Versions Compared

Old Version 4

changes.mady.by.user Max Pinion (Deactivated)

Saved on

compared with

New Version 5

changes.mady.by.user Mike Murphy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Additional Configuration for Event Reporting

To show By default Arellia events only send the file hash of the file and not the file name, path, internal file details, or signature. The additional information is collected by Arellia's resource discovery and file inventory processes. 

To collect and show the other file details (not just the file hash) in the Application Event Reports, we recommend a few configurations.[[are there multiple configurations in this section or just one?]]

  1. From the Arellia Console navigate to the Configuration tab.
  2. From the Configuration tab, select Settings/Arellia / Infrastructure / Resource Discovery / Resource Discovery Agents.
  3. Right-click File Agent Discoverer, and select Enable.
  4. Right-click File Discoverer from ACS Events, and select Enable.

Resource discovery agents are on by default.

In production, what you will see is some file hashes without details. This is because the full loop process has not completed. By default, file inventory is 1 day, resource discovery update is 30 minutes, and Agent resource discovery is 12 hours so it can take a while to gather all the information. The gathering of file information is split into 3 parts in order to make events much more streamlined and scalable.

1.File Inventory - Not on by default. Policies tab - Arelia > file inventory this is done when an application executes or upon the file inventory schedule. The file hash and location is gathered locally on the client and the file hash sent to the SMP server.do the following:

  1. Navigate to Policies > Arellia Solutions > File Inventory Policies.
  2. Enable the Default File Inventory Policy.
    Image Added

Speeding the discovery process up

The default file inventory and resource discovery schedules have been optimized for large environments. For smaller environments, the schedules can be sped up by changing the following: 

1.Default File Inventory Policy - The schedule of the policy mentioned above can be changed from every week to every day or every couple of hours. 
2.Resource Discovery Update - Any hash that does not have resource details is schedule to be discovered for one machine. We optimize the client and server load by only assigning one system to gather that detailThis process is executed every 15 minutes on the server. To change the schedule navigate to Tasks > Infrastructure Scheduled Activities > Resource Discovery and change the schedule.
3.Agent Resource Discovery - Agents will pull down their jobs and determine what files need details to be discovered.automatically perform resource discovery every 4 to 8 hours. This schedule can be changed by navigating to Policies > General > Perform Resource Discovery. 

Warning
titleCaution

Changing the File Inventory, Resource Discovery Update, and Agent Resource Discovery configuration is not recommended outside a testing environment as it degrades system performance. It is only recommended so demonstration scenario results can be viewed immediately.

...

.

...

...

 

...

  • Change the Interval to 10 minutes.
  • Click Save.

...

  • Change the Interval to 5 minutes.
  • Click Save.

...

For further details see Application Control Agent Configuration.