Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Overview

The Toolbox is a self service tool accessing a combination of services that allows customers to remotely manage services on one or multiple Virtual Machines on an account. Below are how to steps for using the toolbox as well as descriptions of the services you can manage with the toolbox.

Users looking to deploy services at scale can use the Toolbox to schedule tasks for a fleet of assets in their environment.

...

Multimedia
nametoolbox final.mp4
width600
height300

...

How to Schedule a Task

Users can access the Toolbox in the Armor Management Portal (AMP) on the Toolbox screen. The Toolbox screen is in the Infrastructure section of AMP. For more information on the Toolbox screen, click here. Once a task has been scheduled, the page will list all pending and completed tasks. The Schedule Task button will be available at the top of the screen.

...

  1. Navigate to the Toolbox screen in AMP.

  2. Click Schedule Task.

  3. Click the Product drop-down and select the desired Armor Security Service.

  4. Click the Operation drop-down and select the desired operation.

  5. If necessary, enter additional configuration parameters in the Additional Configuration text box.

  6. Enter a Task Name in the Task Name field.

  7. Click Schedule Future Date to select the task date.

    1. Unless configured otherwise, all tasks will run at the next Agent Heartbeat (every 15 minutes).

  8. Click Select VMs button.

  9. Select the appropriate Virtual Machines using the check boxes.

  10. Click Select VMs.

  11. Click Schedule Task.

...

Asynchronous Security API Calls

...

Users may want to configure security services asynchronously so that security services can be activated without immediately triggering feedback. For some commands, users can use the flag async=true to queue these features as needed. The command async=true works for both Windows and Linux and should be placed at the end of the command line as shows in the example below:

...

The async flag can also be configured in the Armor Toolbox.

Review Task Results

...

Users can review the results of tasks run through the Armor Toolbox using the CLI Results tab of the Virtual Machines screen.

Security Services

Below are the Armor Security Services you can manage from the Armor Toolbox. Several operations can be run asynchronously to prevent immediate API feedback. For more information on the Async Flag, please see the documentation above.

Trend

...

Trend is the parent sub-agent for all Trend modules, including Malware Protection, File Integrity Monitoring, and Intrusion Prevention.

One of the features available in Agent 3.0 is Recommendation scans. Recommendation scans provide a good starting point for establishing a list of rules that you should implement. During a recommendation scan, the Armor Agent scans the operating system for installed applications, the Windows registry, open ports, and more.

...

Operation

Description

Async Flag

av on

Turn anti-malware protection on

Yes

av off

Turn anti-malware protection off

Yes.

av status

Reports status of module from subagent



File Integrity Monitoring

...

The Armor File Integrity Monitoring service detects changes to files and critical system areas (e.g. Windows registry) that could indicate suspicious activity. If you have enabled Recommendation scans (Trend sub-agent), you can run Recommendation scans with FIM to identify a list of rules that should be applied based on the configuration of your Virtual Machine. You can also choose to have the recommended rules automatically applied to your machine.

...

.Vulnerability Management

...

Armor's Vulnerability Scanning service detects OS and application vulnerabilities present in your environment.

...

Operation

Description

vuln install

Install Qualys vulnerability management

vuln uninstall

Uninstall Qualys vulnerability management

.

Logging

...

The Armor Logging service ships OS logs to Armor for correlation and analysis.

...

CentOS/RHEL

Ubuntu/Debian

Windows

/var/log/secure

/var/log/messages

/var/log/audit.log

/var/log/yum.log

/var/log/auth.log

/var/log/syslog

System Event Log

Security Event Log

Log Relay

...

To use this feature, select the Log Relay product in the Toolbox and choose the "install" operation.

Operation

Description

relay install

Install Log Relay Software

relay uninstall

Uninstall Log Relay Software

Additional Services

Tags

...

Armor's Tagging feature allows users to add metadata tags to their logs. Users can search for these tags via API or in the Armor Management Portal (AMP) on the Virtual Machines screen. To use this feature, select the Tags product in the Toolbox and choose the "create tags" operation. In the Additional Configuration text box, enter a key value pair (e.g. key=pair). You can enter more than one tag using a comma as separator.

...