CREATE HOST PROFILE
To create a profile, follow the below steps:
-
Navigate to Host Security > Host Monitoring in the left navigation pane
-
Click ADD PROFILE
-
A pop-up window is displayed
-
A profile must be generated by collecting information about the processes running on the host
-
Provide the below information:
-
Name – Name of the profile
-
Profile Tag – Tag used during VM Probe auto registration
-
Library Monitoring – Select the box to enable Library Monitoring
-
Memory Exploit Protection – Enable it for Memory Exploit Protection. Refer page VSP Memory Exploit Protection of Operations for more information
-
Auto-Allowlist – Auto allowlist files with reputation 'SAFE'
-
Auto Allowlist Unknown Files from Reference Host Scan – Auto allowlist the files with reputation 'UNKNOWN' from the reference host scan
-
Auto Allowlist Unknown Files from Reference Host Scan and Incidents – Auto allowlist the files with reputation 'UNKNOWN' from the reference host scan and the incidents
-
Scan Complete File System – Upon selection, the entire file system is scanned
NOTE:
The option Scan Complete File System is not applicable from VSP patch release 2.2.1 onwards. The File System scan is performed and the package list is considered by VSP-Host, irrespective of the user preference
-
Host Name – Select the name of the host from the drop-down list
-
Default Monitoring Mode – Select the required Monitoring Mode – Protect OR Detect. This is applicable for all the hosts except the reference host used to create the allowlist. Ensure that the monitoring mode is explicitly set for the reference host once the host scan is complete and the allowlist is published. For subsequent hosts associated with the profile, the default Mode is applied automatically
-
App Control Policy Name – Select the appropriate App Control policy from the drop-down list. Refer to page Create Policy of Operations for information on App Policy creation. This is an optional field. Select None from the dropdown if no profile needs to be configured
-
Protection Profile Name – Select the appropriate Protection profile from the drop-down list. Based on the selected Host OS, Protection Profiles relevant for that OS are populated. This is an optional field. Select None from the dropdown if no profile needs to be configured
-
Exclusions for Allowlist – It is the list of directories that need to be excluded from process and library monitoring. Processes launched from these directories are not reported as incidents. Add the directories individually and press return key. Normal regex syntax can be utilized. This is a local list applicable only to the profile being created. For more information on global exclusion list, refer page Global Exclusion List of Operations
-
Exclusions for Memory Exploit Protection – This is the list of directories that need to be excluded from Memory Exploit Protection. Refer page VSP Memory Exploit Protection of Operations for more information
NOTE:
In both Windows and Linux, the mounted folders are auto-excluded during the initial system scan
-
-
Click SAVE
-
The created profile will be listed on the Host Monitoring page
-
The below icon is displayed when the scan is in progress. Expand the profile to view more information
NOTE:
When a host is associated with a profile and a scan is required to generate a new profile using the same host, ensure that the scan is triggered ONLY after the AI is restarted
-
Once the scan is complete, click the icon below
-
The warning message below is displayed
-
Click Publish Changes to update all the associated hosts