184.108.40.206. The Initial Settings after DSA installation¶
220.127.116.11.1. Running a Recommendation Scan¶
Select the Computer tab at the Menu tab ⇒ Display the detail screen of the individual computer from the “Computer” pane ⇒ Display the computer property.
Move to the [ Intrusion Prevention ] pane ⇒ Click the displayed contens of recommendatoin scan settings after clicking the “General”.
Following are details of respective items of “Recommendations”.
“Current Status” shows the number of current assigned rules. All the rules assined to the policy has been forcely done. The above picture shows the default state, provided by the policy.
Here, the latest informtion after the recommendation scan will describe. “NO” displayed as pictured above means either that reccomendation scan not execute or that reccomendation scan has cleaned up.
This is the settings to auto-assign a rule after running a recommendation scan. If [No] displays at the screen as pictured above, the policy rule will not be automatically assigned.We recommend that you set up this as [ YES ].
If you execute the recommendation scan by manual, click the button.
Click this if desired to halt the scan while a task scan is running or after executed [ C ].
Click this, if desired to clear a result of a recommendation scan.
Click [ d ] in [ 2 ] , run the reccomendation scan by manual. Adter this scan has done, the following picture will display.
From the rules applied, cancel non-recommended rules. In case those non-recommended rules are kept being used, it enables the Agent to prevent any attacks although the computer itself is not vulnerable.
You are noted that the more assigned rule increases, the more computer processing becomes delayed. Therefore, we recommend you narrow up only rules enabling protections for such vulnerable states.
To cancel the rules, open the properties of the policy, assigned to the computer running by Recommendation scan. Move to the “Intrusion Prevention” pane ⇒ Click the “General” tab. Click the “Assgnment Unassignment”.
By clicking “Assignment Unassignment”, display the policy rule list. Change the screen condition as “Recommended for Unassignment“
The list of the policy rules recommended for unassignment will display.
By unmarking to the rule checkbox at the left-side as [ OFF ] , you can cancel the rule. Whereas if the rule checkbox stays as unactive, you need to move to the upper layer policy ( an Inherited Destination ) of one and unmark to the rule policy checkbox as [ OFF ].
Any rule indicated with a green flag is that the Recommendation Scan considers it as important; this means the Agent recognizes the rule is essential as an application. In some environments, the flag appears even when any vulnerable application is not applied. In this case, the user needs to decide the cancellation of the rule by his-/herself.
Some rules requires the settings of the threashold, port number and log storage location, depending on your environment. To do the setting, please operate at propeties of respective rules.
18.104.22.168.2. Integrity Monitoring Baseline¶
Click the “Integrity Monitoring” pane at the detail screen of each computer.
By clicking the “Rebuilt Baseline” at the Baseline filed, you can build a new baseline.
By clicking the “View Baseline” at the “Baseline” field, you can verify a created baseline.