Versions Compared

Old Version 77

changes.mady.by.user Emad Abualjazer

Saved on

compared with

New Version 78

changes.mady.by.user Aaron Gabriel (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Topics Discussed

...

The File Integrity Monitoring (FIM) service provides collection, analysis, and notification of changes to critical operating system files, as defined by Armor's FIM policy. Armor utilizes an enterprise-class FIM application and deploys the application agent with the Armor Agent. Armor is responsible for the configuration of the FIM services via remote agent. Configuration includes the application and maintenance of the policies associated with the service. Configuration specific to the local Host or network/environment to enable the service is a Customer responsibility. Armor is responsible for the administration of the FIM service through the Armor Agent. For the purposes of this section, "administration" is defined as the management of licenses and the application used to provide the service and the administration of the underlying FIM platform.

...


When traditional firewalls or intrusion detection systems (IDS) fail to prevent or detect a threat, monitoring operating system (OS) and application changes at the host level provides an additional layer of detection for indicators of compromise (IOC) or a breach of your environment. Security teams are largely in the dark to an attacker's presence, activities, and movements without monitoring processes and applications at the host level. Armor FIM watches your hosts 24/7/365 for anomalous and unauthorized activities to detect potential threats. It monitors critical system file locations on your hosts as well as critical OS files for changes that may allow threat actors to control your environment.

...

Info

You can also manage the Trend sub-agent in the Armor Toolbox.

Recommendation Scans

...

One of the features available in Agent 3.0 is Recommendation scans. Recommendation scans provide a good starting point for establishing a list of rules that you should implement. During a recommendation scan, the Armor Agent scans the operating system for installed applications, the Windows registry, open ports, and more. To take advantage of Recommendation scans, turn on Ongoing Recommendation scans in the Toolbox.

Info

Recommendation Scans work in tandem with the Auto-Apply configuration for FIM. The results of the Recommendation Scan can only be applied when Auto-Apply for the FIM service is turned on.

...

Info

Troubleshooting

Armor troubleshoots servers that contain File Integrity Monitoring sub-components in a Warning or Critical status. To troubleshoot with Armor, you must submit a support ticket.

  1. In the Armor Management Portal (AMP), click Support, and then click Tickets.

  2. Click Create a Ticket.

  3. Select or search for the desired category for your ticket request type.

  4. Complete the missing fields.

    1. In Description, enter useful details that can help Armor quickly troubleshoot the problem.

  5. Click Create.

  6. To view the status of your ticket, in the left-side navigation, click Support, and then click Tickets.

...