Monitoring Harmony Endpoint Deployment and Policy

Monitoring your Endpoint Security policy and deployment should be a very important part of your-day-to-day work.

The Overview view > Operational Overview page has the Active Alerts pane on the right. This page shows which endpoint computers are in violation of critical security rules.

These violation types can trigger alerts about various issues.

For example:

Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. warning
Failed deployment
Encryption problem
Anti-Malware A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. issues
Policy server out-of-sync
Anti-Malware License Expiration Date

Configuring Alert Messages

To define security alerts

Go to the Endpoint Settings view > Alerts, and select a security violation.
Select the applicable alert from the list.
In the right section Alert Configuration:
1. Select ON in the top line:
  
  The computer is restricted or about to the restricted
2. Configure these settings:
  - Threshold Settings - Select how the amount of endpoints that trigger alerts are measured, by percentage or number.
  - Notification Settings - Select the notification type you receive when an alert is triggered:
    - Notify on alert activation - Sends a notification when an alert the number of Endpoint devices with violations exceeds the configured threshold.
    - Notify on alert resolution - Sends a notification when an alert the number of Endpoint devices with violations decreases below the configured threshold.
    - Remind me every - Sends a notification repeatedly according to a specified frequency, as long as the number of Endpoint devices with security violations exceeds the configured threshold.
    - Recipients - Enter the email addresses of the message recipients (separated by comma).
  - Email Template Settings - You can configure a unique email template to be sent to you when an alert is triggered. The email Subject and Body contain dynamic tags. Dynamic tags are replaced by the server with the relevant information during email sending. Remove the tags you do not wish to include in the email.
    - Attach report to mail notification - If selected, a CSV report with all the device details related to a particular alert will be attached to email. If there are no affected devices, nothing is attached
    - Subject - Contains these dynamic tags: type (alert activation, alert resolution or alert reminder), alert name, and tenant name.
    - Body - Contains these dynamic tags: type(alert activation, alert resolution or alert reminder), alert name, affected-count, and total-count.
    - Send Test Report - If selected, a notification email according to the configured template is sent for a particular alert.
    To send emails for alerts, you must follow the steps in the Configuring an E-mail Server section below.
Click Save.

Note - Alerts are reevaluated every 10 minutes.

When the alerting criteria are updated, the alerting is reevaluated on the next iteration.

When alerting is (re)enabled, it forces the alerting mechanism to immediately (re)start and (re)evaluate.

Configuring an E-mail Server

You must configure your email server setting for Endpoint Security to send you alert email messages.

If you use Capsule Docs A component on Endpoint Security Windows clients. This component provides security classifications and lets organizations protect and share documents safely with various groups - internal and external. it is also important to configure this.

The settings include the network and authentication parameters necessary for access to the email server.

You can only configure one email server.

To configure the email server

In Endpoint Settings > Alerts > at the top, click Email Service Settings.

The Email Service Settings window opens.
Enter these details:

Host Name - Email serve host name.
From Address - Email address from which you want to send the alerts.
User Authentication is Required - If email server authentication is necessary, select this option and enter the credentials in the User Name and the Password fields.
Enable TLS Encryption - Select this option if the email server requires a TLS connection.
Port - Enter the port number on the email server.
Test Email - Enter an email address to send the test to, and click Send Test:
- If the verification succeeds, an email is sent to the email address entered and a success message shows in the Email Service Settings window.
- If the verification fails, an error message shows in the Email Service Settings window.
  
  Correct the parameters errors or resolve network connectivity issues. Stand on the error message to see a description of the issue.

Click OK to save the email server settings and close the window.