Follow the steps in this section if VSP-Host is configured



To create a template profile for containers, follow the below steps:

  1. Navigate to Host Security > Host Monitoring in the left navigation pane

    Picture 1053

  2. Click TEMPLATE

    Picture 1073742012

  3. Provide the below information

    1. Name – Name of the profile

    2. Library Monitoring – Select the box to enable Library Monitoring

    3. Auto Allowlist – Select the box to auto-allowlist files with the reputation “SAFE”

    4. Auto Allowlist Unknown files from Reference Host Scan - Auto allowlist files with reputation "UNKNOWN"

    5. Auto Allowlist Unknown files from Reference Host Scans and Incidents- Auto allowlist files with reputation "UNKNOWN" and source "INCIDENTS"

    6. Default Monitoring Mode – Select the monitoring mode as Protect or Detect. This is applicable for all hosts except the reference host used to create the allowlist. Ensure that the monitoring mode is explicitly set for the reference host once the host scan is complete and the allowlist is published. For subsequent hosts associated with the profile, the default Mode is applied automatically

    7. App Control Policy Name – Select the appropriate App Control policy from the drop-down list. This is an optional field. Select None from the drop-down if no profile needs to be configured

    8. Protection Profile Name – Select the appropriate Protection profile from the drop-down list. Based on the selected Host OS, Protection Profiles relevant for that OS are populated. This is an optional field. Select None from the drop-down if no profile needs to be configured

    9. Exclusion List – This is the list of directories that need to be excluded from process and library monitoring. Processes and libraries launched from these directories are not reported as incidents. Add the directories individually and press return key. Normal regex syntax can be utilized. This is a local list applicable only to the profile being created



In both Windows and Linux, the mounted folders are auto-excluded during the initial system scan



  Follow the below workflow to generate Process Profile:

  1. Create a pod template process profile with the required settings. The created template is used for all new VSP-protected pods/containers that come up

  2. Run the application container through VSP VDT and CD tools to enable VSP protection for a given application container

  3. Launch the VSP-protected pod/container

  4. When the VSP controller is launched, it will first register with VSP CMS automatically by sending information about the VSP-protected application containers

  5. A process profile will be generated automatically using the pod template as a reference

    1. Applications that share the same pod name (in K8s) OR replicas of the same container are automatically assigned to the same process profile

  6. When the VSP Host Monitoring Module (HMM) is started, it automatically downloads the application container's allowlist generated during the VSP VDT phase

  7. VSP HMM uses the application container's allowlist and the process profile settings to determine any unknown processes/libraries

  1. Click SAVE

    Picture 1073742014