Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

By default, You need to set Application Control Agent configuration options are not set to agent configuration options to readily test configuration changes in a test environment. The agent configuration configurations outlined in this document allows allow for accelerated feedback when testing Use Cases.

Accelerated configuration and feedback

 To To configure the Application Control Agent for accelerated configuration and feedback, do the following steps:

  1. In the Security Manager Console, click the Configuration tab.
  2. In the file library in the left pane, navigate to Settings > Agents/Plug-ins > Arellia > Application Control > Application Control Agent Configuration.
  3. Click Application Control Agent Configuration Policy.
    Image Added
  4. Set Send Application Action events interval to one minute.
  5. Set Refresh Client Item cache interval to five minutes.
  6. Click Save.

Image Removed

Additional Configuration for Event Reporting

To show other file details (not just the file hash) in the Application Event Reports, we recommend a few configurations.

  1. From the Arellia Console navigate to the Configuration tab.
  2. From the Configuration tab, select Settings / Arellia / Infrastructure / Resource Discovery / Resource Discovery Agents.
  3. Right-click File Agent Discoverer, and select Enable.
  4. Right-click File Discoverer from ACS Events, and select Enable.

In production, what you will see is some file hashes without details. This is because the full loop process has not completed. By default, file inventory is 1 day, resource discovery update is 30 minutes, and Agent resource discovery is 12 hours so it can take a while to gather all the information. The gathering of file information is split into 3 parts in order to make events much more streamlined and scalable.

1.File Inventory - this is done when an application executes or upon the file inventory schedule. The file hash and location is gathered locally on the client and the file hash sent to the SMP server.
2.Resource Discovery Update - Any hash that does not have resource details is schedule to be discovered for one machine. We optimize the client and server load by only assigning one system to gather that detail.
3.Agent Resource Discovery - Agents will pull down their jobs and determine what files need details to be discovered.

Warning
titleCaution

Changing the File Inventory, Resource Discovery Update, and Agent Resource Discovery configuration is not recommended outside a testing environment as it degrades system performance. It is only recommended so demonstration scenario results can be viewed immediately.

You can also speed up this process by increasing the agent resource discovery interval. (Recommended for Demo environments only)

  • Select Default File Inventory Policy (Arellia / Agents/Plug-ins / Arellia / File Inventory / Settings).
    • Change the Interval to 10 minutes.
    • Click Save.
  • Select Default Resource Discovery Agent Policy (Arellia / Agents/Plug-ins / Arellia / Resource Discovery Agent Configuration).
    • Change the Interval to 5 minutes.
    • Click Save.
  • Select Resource Discovery Update (Arellia / Infrastructure / Resource Discovery).
    • Click New Schedule.
    • Select At date/time.
    • Set it to repeat every 5 minutes.
    • Click Save.

...

  1. Image Added

 

Why Do My Files Not Have Names?