Customizable ESM Server Settings
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Customizable ESM Server Settings
The following table lists the settings that you can
configure for the ESM Server.
Setting | Description | Default |
|---|---|---|
PreventionsDestFolder = <folder> | Legacy upload network location (required
for Traps 3.1 and earlier agents). | N/A |
InventoryInterval = <hours> | Frequency at which Traps sends the list
of applications running on the endpoint to the ESM Server. | 284; range 1 to 14400 |
HeartBeatGracePeriod = <seconds> | Period of no communication between the Traps
agent and the ESM Server after which, the Endpoint Security Manager
reports the endpoint status as disconnected. | 4200; range is 300 to 86400 |
NinjaModePassword = <password> | Password required to access configuration
settings that are available in ninja mode on the ESM Console. | Password2 |
BitsUrl = <url> | URL of the BITS server to which the agent
uploads forensic data, for example http://ESMSERVER:80/BitsUploads. | N/A |
MaxActions = <totalnumber> | Maximum number of actions the ESM Server
can send in a single call to an agent. | 1000; range is 1 to 2147483647 |
BitsUploadTimeoutInterval = <minutes> | Interval at which the Traps agent retries
to upload data to the BITS server. | 360; range is 1 to 2000 |
BitsUploadTimeout = <minutes> | Period after which the Traps agent stops
trying to upload data to the BITS folder. After this period, the
upload state changes from in progress to failed. | 720; range is 1 to 2000 |
KeepAliveTimeout = <seconds> | Interval at which the ESM Server sends keep-alive messages
to the SIEM. A value of 0 indicates the ESM Server will not send
messages. | 0; range is 0 to 2147483647 |
ExternalAddress = <url> | Changes the URL of the external BITS server
address for the specific ESM Server on which you run the command.
This field is used in deployments with multiple ESM Servers. | N/A |
VdiHeartbeatGracePeriod = <minutes> | Period after which the ESM Console detaches
a license for a disconnected VDI session to free it up for reuse. | 25; range is 1 to 120 |
UseDnsForAddressResolution = [True | False] | Use DNS for address resolution if the agent
does not send the address. | True |
TaskTimeout = <minutes> | The period of time at which the status of
a scheduled task changes from in progress to failed. | 30; range is 0 to 2147483647 |
SqlDateTimeFormat | Not used. | N/A |
TaskOverrideInMinutes = <minutes> | The period of time at which the status of
a scheduled buffer processing task changes from in progress to failed. | 30 |
EnableStatistics = [True | False] | Enables tracking of real-time performance
counters between the agent, ESM Server, and WildFire. To view the statistics
of communication requests that succeed or fail, use the Windows
Performance console (perfmon) and output that data to a file. | True |
ActiveDirectoryPathUpdateInterval = <minutes> | Interval at which the ESM Server updates
the Active Directory machine path. | 1440 |
ActiveDirectoryGroupsUpdateInterval = <minutes> | Interval at which the ESM Server updates
the Active Directory group members. | 1440 |
EnableADCaching = [True | False] | Enable Active Directory caching. When this
is set to False, the ESM Console queries Active Directory on every
agent heartbeat for every Active Directory target object. | True |
ContentVersion = <version> | Reserved for internal use. | N/A |
ContentUpdateTimeoutMinutes = <minutes> | The period of time after which a content
update reports an error if installation fails. | 30 |
SupportFileCollectionTimeout = <minutes> | The period of time in which the ESM Console
must finish collecting logs for the ESM Tech Support file. | 10 |
SupportFileAggregationTimeout = <minutes> | The period of time in which the ESM Console
must finish aggregating logs for the ESM Tech Support file. After
this period, the status changes from in progress to failed. | 20 |
MaxCollectedIisLogs = <iislogs> | The maximum number of collected IIS logs
the ESM Console collects when creating the ESM Tech Support file. | 100 |
MaxCollectedNlogLogs = <nlogs> | The maximum number of collected server logs
the ESM Console collects when creating the ESM Tech Support file. | 1000 |
MaxCollectedDbRows = <dbrows> | The maximum number of database records the
ESM Console collects when creating the ESM Tech Support file. | 100000 |
UseContentProductionKey = [True| False] | When set to True, the ESM Console
uses only production content packages. | True |
UseContentProductionKey = [True| False] | True | |
LegacyAgentsSupportMode = <mode> | AllowAllAgents | |
AutomaticRevocationEnabled = [True| False] | True | |
RevocationPeriod = <interval> | 90 | |
LegacyAgentsRevocationPeriod = <interval> | 7 | |
CountNewEndpointsInterval = <interval> | 2 | |
SerialNumber = 012102013906 | ||
SecurityCenterEnabled = [True| False] | True | |
TrapsDownloaderPassword = <password> | Traps!D0wnload | |
EnableForceVerdictUpdate = [True| False] | True | |
TrapsServiceSuspended = [True| False] | False | |
TrapsInstallerUninstallPasswordHash = <password> | ||
EnableLinuxSocketShell = [True| False] | False |