2.3.6.1. The Initial Settings after DSA installation

Under the environment using neither “Mal-Ware” nor “Firewall Function”, you need to modify the newly created policy, according to your compute.
Using a recommended search just after applying a new policy allows a adquate rule (recommend or recommend to cancel) to be assigned to each computer. You need to utilize the following settings by assigning a proper rule, after verifying the need of applyed rule and setting up individual rules.
In the system event, you need to verify the occuring events and change the setting value depending on the environment.

2.3.6.1.1. Running a Recommendation Scan

For a recommendatiom scan, the adequire rule for your environment requires. Implementing Agent installation and Agent activation has not set up a proper policy rule to an individual computer, but has provided just only the rule set at the policy rule.
Generally, a policy rule will be automatically assigned just after doing “Recommendation Setting Scan”. Besides, you can also apply the proper policy rule for the recommendation scan.

Recommendation Scan usually runs upon all functions, even by executing from any setting screen of “Intrusion Prevention”, “Integrity Monitoring”, or “(Security) Log Inspection” . Here we explains by using a “Intrusion Prevention”. The use and operation in both “Integrity Monitoring” and “Log Inspection*” are totally as same as the ones in”**Intrusion Prevention” does ones.

  1. Select the Computer tab at the Menu tab ⇒ Display the detail screen of the individual computer from the “Computer” pane ⇒ Display the computer property.

recommendedscan
recommendedscan

  1. Move to the [ Intrusion Prevention ] pane ⇒ Click the displayed contens of recommendatoin scan settings after clicking the “General”.

recommendedscan
recommendedscan
Following are details of respective items of “Recommendations”.
  1. Current Status” shows the number of current assigned rules. All the rules assined to the policy has been forcely done. The above picture shows the default state, provided by the policy.

  2. Here, the latest informtion after the recommendation scan will describe. “NO” displayed as pictured above means either that reccomendation scan not execute or that reccomendation scan has cleaned up.

  3. This is the settings to auto-assign a rule after running a recommendation scan. If [No] displays at the screen as pictured above, the policy rule will not be automatically assigned.We recommend that you set up this as [ YES ].

  4. If you execute the recommendation scan by manual, click the button.

  5. Click this if desired to halt the scan while a task scan is running or after executed [ C ].

  6. Click this, if desired to clear a result of a recommendation scan.


  1. Click [ d ] in [ 2 ] , run the reccomendation scan by manual. Adter this scan has done, the following picture will display.

manualscan

At the pictured above, the result of the recommendation scan describes that additional 16 rules require to be assigned by manual. Twenty-four rules are no need for policies. If a policy rule applys, you need to cancel at the policy rule.


  1. From the rules applied, cancel non-recommended rules. In case those non-recommended rules are kept being used, it enables the Agent to prevent any attacks although the computer itself is not vulnerable.

You are noted that the more assigned rule increases, the more computer processing becomes delayed. Therefore, we recommend you narrow up only rules enabling protections for such vulnerable states.

To cancel the rules, open the properties of the policy, assigned to the computer running by Recommendation scan. Move to the “Intrusion Prevention” pane ⇒ Click the “General” tab. Click the “Assgnment Unassignment”.

apply/disapply

  1. By clicking “Assignment Unassignment”, display the policy rule list. Change the screen condition as “Recommended for Unassignment

list

  1. The list of the policy rules recommended for unassignment will display.

filter

  1. By unmarking to the rule checkbox at the left-side as [ OFF ] , you can cancel the rule. Whereas if the rule checkbox stays as unactive, you need to move to the upper layer policy ( an Inherited Destination ) of one and unmark to the rule policy checkbox as [ OFF ].

filter

  1. Any rule indicated with a green flag is that the Recommendation Scan considers it as important; this means the Agent recognizes the rule is essential as an application. In some environments, the flag appears even when any vulnerable application is not applied. In this case, the user needs to decide the cancellation of the rule by his-/herself.


  1. Some rules requires the settings of the threashold, port number and log storage location, depending on your environment. To do the setting, please operate at propeties of respective rules.


2.3.6.1.2. Integrity Monitoring Baseline

Integrity Monitoring requires to create a baseline. “Baseline” means a base point necessary for Integrity Monitoring.

  1. Click the “Integrity Monitoring” pane at the detail screen of each computer.

変更監視

  1. By clicking the “Rebuilt Baseline” at the Baseline filed, you can build a new baseline.

変更監視

  1. By clicking the “View Baseline” at the “Baseline” field, you can verify a created baseline.

変更監視