<< PREVIOUS  NEXT >>

 

CREATE HOST PROFILE


 

To create a profile, follow the below steps:

  1. Navigate to Host Security > Host Monitoring in the left navigation pane

    Picture 1053

  2. Click ADD PROFILE

    Picture 1073742184

     

  3. A pop-up window is displayed

    Picture 70

  4. A profile must be generated by collecting information about the processes running on the host

  5. Provide the below information:

    1. Name – Name of the profile

    2. Profile Tag – Tag used during VM Probe auto registration

    3. Library Monitoring – Select the box to enable Library Monitoring

    4. Memory Exploit Protection – Enable it for Memory Exploit Protection. Refer page VSP Memory Exploit Protection of Operations for more information

    5. Auto-Allowlist – Auto allowlist files with reputation 'SAFE'

    6. Auto Allowlist Unknown Files from Reference Host Scan  – Auto allowlist the files with reputation 'UNKNOWN' from the reference host scan

    7. Auto Allowlist Unknown Files from Reference Host Scan and Incidents – Auto allowlist the files with reputation 'UNKNOWN' from the reference host scan and the incidents

    8. Scan Complete File System – Upon selection, the entire file system is scanned

       

      NOTE:

      The option Scan Complete File System is not applicable from VSP patch release 2.2.1 onwards. The File System scan is performed and the package list is considered by VSP-Host, irrespective of the user preference

       

    9. Host Name – Select the name of the host from the drop-down list

    10. Default Monitoring Mode – Select the required Monitoring Mode – Protect OR Detect. This is applicable for all the hosts except the reference host used to create the allowlist. Ensure that the monitoring mode is explicitly set for the reference host once the host scan is complete and the allowlist is published. For subsequent hosts associated with the profile, the default Mode is applied automatically

    11. App Control Policy Name – Select the appropriate App Control policy from the drop-down list. Refer to page Create Policy of Operations for information on App Policy creation. This is an optional field. Select None from the dropdown if no profile needs to be configured

    12. Protection Profile Name – Select the appropriate Protection profile from the drop-down list. Based on the selected Host OS, Protection Profiles relevant for that OS are populated. This is an optional field. Select None from the dropdown if no profile needs to be configured

    13. Exclusions for Allowlist – It is the list of directories that need to be excluded from process and library monitoring. Processes launched from these directories are not reported as incidents. Add the directories individually and press return key. Normal regex syntax can be utilized. This is a local list applicable only to the profile being created. For more information on global exclusion list, refer page  Global Exclusion List of Operations

    14. Exclusions for Memory Exploit Protection – This is the list of directories that need to be excluded from Memory Exploit Protection. Refer page VSP Memory Exploit Protection of Operations for more information

       

      NOTE:

      In both Windows and Linux, the mounted folders are auto-excluded during the initial system scan

       

  6. Click SAVE

  7. The created profile will be listed on the  Host Monitoring page

  8. The below icon is displayed when the scan is in progress. Expand the profile to view more information

    Picture 199

     

    NOTE: 

    When a host is associated with a profile and a scan is required to generate a new profile using the same host, ensure that the scan is triggered ONLY after the AI is restarted

     

  9. Once the scan is complete, click the icon below

    Picture 102

  10. The warning message below is displayed

    Picture 103

  11. Click Publish Changes to update all the associated hosts

    Picture 104

 

<< PREVIOUS  NEXT >>