Print Download PDF Send Feedback

Previous

Next

Monitoring Endpoint Security Deployment and Policy

Monitoring your Endpoint Security policy and deployment should be a very important part of your-day-to-day work. The Reporting tab includes many different types of Endpoint Security status reports.

To see monitoring reports:

  1. In SmartEndpoint, click the Reporting tab.
  2. Select a report type from the Monitoring tree.
    The report shows in the pane.
  3. Double-click an object in the User or Computer Name field to open a Details window.

    You can assign, create, and change policies from the Details window.

Each report shows a summary chart and an Endpoint List that shows the users and computers. You can sort and filter the monitoring information by different criteria.

Double-click a user or computer to see its status and the configured rules and actions for each installed component.

Endpoint List Area - Icons and Controls

Item

Description

Search

Enter a text string to search all columns and results that contain the string are shown.

Status:

Select a status to filter by. The options are based on the open report. Endpoints with that status are shown.

In:

Narrow the results to an OU, node or group in the organization. Click to select an item in the Select Node window.

or

Double click to open the selected user or computer.

Click to see other options available. Options include Push Operations. Some options are not available for all reports.

Add to virtual group - Add the selected objects to a virtual group.

Toggle chart percentage - Add and remove the percentages shown on the graph.

Hide Chart/Show Chart - Close or open the pane with the graph.

Export Report - Export the report results to an XLS, HTML, or CSV file.

Alerts

The alerts pane shows which endpoint computers are in violation of critical security rules. These violation types can trigger alerts:

The lower section of the pane contains two tabs:

Configuring Alert Messages

You can configure Endpoint Security to send different types of messages.

Message Type

When Sent

Comments

Initial Alert

Number of endpoints with security violations exceeds the specified threshold

Shows the number of endpoints with violations and the violation type

Alert Reminder

Repeatedly according to a specified frequency as long as the number of endpoints exceeds the threshold

Shows the number of endpoints with violations and the violation type

Alert Resolved

Number of endpoints with security violations falls below the specified threshold

Shows that the alert has been resolved

To define security alerts:

  1. On the Alerts pane, select a security violation and click Configure.

    The Alert Configuration window opens.

  2. Select how the amount of endpoints that trigger alerts are measured:
    • Percentage - The percentage of endpoints in the environment.
    • Absolute values - The number of endpoints in the environment.
  3. Select a percentage or absolute value for the fields:
    • Trigger alert when the condition reaches - When the initial alert message is sent.
    • Optional: After the alert was triggered, turn off when less than - When an alert resolved message is sent.
  4. In the Notification Settings area, select which type of messages to send:
    • Select Notify on alert activation to send an Initial Alert message.

      Clear to disable initial alerts.

    • Select Notify on alert resolution to send an Alert Resolved message when applicable.

      Clear to disable Alert Resolved messages.

    • Select an Alert Reminder frequency from the Remind every list.

      Select None (default) to disable reminders.

  5. In the Add New Recipient field, enter an email address for recipients who will get the alerts.
  6. Click Add.
  7. Click OK.

Configuring an Email Server

You must configure your email server settings for the Security Analysis to send alert email messages. If you use Capsule Docs it is also important to configure this. The settings include the network and authentication parameters necessary for access to the email server. You can only define one email server.

To configure the email server:

  1. In SmartEndpoint, select Manage > Email Server Settings > Configure Settings.
  2. In the Email Server Settings window, enter the email server host name or IP address.
  3. Select the Port number for the email server (default = 25).
  4. If the email server requires an SSL connection, select Enable SSL Encryption.
  5. If email server authentication is necessary, select User authentication is required and enter the credentials.
  6. Click Send Test Email to make sure that you can successfully access the email server.
  7. In the window that opens, enter an email address that the test will be sent to and click Send.
    • If the verification succeeds, an email is sent to the email address entered and a Success message shows in the Email Server Settings window.
    • If the verification fails, an Error message shows in the Email Server Settings window. Correct the parameters errors or resolve network connectivity issues. Stand on the Error message to see a description of the issue.
  8. Click OK to save the email server settings and close the window.

Troubleshooting issues with email settings

If the email server does not send alerts and email server authentication is not necessary do these steps:

  1. In SmartEndpoint, select Manage > Email Server Settings > Configure Settings.
  2. In the Email Server Settings window select User authentication is required.

    Configure these parameters :

    • Port - Leave the default (25).
    • User Name - Enter a fictitious email address. This address will show as the sender of email alerts.
    • Password - Enter a fictitious password. This is not used.
  3. Optional: Trigger an alert to test the email server.