Anda di halaman 1dari 35

Lesson 8: Deployment Monitoring

2015 Imperva, Inc. All rights reserved.


Lesson Objectives
Interfaces:
Main > Monitor > System Events view.
Main > Policies > System Events Policies.
Admin > System Performance view.
Admin > Job Status.
Use System Events log to monitor changes in MX, Gateway and Agent
status
Use System Event Policies to create custom notifications
Integrate SecureSphere with IT / OPS event management systems.
Configure Followed Actions to send SecureSphere status updates to
event management systems.
Tune System Events thresholds to support desired notification
frequency.
Software Updates
2015 Imperva, Inc. All rights reserved.
Monitoring System Events

2015 Imperva, Inc. All rights reserved.


System Events

Go to Main > Monitoring > System Events.


Reasons for System Events
Status changes in SecureSphere
Audit changes made by Administrators
Record changes made by SecureSphere automatically

2015 Imperva, Inc. All rights reserved.


Monitoring System Events

Go to Main > Monitor > System Events.


System Events shows SecureSphere changes like
Gateway status, configuration change, user permissions.

2015 Imperva, Inc. All rights reserved.


System Events Monitor

Go to Main > Monitor > System Events.


Tracks changes
Automatic
Profile Learning
APU

Manual
Administrator

2015 Imperva, Inc. All rights reserved.


System Events Trigger Thresholds

Go to Admin > System Definitions.


Open Management Server Settings >System Events
Notifications.

2015 Imperva, Inc. All rights reserved.


System Event Policies

2015 Imperva, Inc. All rights reserved.


System Event Policies

Changes to system can represent risk.


System Event Policies define what SecureSphere is to do
when certain system events occur.
These are not a result of policy violation by monitored
traffic.

2015 Imperva, Inc. All rights reserved.


Best Practice: Consider Creating These
System Event Policies
Here are a few system event policies for your organizations consideration.
Policy Name Type Matching Text Followed Action
GW Overflow Gateway Overflow <action set>
Lost Data Audit Error lost audit data <action set>
GW Throughput Gateway Throughput 80% of Max <action set>
Profile Size Profile Size Limit <action set>
Server Status Alert Server Status <action set>
Login Failed by Admin Login Failed admin <action set>
GW GatewayEnteredBypass <action set>
Hardware Hardware Failure <action set>
GW CPU Gateway CPU utilization 80 Warn <action set>
GW CPU Critical Gateway CPU utilization 90 Critical <action set>
GW Low Disk Space GatewayLowFreeSpace 80% of disk <action set>
GW Minimal Disk Space GatewayLowFreeSpace 90% of disk <action set>
ADC Download Succeeded ADC download succeeded <action set>
Login Failed Login Failed <action set>
Policy Changed
Note: Grey Policy
text is not included in the Matching Changed
Text field. <action set>
2015 Imperva, Inc. All rights reserved.
Configuring System Event Policies vs. Configuring
System Event Notification Settings

Most logging configuration is


hard-coded
System Event Logs found in
Main > Monitor > System Events

Notifying or other actions for System Events requires a System Event


Policy in Main > Policies > System Events
Some logging configuration in Admin > System Definitions > System
Event Notifications.

2015 Imperva, Inc. All rights reserved.


Example: Veda PCI Monitoring Admin

For PCI Compliance, all administrative accounts should


be named individually.
For SecureSphere, the admin account can not be
renamed or locked.
Companies can address this with the following steps:
1. Create named administrator accounts for SecureSphere users.
2. The Chief Information Security Officer sets a complex password
for the admin account and stores it in a safe location.
3. Configure System Event Policies to record ANY activity for the
admin user: Login, Logout, Password Change, Password
Reset, and Failed Logins.
4. Assign a Followed Action to alert / notify on any admin activity.
5. Do NOT use the admin account. (except for emergencies).
2015 Imperva, Inc. All rights reserved.
Example: Veda PCI Monitoring Admin

Go to Main > Policies > System Events.

Create New Policy.


Select an event type on which
to base policy action.

2015 Imperva, Inc. All rights reserved.


Example: Veda PCI Monitoring Admin

Use Shift + Click or CTRL + Click to select multiple


System Event Policies.
Right Click on one of the selected policies to bring up the
Set Followed Action Menu.

Select the Followed Action and Save.

2015 Imperva, Inc. All rights reserved.


Example: Veda PCI Monitoring Admin

The default policy would


trigger when ANY user
password changes.
Go to Main > Monitor > System Events.
Notice that the System
Event log will help identify
the desired Text Segment.
To be selective, define Go to Main > Policies > System Events.
Matching Text Segments.
Not always literal.
Verify Followed Action.

2015 Imperva, Inc. All rights reserved.


System Performance

2015 Imperva, Inc. All rights reserved.


System Performance: Management Server
Go to Admin > System Performance.
Select Management Server.
Downloads: Performance CSV and MX Tech Info file.

CPU Utilization by Activity

System Load Over Time

2015 Imperva, Inc. All rights reserved.


System Performance: Gateway and Agents

Go to Admin > System Performance. Select Gateways & Agents.


Go to Main > Setup > Gateways.
Select Gateway Group.

2015 Imperva, Inc. All rights reserved.


Job Status

2015 Imperva, Inc. All rights reserved.


Job Status

Go to Admin > Job Status

Scheduling
History
Followed
Action

2015 Imperva, Inc. All rights reserved.


Software Updates

2015 Imperva, Inc. All rights reserved.


Deployment Monitoring With Software
Updates
GUI Administrators provided with available updates about
all components: MX, Gateway, Agents
Notified about every release and upgrade
Get only notifications relevant to your system
Software update functionality for MX and Gateway
components is informational only.
Still download patches, upgrades via ftp.
Reminder: perform a system export prior to upgrades and
patches.
Download, upload, distribute, install functions are
available for Agents only using Agent Installation
Manager.

2015 Imperva, Inc. All rights reserved.


Software Update Notification

Go to the Main workspace.

Software update notification


message now appears in lower
portion of GUI

2015 Imperva, Inc. All rights reserved.


Software Updates View: MX and Gateway

Go to Main > Setup > Software Update.

Clicking either icon directs you


to the Imperva ftp site

2015 Imperva, Inc. All rights reserved.


Software Update Settings: Online Mode

Go to Admin > System Definitions.


Open Management Server Settings.
Select Software Update Settings.

Enable direct software update notifications


setting enabled by default.

2015 Imperva, Inc. All rights reserved.


Viewing Updated Information

Go to Main > Setup > Software Update.


Click on View Detailsor +n more in Target Version.

2015 Imperva, Inc. All rights reserved.


Software Update View: With Agent Detail

Go to Main > Setup > Software Update.


Filters Toolbar

Update versions
Status in
Urgency workflow Agents

Suggested Action
Current state

2015 Imperva, Inc. All rights reserved.


Software Update Process Overview

Software Update periodic imperva.com Customer premises


fetch of available updates DBs
with agents
MX queries Central
Software Update
Repository
Admin downloads binary
package Admin UI
From FTP to admin PC
FTP
Admin uploads binary
package Gateway
MX
From admin PC to MX
Admin distributes binary
package DBs

From MX to Agents Central


through Gateways Software
Update
Admin Selects agents Repository
and installs

2015 Imperva, Inc. All rights reserved.


Job Status

Go to Admin > Job Status.


Select Software Update to view last Synchronization job.

2015 Imperva, Inc. All rights reserved.


Software Update System Event Policies

Policy types are available for To create, go to Main > Policies


system event policies: > System Events.
Software update is available - Click the plus icon and name
new release. policy.
Software update is available Select software update policies
recommended. type.

2015 Imperva, Inc. All rights reserved.


MX Cannot Access imperva.com?

Use Offline mode


The Administrator manually fetches the available packages
information
Administrator exports inventory file from MX
Administrator sends it to through the Customer Portal and
receives information about relevant updates
Administrator uploads it back to the MX

2015 Imperva, Inc. All rights reserved.


Offline Mode

Go to Admin > System Definitions.


Open Management Server Settings.
Select Software Update Settings.

Clear the Enable direct software update


notifications checkbox.

2015 Imperva, Inc. All rights reserved.


Offline Mode

Go to Main > Setup > Software Updates.


Click More > Manual Check for Updates.
Follow the steps in window.

2015 Imperva, Inc. All rights reserved.


Offline Mode (Continued)

Uploading the Software Snapshot on the Customer


Service Portal:
My Account > Software Updates

34 2015 Imperva, Inc. All rights reserved.


Questions?

2015 Imperva, Inc. All rights reserved.