting the Add Recipient button available in the Daily Alerts Preferences window as displayed below. The Daily Alert Configuration window will be displayed. 3. Select the To button in order to display a the list of Network Detective User email addresses that can be designated as Daily Alert Recipients: 22

The Select Users Form will be displayed. Select the email address for the person that you want to receive Daily Alert notifications. After selecting a Recipient s email address from the list of email addresses in the Select Users Form, or typing in a Recipient s email address manually, click on the OK button. Repeat this process for each recipient that you want to add to the To list present in the Daily Alert Configuration window, Using Email Addresses That Are Not Available in Network Detective If you do not see an email address for an individual in your company that you want to be assigned as a Daily Alert Recipient, then add the desired individual as a user of the Network Detective using the Network Detective Manage Users option. Alternatively, if an individual you that would like to receive an alert is not listed in the Select Users Form, you can select the Email field to the right of the To button in the Daily Alert Configuration window and type in the email address of the intended recipient of the alert email as presented below. 23

4. Once each Daily Alert email recipient s address has been selected and assigned, the Daily Alert Configuration window will be updated with the list of recipient email addresses. 24

5. Type in text for the Subject line to be contained within the Daily Alert email as illustrated below. 25

Note About Subject Text: It may be helpful to use a subject text format that references your client s company name, the name of the Network Detective Site you used, and the term Daily Alert. For example: Client Company Name Site Name Daily Alert After the completion of Step 5 above, the Subject text to be present within each Daily Alert message along with the email recipients that will receive Daily Alerts will have been defined. 6. Next, set the Email Format for the Daily Alert. The Email Format options are Expanded and Compact. Expanded Email Format selecting this option will augment Daily Alerts with detailed information about the Anomalies, Changes, and Threats (ACT) detected. Using this option, Daily Alerts will be sent via an HTML formatted email in a friendly readable format for alerts that includes recommendations and formatting. The Expanded for is ideal for users using email readers on PC or tablet devices. Compact Email Format selecting this option will present the identified Anomalies, Changes, and Threats detected in a summarized form. Using this option, Daily Alerts will be sent in a Plain Text email format. Daily Alerts in Compact form work well with mobile device email readers and email integration to PSAs. 7. Next, set the Alert Sort option to control how Anomalies, Changes, and Threats (ACT) notices are to be sorted within the Daily Alerts emails sent to Recipients. The Alert Sort options are ACT then Severity, which sorts issues by Anomaly, Change and Threat (ACT) types and Severity. The other Alert Sort option is by Severity only. 26

Select the Alert Sort method of choice 8. Set the Suppress No Issue Alerts option if you wish to suppress Daily Alerts that contain no issues from being sent when no ACT issues have been identified. Next, either select the Save & Close button to save the Daily Alert Configuration, or select the 27

Selected Alerts tab to set the Change events that trigger a Daily Alert. Note, if the Suppress No Issue Alerts is not selected, the Daily Alerts will be sent with a No Issue Alerts status as presented in the example below. Step 4 Use the Selected Alerts Feature to Set Network and Use Change Events that Trigger Daily Alerts There are four primary settings options that can be configured to set-up and trigger Daily Alerts. These options are: Access Control Access Control Bulletins are issued for changes in the following: o o o o o o o Administrative rights New device on restricted networks New profiles and users Suspicious user logins Unauthorized access to endpoints on the accounting, Cardholder Data Environment (CDE), EPHI, and restricted IT computers, and unauthorized printers Addition of unauthorized printers on the network Unusual logon times and unusual logons to computers by users Computers Alerts are issued for changes in the following: o o o o Applications installed on locked down systems Critical patches missing Internet restrictions on not enforced Removable drives added to one or more locked down systems Network Security High and medium internal network vulnerabilities trigger Alerts 28

Wireless Alerts are issued when connections to Unauthorized Wireless Networks take place. To specify which network and security change events should trigger Daily Alerts to be sent to one or more alert recipients, the Daily Alerts Selected Alerts settings must be defined. Select the Selected Alerts tab in the Daily Alert Configuration window to access and select the Daily Alert change events that, when detected, trigger a Daily Alert notice being sent reporting a change event. The Anomalies, Changes, and Threat (ACT) alert events options are available for selection within the Daily Alerts settings window as presented below. Select the Daily Alerts options of your choice, then, select the Save & Close button to save the Daily Alert Configuration settings. 29

Step 5 Configure the Daily Alerts Delivery Schedule To schedule the Daily Alerts notifications, select the Modify button in the Schedule section of the Settings Preferences window in order to set the Daily Alerts notification schedule. Please note that the default setting for alert distribution frequency of Daily Alerts is for alert emails to be sent per the Notifications Time and Schedule specified within the Schedule Settings Preferences as presented below. ` Daily Alerts will be sent to alert recipients at the scheduled time and frequency to notify alert recipients of network and/or security issues related to internal vulnerabilities that are detected as changes to the network or its security status. After setting the Daily Alert time and frequency (days selected), select the Save button to save these settings. 30

Example of a Daily Alert Below is an example of a Daily Alert message sent by. 31

Setting Up Weekly Notices The use of the Weekly Notices feature presumes that you have set up one (1) or more automated scans for one (1) or more of the Assessments types available on the Appliance. Weekly Notices is a feature whereby you and other designated recipients within your company can be sent Notices via email. These Weekly Notices serve the purpose of notifying recipients by email of changes identified within your customer s IT infrastructure after pre-scheduled scans/assessments have been performed. The changes contained within a Weekly Notice email will be a result of a comparison of the most current and previous scans being performed by. To setup Weekly Notices perform the following steps. Step 1 Select the Site Double click your mouse pointer on the Site that you are configuring automated scan, alerts, and reports to be performed upon in order to view and access the Site. Step 2 Select Manage Appliance and Access the Settings After the Site has been opened, select the icon located within the Site bar. 32

The Settings window will be displayed. Step 3 Add Weekly Notice Recipients and Assign Weekly Notice Notification Subject Text 1. To add a Weekly Notice Recipient, select the Weekly Notice Preferences option by selecting the selector on the Weekly Notice bar. The Weekly Notice Preferences will be displayed to enable access to the Weekly Notice settings. 33

The Weekly Notice settings enable the selection of the Weekly Notice recipients, setting the Subject text for the alert, the assignment of the types of changes to the network that issue alerts, and to enable the suppression of No Issue Alerts notifications. 2. Add one or more alert Recipient by selecting the Add Recipient button available in the Weekly Notice Preferences window as displayed below. The Weekly Notice Alerts configuration window will be displayed. 3. Select the To button in order to display a the list of Network Detective User email addresses that can be designated as Weekly Notice Recipients: 34

The Select Users Form will be displayed. Select the email address for the person that you want to receive Weekly Notice notifications. After selecting a Recipient s email address from the list of email addresses in the Select Users Form, or typing in a Recipient s email address manually, click on the OK button. Repeat this process for each recipient that you want to add to the To list present in the Weekly Notice alerts configuration window. Using Email Addresses That Are Not Available in Network Detective If you do not see an email address for an individual in your company that you want to be assigned as a Weekly Notice Recipient, then add the desired individual as a user of the Network Detective using the Network Detective Manage Users option. Alternatively, if an individual you that would like to receive an alert is not listed in the Select Users Form, you can select the Email field to the right of the To button in the Weekly Notice configuration window and type in the email address of the intended recipient of the alert email as presented below. 35

4. Once each Weekly Notice email recipient s address has been selected and assigned, the Weekly Notice Alerts configuration window will be updated with the list of recipient email addresses. 5. Type in text for the Subject line to be contained within the Weekly Notice email as illustrated below. 36

Note About Subject Text: It may be helpful to use a subject text format that references your client s company name, the name of the Network Detective Site you used, and the term Weekly Notice. For example: Client Company Name Site Name Weekly Notice After the completion of Step 5 above, the Subject text to be present within each Weekly Notice message along with the email recipients that will receive Weekly Notice will have been defined. 6. Set the Suppress No Issue Alerts option if you wish to suppress Weekly Notices that contain no issues from being sent when no Anomalies, Changes, and Threats (ACT) issues have been identified. 37

Next, either select the Save & Close button to save the Weekly Notice Alerts configuration, or select the Selected Notices to set the Change events that trigger a Weekly Notice. Note, if the Suppress No Issue Alerts is not selected, the Weekly Notice will be sent with a No Issue Alerts status as presented in the example below. 38

Step 4 Use the Selected Notices Feature to Set Network and Use Change Events that Trigger Weekly Notices There are two primary settings options that can be configured to set-up and trigger Weekly Notice. These options are: Network, Endpoint, and Security Related Change Events o o o o o o Computers DNS Domain and local users Network devices and printers Switch port connects Wireless network Network Security this option sends notices when new vulnerabilities associated with Internal Network Security are identified To specify which network and security change events should trigger Weekly Notice to be sent to one or more alert recipients, the Weekly Notice Selected Notices settings must be defined. Select the Selected Alerts tab in the Weekly Notice Alerts configuration window to access and select the Weekly Notice change events that, when detected, trigger a Weekly Notice being sent reporting a change event. The Weekly Notice alert events options are available for selection within the Weekly Notice settings window as presented below. 39

Select the Weekly Notice alert options of your choice, then, select the Save & Close button to save the Weekly Notice configuration settings. Step 5 Configure the Weekly Notice Delivery Schedule To schedule the Weekly Notice alerts, select the Modify button in the Schedule section of the Settings Preferences window in order to set the Weekly Notice notification schedule. Please note that the default setting for scheduled delivery of the Weekly Notice is for the Notice to be sent per the Notifications Time and Schedule specified within the Schedule Settings Preferences as presented below. ` Weekly Notices will be sent to alert recipients at the scheduled time and day to notify alert recipients of network and/or security issues related to internal vulnerabilities that are detected as changes to the network or its security status. After setting the Weekly Notice time and day, select the Save button to save these settings. 40

Example of a Weekly Notice Below is an example of a Weekly Notice message sent by. 41

Assigning Smart Tags to Change Events that Refine Alerts and Notices incorporates a proprietary feature named Smart Tags. The Smart Tags feature allows you to fine-tune the to adapt to each client s unique IT environment to detect network Anomalies, Changes, and Threats (ACT). Smart Tags allow you to enrich the detection system by adding information about specific users, assets, and settings that helps get smarter about what it is finding. That means more potential threats identified with fewer false positives. Here is an example of some of the Smart Tags available for use: Tag AUTHORIZED SSID BUSINESS OWNER BUSINESS OWNER PC GUEST NETWORK GUEST WIRELESS NETWORK IT ADMIN LOCKED DOWN RESTRICTED IT ADMIN ONLY RESTRICTED NETWORK SINGLE DESKTOP USER VIRTUAL MACHINE AUTHORIZED PRINTER TRANSIENT PRINTER Applied To SSID User Computer IP Range IP Range User Computer Computer IP Range User Computer Printer Printer Examples of Smart Tag Use Here are some examples of how you might use the Smart Tags to fine-tune s alerts for a particular client: Restricted Computer Access Detection Within, you can tag a particular computer as being RESTRICTED IT ADMIN ONLY. Then, when any user logs into the network that has not been tagged IT ADMIN, will send an alert. 42

Changes to Locked Down Computer Detection Within, you can tag a particular computer as Locked Down (meaning, do not allow changes to this computer). If someone manages to install an application on this machine, then will detect that the application was installed and send an Alert. In this way, tagging can remove false positives and increases the relevance of alerts. Wireless Network Availability Detection Within, you can tag a specific wireless network as a GUEST WIRELESS NETWORK telling it does not need to worry about new devices appearing on it. But if a new device shows up on any non-guest network, then the appearance is significant and will send you an alert so you can determine if it is worth looking into. Using Smart Tags You can select, configure, or modify, your Smart Tags at any time. That allows you to see what kind of alerts is sending you and create the tags you want to use to tweak the system. The use of Smart Tags improves the detection of Anomalies, Changes, and Threats (ACT) by providing additional knowledge of the network environment to the. Once the has scanned your network for the first time, you can explore the data and assign Smart Tags to entries like computers and users. The use of the Smart Tags feature presumes that the Level 1 (Daily) Scan and/or Level 2 (Weekly) Scan types available on the Appliance have been configured and performed. Warning Concerning the Removal of a Appliance from a Site When a has been Associated with a Site and the Scan Schedule, Alert Schedule, Alert Recipients, and Smart Tags settings have been defined, if the is ever Associated with a different Site, the original Site s settings will be automatically deleted. Backing Up Smart Tags for Reuse You have the ability to Export the Smart Tags associated with a Network Detective Site file that is Associated with. If you wish to save the assigned Smart Tags contained within the existing Site that is Associated with for later use with a new Site, then use the Smart Tags Export and Import options described in Appendix II Saving and Reusing Smart Tags through Export and Import found on page 73. 43

Adding and Configuring Smart Tags To assign and configure Smart Tags to enable to recognize any Anomalies, Changes and Threats (ACT) that trigger Daily Alerts or Weekly Notice alerts, perform the following steps. Step 1 Select the Site Double click your mouse pointer on the Site that you are configuring automated scan, alerts, and reports to be performed upon in order to view and access the Site. Step 2 Select Manage Appliance and Access the Settings After the Site has been opened, select the icon located within the Site bar. 44

The Settings window will be displayed. Step 3 Access Smart Tags and Verify that Scan Data has been Downloaded Select the Smart Tags link within the s Settings window. If no scans have been performed by the, the following message will be presented by Network Detective. After scans have been performed, select the Smart Tags link and download the scan as instructed. 45

Once the scans have been downloaded, the completion of the process will be confirmed by the presentation of the Smart Tags options consisting of Applied Tags, Recommended Tags, and Available Tags as presented below. Once the Smart Tags are Up to Date, you can access, view, and use the settings for Applied Tags, Recommended Tags, and Available Tags. Also note: When starting a Site using the, then attempting to view or update the Smart Tags configuration, you may be prompted to update the scan data with the latest scan per a notice as displayed below. Depending on the number of changes in Users and Computers on your client s network, you may wish download the updated scan to ensure the latest User identity and Computer information is available for use when setting Smart Tag configurations. 46

Step 4 Select and Apply Recommended Tags 1. To add a Smart Tag from the Recommended Tags list, select the Recommended Tags option by selecting the selector on the Recommended Tags bar. The Recommended Tags window will be displayed. 2. Next, select the Smart Tag that you would like to configure and apply. For example, select the IT Admin tag by double-clicking on the IT Admin User Smart Tag Icon. 47

This action will display the Tag Explorer window for this Smart Tag. Within the Tag Explorer window, instructions are presented that detail: what the Tag is to be Applied To (i.e. users or computers) the For What purpose the Tag can be used the Why reason to use the Tag Note: There are a number of Smart Tags that should be used as logical pairs. For example, the IT Admin User tag should be used with the Restricted IT Admin Computer Only tag. Using this pair of Smart Tags will enable you to define all of the IT Admin users, and the computer endpoints that are to be only accessible by IT Admin users. Alerts will be generated when non-it Admin users access the computers designated as Restricted IT Admin Computers Only. 3. Next, define which network Users are IT Admin Users by selecting the Users that should be designated as IT Administrators in the Tag Explorer window presented for the IT Admin Users tag. To specify the IT Admin Users, select the Check Box next to Users that should be designated as IT Admin Users from the list presented in the Tag Explorer window as displayed below. 48

4. Next, select the Save & Close button to save the Smart Tag settings for the IT Admin User Smart Tag. When the IT Admin Tag is configured and Applied, the IT Admin Tag will be available for updating in the Applied Tags section of the Smart Tags options window. Step 5 View Applied Tags To view the Smart Tags that have been Applied from the Applied Tags list, select the Applied Tags option by selecting the selector on the Applied Tags bar. The Smart Tags that have been applied to the configuration for the Site will be listed in 49

the Applied Tags window as seen below. You can double click on the Smart Tag to view the tag s settings. Step 6 Select and Apply Additional Smart Tags from the Available Tags Window 1. To add a Smart Tag from the Available Tags list, select the Available Tags option by selecting the selector on the Available Tags bar. The Smart Tags available for use will be displayed. 50

2. Double click on the Smart Tag that you want to use and the Tag Explorer window for the selected tag will open. Configure the Tag by selecting the Users or Computers listed in the Tag Explorer window that you want to designate as being Tagged within the Tag as displayed below. 3. Next, select the Save & Close button to save the Smart Tag settings for the selected Smart Tag. When the Tag you selected is configured and Applied, the Tag will be available for updating in the Applied Tags section of the Smart Tags options window. 51

4. Verify that the Tag you configured and Applied is in the Applied Tags window. To view the Smart Tags that have been Applied from the Applied Tags list, select the Applied Tags option by selecting the selector on the Applied Tags bar. The Applied Tags will be displayed to enable you to confirm that the Smart Tag you selected and configured has been Applied. 52

Deleting Smart Tags Use the following steps to delete a Smart Tag Step 1 Open the Applied Tags Window and Select the Tag for Deletion To access the Smart Tags that have been Applied from the Applied Tags list, select the Applied Tags option by selecting the selector on the Applied Tags bar. The Applied Tags window will be displayed. Step 2 Select the Tag and Delete Right click the mouse pointer on the tag to be deleted. A Remove Tag menu option will be presented. Select the Remove Tag menu option and the tag will be deleted and removed from the Applied Tags window. 53

Viewing the Notifications History and Past Alert Details When using the Network Detective with a, there is an ability to access the history associated with all Daily Alerts and Weekly Notices for review purposes. To access the Notifications History, select the Notifications link available within the Settings window. The Notification History window will be displayed. The Notifications History Time Frame view of the alert history can be set to 7, 14, and as long as 30 days. 54

To view an individual Daily Alert or Weekly Notice, select the row containing the record of the Alert or Notice you want to view and double click the row to see the Alert or Notice details. 55

Preferences Menu Options The Network Detective Preferences menu presents one set of options that can be configured as defaults for s branding of the reports generated by the Appliance. Setting the Master Report Default Preferences For instructions on how to set the Report Default preferences, please refer to the Setting the Report Branding and Customization Preferences instructions contained within the Network Detective User Guide. 56

Using the Manage Appliance Feature to Configure Automatic Report Generation Below is an overview of the steps required to setup Automatic Report Generation for the following Assessment Report types: Network Assessments Security Assessments Note: Automated reports for the Network and Security Modules can be scheduled for delivery from the Appliance. Reports below 5 MB in size will be attached the Reports Available notification email sent to Recipients. Reports over 5 MB in size will be available for download in the Downloaded Reports section. Setting Up Automatic Reports for Network Assessments Automatic report generation for the Network Assessment Module requires that the scans be run on a before a report can be generated. Following are the steps necessary to set up automatically generated reports for the Network Assessment Module: Automatic report generation for the Network Assessment Module requires that the scans be run on a before a report can be generated. Following are the steps necessary to set up automatically generated reports for the Network Assessment Module being used with : 1. Create a new Site that is that is to be used with to perform and collect network scan information. 2. Associate your with the Site that is to be used for a particular network that has installed. 3. Manage the and create a new Scan Task that collects the necessary Network Assessment data. 57

4. Schedule the Daily Scan and Weekly Scan Task for the times that are appropriate for this Assessment. 5. Next, define the Branding for the reports to use your company s brand for all of the reports generated by selecting the Branding button. Assign the Report Prepared For information, Report Prepared By information, your company Logo, the Theme, and Cover Images for your reports. Select the Ok button to save your Branding settings. 6. Using the access Settings feature and the Reports Settings Window, select the Schedule Report button to create a Report Delivery Task that specifies desired reports from the Network Assessment Module. 58

Select the Network Assessment reports that should be generated. Keep in mind that reports for specific Assessment types can only be produced after the Scans required for a specific Assessment type have been performed. Click Next button to proceed to the next step. 7. Schedule the created Report Generation and Delivery Task for a time which is certain to be after the scan is complete. Reports will use whatever data is on the based on the most recent scan that has been completed, so if the scan is not complete then the reports will not have the most recent scan s data either. 59

8. If the user has specified that reports be delivered by email, the specified email should receive an email with a.zip file of the reports attached as long as the zip file is less than 5 MB in size. To enable to send reports or report availability notifications by email, set the Subject and type in the recipient s Email address in the Email field or select the Email address of the recipient from a list of available Network Detective users. If the generated Report s file in.zip format should be protected by a password, then select the Password Protect ZIP File option and assign a password to be used for the file s access protection. 9. Report generation can take several minutes. After sufficient time has passed after the report generation task schedule time, view the generated reports by navigating to the Download Reports item on the left hand side of the Network Detective application. 60

Report generation can take several minutes. After sufficient time has passed after the report generation task schedule time, view the generated reports by navigating to the Downloaded Reports icon on the left hand side of the Network Detective application as seen below. The Download Reports option will appear at the top of the Network Detective window. Then press the Download Reports button at the top. A dialog will appear with reports generated by the. 61

10. Select and right click on a report to download the report. 62

Setting Up Automatic Reports for Security Assessments Automatic report generation for the Security Assessment Module requires that the scans be run on a before a report can be generated. Following are the steps necessary to set up automatically generated reports for the Security Assessment Module being used with : 1. Create a new Site that is that is to be used with to perform and collect network scan information. 2. Associate your with the Site that is to be used for a particular network that has installed. 3. Manage the and create a new Scan Task that collects the necessary Security Assessment data. 4. Schedule the Daily and Weekly Scan Task for the times that are appropriate for this Assessment. 5. Next, define the Branding for the reports to use your company s brand for all of the reports generated by selecting the Branding button. Assign the Report Prepared For information, Report Prepared By information, your company Logo, the Theme, and Cover Images for your reports. 63

Select the Ok button to save your Branding settings. 6. Using the access Settings feature and the Reports Settings Window, select the Schedule Report button to create a Report Delivery Task that specifies desired reports from the Security Assessment Module. Select the Security Assessment reports that should be generated. 64

Keep in mind that reports for specific Assessment types can only be produced after the Scans required for a specific Assessment type have been performed. Click Next button to proceed to the next step. 7. Schedule the created Report Generation and Delivery Task for a time which is certain to be after the scan is complete. Reports will use whatever data is on the based on the most recent scan that has been completed, so if the scan is not complete then the reports will not have the most recent scan s data either. 65

8. If the user has specified that reports be delivered by email, the specified email should receive an email with a.zip file of the reports attached as long as the zip file is less than 5 MB in size. To enable to send reports or report availability notifications by email, set the Subject and type in the recipient s Email address in the Email field or select the Email address of the recipient from a list of available Network Detective users. If the generated Report s file in.zip format should be protected by a password, then select the Password Protect ZIP File option and assign a password to be used for the file s access protection. 9. Report generation can take several minutes. After sufficient time has passed after the report generation task schedule time, view the generated reports by navigating to the Downloaded Reports icon on the left hand side of the Network Detective application as seen below. 66

The Download Reports option will appear at the top of the Network Detective window. Then press the Download Reports button at the top. A dialog will appear with reports generated by the. 10. Select and right click on a report to download the report. 67

Updating a Software Appliance After installing a Software Appliance at the Site s physical location and associating the Software Appliance with a Site in the Network Detective Application, it s important to regularly update the Appliance to get the most out of the features available on the Software Appliance you are using which may include one or more of the following Data Collections, Automated Reports, Tech-Alerts, and Weekly Notices. In the Network Detective Application, navigate to Network Detective ribbon bar and select the Appliances icon. This action will display the Software Appliances window that lists all of the Appliances that are available for use within Network Detective. To update the selected Software Appliance, right click on the Appliance s name, and select the Update menu option presented as displayed below. Note that the Update menu will only be visible if software updates are available. 68

IMPORTANT: The Appliance Update Now feature, when activated to update the Software Appliance, will shut down any tasks that are currently running on the Software Appliance. Before updating the Software Appliance, either stop a currently running task listed in the Task Library window Queued Tasks list, or perform the update after running tasks are completed. A dialog will appear confirming the request for a software update. 69

Appendices Appendix I Software Appliance Diagnostic Tool Purpose of the Diagnostic Tool The Diagnostic Tool is used to gather relevant diagnostic information, test connectivity, manage updates, and allow remote support to the Appliance. 70

Available Commands There are a number of commands available within the Appliance Manager. Location and Information Locate Network Detective Appliance Re-initialize the Appliance discovery process and attempts to retrieve the Device ID number and other diagnostic information. Get Appliance Device ID Display the Software Appliance s Device ID, used when associating the Software Appliance with a Site in the Network Detective Application. Diagnostics and Troubleshooting Appliance Diagnostics Queries the Software Appliance for diagnostic information used to verify running status, software, connectivity, and NIC Information. Ping Test from Appliance Performs a ping test directed at a specified host or IP address from the point of view of the Software Appliance itself. Note: network connectivity is required for the Appliance to operate properly. Get Log Files Retrieves diagnostics logs from the Appliance. Returns a link to download a.zip file containing run log information which may be used for further troubleshooting. Service Control Appliance Service Status Queries the Software Appliance to return its current status. The possible statuses are as follows: Idle: The Software Appliance is online, but performing no action. Queued: The Software Appliance is online and performing no action. A schedule is active and queued to run. Running: The Software Appliance is online and currently running a schedule. Appliance Service Restart Requests a Service Restart from the Software Appliance. Exercise caution when using this command because it may interrupt any running Scan. 71

Updating via USB Update Appliance via USB Requests the Software Appliance to update via USB. Attempts to detect a USB device. If a USB device is detected containing the necessary files is found to be connected to the Software Appliance an update will be performed. Please ensure that a USB stick containing the update is plugged into the USB port of the system hosting the Software Appliance. Check USB Update Status Returns the current status of a running update. Also attempts to detect any USB device with available updates. Remote Assistance Toggle Remote Assistance Status Instructs the Software Appliance to make itself available for Remote Assistance and to allow a technician to access the device for support. Check Remote Assistance Status Return the current status of Remote Assistance. Shutdown and Restart Restarts the Software Appliance. Shutdown Appliance Shuts down the Software Appliance. 72

Appendix II Saving and Reusing Smart Tags through Export and Import Before associating a new Network Detective Site file to a that has already been configured for use with another Site to detect Anomalies, Changes, and Threats (ACT) on a network, you may want to Export and reuse the original site s Smart Tag settings before associating a new Site with your if the is to be used to detect ACT events on the same network. Once a and its associated Site have been configured to operate with a given network, switching the Site file to be used with your will trigger a deletion of the Smart Tag settings associated with the original Site used to configure and apply the Smart Tag settings to your. If there is a requirement to save the Smart Tags from the current Site s configuration for reuse in a different Site associated with your that is to be connected to the same network as the original Site was monitoring, you must use the Smart Tags Export and Import options to save and reuse the tags for later use in your new Site file used to configure the s configuration. Steps to Export and Save Smart Tags for Later Use Step 1 Select the Site Double click your mouse pointer on the Site that you are configuring automated scan, alerts, and reports to be performed upon in order to view and access the Site. Step 2 Select Manage Appliance and Access the Settings After the Site has been opened, select the icon located within the Site bar. 73

The Settings window will be displayed. Step 3 Access Smart Tags and Verify that Scan Data has been Downloaded Select the Smart Tags link within the s Settings window. 74

Step 4 Export Smart Tags Select the Export option to export the Smart Tags configuration. Your will be prompted to save the Smart Tags export file in a location of your choice. Select the folder you want to save the Smart Tags Configuration file in, name the file, and select the Save button to export the file. 75

Steps to Import Smart Tags for into your Site for Use with Step 1 Select the Site Double click your mouse pointer on the Site that you are configuring automated scan, alerts, and reports to be performed upon in order to view and access the Site. Step 2 Select Manage Appliance and Access the Settings After the Site has been opened, select the icon located within the Site bar. The Settings window will be displayed. 76

Step 3 Access Smart Tags and Verify that Scan Data has been Downloaded Select the Smart Tags link within the s Settings window. Step 4 Import a Smart Tags Configuration File Select the Import option to import a Smart Tags configuration file. A prompt will be presented requesting verification from you in order to continue the Import of the Smart Tags Configuration File. 77

Select the Yes button to continue. The Import Smart Tag Configuration window will be displayed. Select the Smart Tag Configuration File name and select the Open button to perform the Smart Tag Import process. 78

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information