Manage ESM Server Settings
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Manage ESM Server Settings
The ESM Server facilitates communication between
Traps agents and WildFire.
The ESM Server periodically communicates
with WildFire to send unknown files for analysis, request verdicts
associated with executable files and files containing macros, and
submit requests to reanalyze a file. The ESM Server also communicates with
Traps agents to retrieve the operational status of the agent, obtain
reports on processes running on the endpoint, send the agent the
latest security policy.
You can customize and change the frequency
of these communications using the Database (DB) Configuration Tool
(see Configure
ESM Server Settings Using the DB Configuration Tool) or using
the ESM Console. Use the following workflow to change the settings
using the ESM Console:
- From the ESM Console, select SettingsESMSettings.
- Configure any of the following settings for the ESM Server:
- Quarantine Network Path—(Traps 3.1 and earlier versions and deprecated in Traps 4.2.4 and later releases) Default forensic folder to use when the Traps agent cannot reach the folder associated with the ESM Server to which the agent is connected.
- Inventory Interval (Minutes)—Enter the frequency at which Traps sends a list to the ESM Server to report the applications that are running on the endpoint.
- Heartbeat Grace Period (Seconds)—Enter the allowable grace period for a Traps agent that has not responded (range is 300 to 86,400; default is 4200).
- Forensic Folder URL—BITS-enabled forensic folder URL.To encrypt forensic data, we strongly recommend that you use SSL to communicate with the forensic folder. To use SSL, include the fully qualified domain name (FQDN) and specify port 443 (for example, HTTPS://ESMserver.Domain.local:443/BitsUploads). If you do not want to use SSL, specify port 80 (for example, http://ESMSERVER:80/BitsUploads).
- Keep-alive Timeout (Minutes)—Period of time (in minutes) after which the ESM sends a keep-alive message to an external logging platform (range is 0 or greater; default is 0). The keep-alive message alerts the external logging platform that the ESM component is up and collecting logs. The ESM Console indicates the time at which each ESM Server sent the last keep-alive message in the Last Heartbeat field on the additional details view of the ESM Server on the SettingsESMMulti ESM page.
- Update From Server Package Address—Externally accessible URL of the ESM Console used to host upgrade packages for Traps agents. By default, when you configure an action rule to upgrade the Traps software, the rule is configured to use the ESM Console hostname. If the ESM Console is accessible by the DNS record only and not by the default ESM Console hostname, use this field to specify a URL beginning with an HTTP or HTTPS prefix followed by the DNS record.If you do not specify a server URL in this field, the action rule to upgrade agents uses your current session to determine the SSL preference. For example, if you log into the ESM Console using HTTP and create an action rule to upgrade the agents, the agents receive an upgrade path with an HTTP prefix. If you log in using HTTPS, the agents receive an HTTPS prefix.
- Use DNS For Address Resolution—Select this option to enable DNS for address resolution. By default, this option is disabled to prevent excessive DNS error logging.
- Automatic Revocation—By default, the ESM Server automatically revokes a license from an agent after a period of 90 days. To change the Revocation Period, enter a value from 30 to 365 days. Or, to prevent the ESM Server from revoking the license, clear the option for Automatic Revocation. When Automatic Revocation is disabled, the ESM Server does not revoke the license regardless of the length of time in which the Traps agent has not established communication with the ESM Server.
- Save your changes.