Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

titleSummary

...

You need to set Application Control agent configuration options to readily test configuration changes in a test environment. The

...

agent configurations outlined in this document allow for accelerated feedback when testing Use Cases.

...

Accelerated configuration and feedback

To configure the Application Control Agent for accelerated configuration and feedback

...

, do the following steps:

  1. In the Security Manager Console, click the Configuration tab.
  2. In the file library in the left pane, navigate to Settings>Agents/Plug-ins>Arellia > Application Control > Application Control Agent Configuration.

...

  1. Click Application Control Agent Configuration Policy.
    Image Added
  2. Set Send Application Action

...

  1. events interval to one minute.
  2. Set Refresh Client Item

...

Image Removed

Additional Configuration for Event Reporting

In production, what you will see is some file hashes without details. This is because the full loop process has not completed. By default, file inventory is 1 day, resource discovery update is 30 minutes, and Agent resource discovery is 12 hours so it can take a while to gather all the information. The gathering of file information is split into 3 parts in order to make events much more streamlined and scalable.

1. File Inventory - this is done when an application executes or upon the file inventory schedule. The file hash and location is gathered locally on the client and the file hash sent to the SMP server.
2. Resource Discovery Update - Any hash that does not have resource details is schedule to be discovered for one machine. We optimize the client and server load by only assigning one system to gather that detail.
3. Agent Resource Discovery - Agents will pull down their jobs and determine what files need details to be discovered.

In order to show other file details, not just the file hash, in the application event reports a few configurations are recommended.

  • From the Arellia Console click on Configuration
  • Navigate to Settings > Arellia > Infrastructure > Resource Discovery > Resource Discovery Agents
  • Right-click File Agent Discoverer and Select Enable
  • Right-click File Discoverer from ACS Events and Select Enable

You can also speed up this process by increasing the agent resource discovery interval. (Recommended for Demo environments only)

  • Select Default File Inventory Policy (Arellia > Agents/Plug-ins > Arellia > File Inventory > Settings)
    • Change the Interval to 10 minutes
    • Click Save
  • Select Default Resource Discovery Agent Policy (Arellia > Agents/Plug-ins > Arellia > Resource Discovery Agent Configuration)
    • Change the Interval to 5 minutes
    • Click Save
  • Select Resource Discovery Update (Arellia > Infrastructure > Resource Discovery)
    • Click New Schedule
    • Select At date/time
    • Set it to repeat every 5 minutes
    • Click Save

For further details see Application Control Agent Configuration.

...

titleCaution

...

  1. cache interval to five minutes.
  2. Click Save.
    Image Added

 

Why Do My Files Not Have Names?