Anchor | ||||
---|---|---|---|---|
|
...
covered
Create a File Parameter Selection
This document shows you how to create a whitelist policy for your reference system that targets a collection of computers, searches for Windows executables, and then adds any Windows executables to a whitelist.
Anchor | ||||
---|---|---|---|---|
|
...
resource target
First you will need to create a resource target that contains the desired reference system(s). To create a resource target, do the following steps:
- In the Thycotic Security Manager Console, click the Resources tab.
- In the left pane, click Resource Filters.
- Right-click the Resource Target folder.
- Click New > Resource Targets > Resource Target.
- Enter a name and description.
- Click OK.
- In the right pane under Filtering Rules, click the Add rule button.
- In the Then menu, "excludes computers not in" will be the default.
- In the menu just to the right of the Then menu, choose Computer List.
- Then click Select.
- In the Select Item window that opens, click the computer resources that represent your reference system(s).
- Click OK.
...
Anchor | ||||
---|---|---|---|---|
|
...
file scan policy
Now that you have your targeting established you can create a file scan policy to add files to your whitelist.
- In the Thycotic Security Manager Console, click the Policies tab.
- In the left pane, navigate to the Arellia Thycotic Solutions > File Inventory > Policies folder.
- Right-click the Policies folder and click New > General Scheduled Client Task.
- In the Create Item dialog box, give the task a name and description.
- Under Client Command, click the Select link.
- In the Client Command dialog box, click File Scan Command.
- Click OK.
- Under Resource Targets, click the All Managed Computers (Target) link.
- In the Resource Targets dialog box, choose the endpoints you want to include in the policy.
- In the Create Item dialog box, click OK.
- Configure the new policy settings as follows:
- Turn on the new policy.
- Under File Specifications choose Executables in Windows Directories.
- Under Reporting Specifications choose Executions in Windows Directories not present in Security Catalogs.
- Configure the schedule interval for how often the file scan will execute.
Note: During the initial testing phase the file scan can be started manually using Windows Task Scheduler on the reference system.
- Click Save.
Copy of Manually Create a Reference System Whitelist Policytop
Anchor Parameters Parameters
Create a
Parameters | |
Parameters |
...
file parameter collection
Once the file scan has run on the reference system(s) you will have a list of all executables in the Windows directories that are not contained in a security catalog.
...
Create a file parameter collection by doing the following steps:
- In the Thycotic Security Manager Console, click the Policies tab.
- In the left pane, navigate to the Arellia Solutions to the Thycotic Solutions > Application Control > Filters > Inventory Filters.
- Right-click the Inventory Filters folder.
- Click New > File Scan Results Filter (Policy).
- Give the filter a name and optional description.
- Click OK.
- In the Right pane, set the Data Source to the new policy.
- Next to Reporting Filter click the Select link and choose the reporting filter you configured in the previous steps.
- Under Results click Included.
- Click Save.
...
Anchor | ||||
---|---|---|---|---|
|
...
whitelist policy
When you have completed the previous steps, put them all into a Reference System Whitelist Policy reference system whitelist policy by doing the following steps:
- In the Thycotic Security Manager Console, click the Policies tab.
- In the left pane, navigate to Arellia Thycotic Solutions > Application Control > Policies > Whitelisting.
- Right-click the Whitelisting folder.
- Click New > Blank Application Control Policy.
- Give the policy a name and optional description.
- Click OK.
- In the Applications to Control tab, click the Select Applications to control... link.
- In the Select Items dialog box that opens, select the file parameter collection you created previously.
- In the Policy Enforcement tab, set the Policy priority at a number lower than your orangelist or deny policy priorities.
- Ensure that Continue enforcing policies after enforcing this policy is unchecked.
- Click Save.
Copy of Manually Create a Reference System Whitelist Policytop
You now have a working reference system whitelist policy configured.
Related
...