...
Armor Service | Issue | Remediation |
|---|
IDS | IDS has not provided a heartbeat in the past 4 hours. |
| Expand |
|---|
| title | Step 1: Verify the status of the agent |
|---|
|
| Description | Command |
|---|
| Windows | Verify that the service is running | gsv -displayname *trend* |
|---|
| Linux | Verify that the service is running | ps -axu | grep ds_agent |
|---|
|
| Excerpt |
|---|
|
| Expand |
|---|
| title | Step 1: Verify the status of the agent |
|---|
|
| Windows |
| Code Block |
|---|
& "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetComponentInfo | sls FWDPI
Component.FWDPI.dpiRules: 164
Component.FWDPI.driverState: 3
Component.FWDPI.firewallMode: on-tap
Component.FWDPI.mode: on-tap |
|
|---|
| Linux |
| Code Block |
|---|
[root@ip-172-31-43-60 ~]# /opt/ds_agent/dsa_query -c GetComponentInfo | grep FWDPI
2016-11-18 01:15:47.000000: [Debug/6] | Starting thread 'CScriptThread' with stack size of 1048576 | /build/workspace/Sustain/9.6SP1HF/Build_DSA_96SP1HF_Amazon64/src/dsa/core/threadMgr/Runnable.cpp:587:start | FA6:7F7767397880:*unknown*
Component.FWDPI.dpiRules: 145
Component.FWDPI.driverState: 3
Component.FWDPI.firewallMode: on-tap
Component.FWDPI.mode: on-tap |
|
|---|
|
|
| Expand |
|---|
| title | Step 2: Check the connectivity of the agent |
|---|
|
| Description | Command |
|---|
| Windows | Verify the URL endpoint epsec.armor.com | & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetAgentStatus | sls -pattern url |
|---|
| Confirm connection to the URL | new-object System.Net.Sockets.TcpClient('146.88.106.210', 443)
|
|---|
|
|
|
|---|
| Linux | Verify the URL endpoint epsec.armor.com | /opt/ds_agent/dsa_query -c GetAgentStatus | grep AgentStatus.dsmUrl |
|---|
| Confirm connection to the URL | telnet 146.88.106.210 443 |
|---|
|
| Expand |
|---|
| title | Step 3: Manually heartbeat the agent |
|---|
|
| Description | Command |
|---|
| Windows | Verify a 200 response |
| Code Block |
|---|
PS C:\Users\Administrator> & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_control.cmd" -m
HTTP Status: 200 - OK
Response:
Manager contact has been scheduled to occur in the next few seconds. |
|
|---|
| Linux | Verify a 200 response |
| Code Block |
|---|
/opt/ds_agent/dsa_control -m |
|
|---|
|
|
IDS | IDS is installed but has not been configured. |
| Expand |
|---|
| title | Step 1: Verify the status of the agent |
|---|
|
| Description | Command |
|---|
| Windows | Verify that the service is running | gsv -displayname *trend* |
|---|
| Linux | Verify that the service is running | ps -axu | grep ds_agent |
|---|
|
| Expand |
|---|
| title | Step 2: Check the connectivity of the agent |
|---|
|
| Description | Command |
|---|
| Windows | Verify the URL endpoint epsec.armor.com | & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetAgentStatus | sls -pattern url |
|---|
| Confirm connection to the URL | new-object System.Net.Sockets.TcpClient('146.88.106.210', 443)
|
|---|
|
|
|
|---|
| Linux | Verify the URL endpoint epsec.armor.com | /opt/ds_agent/dsa_query -c GetAgentStatus | grep AgentStatus.dsmUrl |
|---|
| Confirm connection to the URL | telnet 146.88.106.210 443 |
|---|
|
| Expand |
|---|
| title | Step 3: Manually heartbeat the agent |
|---|
|
| Description | Command |
|---|
| Windows | Verify a 200 response |
| Code Block |
|---|
PS C:\Users\Administrator> & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_control.cmd" -m
HTTP Status: 200 - OK
Response:
Manager contact has been scheduled to occur in the next few seconds. |
|
|---|
| Linux | Verify a 200 response |
| Code Block |
|---|
/opt/ds_agent/dsa_control -m |
|
|---|
|
|
IDS | IDS is not installed or enabled. |
| Expand |
|---|
| title | Step 1: Verify the status of the agent |
|---|
|
| Description | Command |
|---|
| Windows | Verify that the service is running | gsv -displayname *trend* |
|---|
| Linux | Verify that the service is running | ps -axu | grep ds_agent |
|---|
|
| Expand |
|---|
| title | Step 2: Check the connectivity of the agent |
|---|
|
| Description | Command |
|---|
| Windows | Verify the URL endpoint epsec.armor.com | & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetAgentStatus | sls -pattern url |
|---|
| Confirm connection to the URL | new-object System.Net.Sockets.TcpClient('146.88.106.210', 443)
|
|---|
|
|
|
|---|
| Linux | Verify the URL endpoint epsec.armor.com | /opt/ds_agent/dsa_query -c GetAgentStatus | grep AgentStatus.dsmUrl |
|---|
| Confirm connection to the URL | telnet 146.88.106.210 443 |
|---|
|
| Expand |
|---|
| title | Step 3: Manually heartbeat the agent |
|---|
|
| Windows |
| Code Block |
|---|
PS C:\Users\Administrator> & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_control.cmd" -m
HTTP Status: 200 - OK
Response:
Manager contact has been scheduled to occur in the next few seconds. |
|
|---|
| Linux |
| Code Block |
|---|
/opt/ds_agent/dsa_control -m |
|
|---|
|
|
Vulnerability Scanning
...
To remediate Vulnerability Scanning issues, please refer to thisĀ documentation.