Customizable ESM Server Settings
The following table lists the settings that you can configure for the ESM Server.
PreventionsDestFolder = <folder>
Legacy upload network location (required for Traps 3.1 and earlier agents).
InventoryInterval = <hours>
Frequency at which Traps sends the list of applications running on the endpoint to the ESM Server.
range 1 to 14400
HeartBeatGracePeriod = <seconds>
Period of no communication between the Traps agent and the ESM Server after which, the Endpoint Security Manager reports the endpoint status as disconnected.
range is 300 to 86400
NinjaModePassword = <password>
Password required to access configuration settings that are available in ninja mode on the ESM Console.
BitsUrl = <url>
URL of the BITS server to which the agent uploads forensic data, for example http://ESMSERVER:80/BitsUploads.
MaxActions = <totalnumber>
Maximum number of actions the ESM Server can send in a single call to an agent.
range is 1 to 2147483647
BitsUploadTimeoutInterval = <minutes>
Interval at which the Traps agent retries to upload data to the BITS server.
range is 1 to 2000
BitsUploadTimeout = <minutes>
Period after which the Traps agent stops trying to upload data to the BITS folder. After this period, the upload state changes from in progress to failed.
range is 1 to 2000
KeepAliveTimeout = <seconds>
Interval at which the ESM Server sends keep-alive messages to the SIEM. A value of 0 indicates the ESM Server will not send messages.
range is 0 to 2147483647
ExternalAddress = <url>
Changes the URL of the external BITS server address for the specific ESM Server on which you run the command. This field is used in deployments with multiple ESM Servers.
VdiHeartbeatGracePeriod = <minutes>
Period after which the ESM Console detaches a license for a disconnected VDI session to free it up for reuse.
range is 1 to 120
UseDnsForAddressResolution = [True | False]
Use DNS for address resolution if the agent does not send the address.
TaskTimeout = <minutes>
The period of time at which the status of a scheduled task changes from in progress to failed.
range is 0 to 2147483647
TaskOverrideInMinutes = <minutes>
The period of time at which the status of a scheduled buffer processing task changes from in progress to failed.
EnableStatistics = [True | False]
Enables tracking of real-time performance counters between the agent, ESM Server, and WildFire. To view the statistics of communication requests that succeed or fail, use the Windows Performance console (perfmon) and output that data to a file.
ActiveDirectoryPathUpdateInterval = <minutes>
Interval at which the ESM Server updates the Active Directory machine path.
ActiveDirectoryGroupsUpdateInterval = <minutes>
Interval at which the ESM Server updates the Active Directory group members.
EnableADCaching = [True | False]
Enable Active Directory caching. When this is set to False, the ESM Console queries Active Directory on every agent heartbeat for every Active Directory target object.
ContentVersion = <version>
Reserved for internal use.
ContentUpdateTimeoutMinutes = <minutes>
The period of time after which a content update reports an error if installation fails.
SupportFileCollectionTimeout = <minutes>
The period of time in which the ESM Console must finish collecting logs for the ESM Tech Support file.
SupportFileAggregationTimeout = <minutes>
The period of time in which the ESM Console must finish aggregating logs for the ESM Tech Support file. After this period, the status changes from in progress to failed.
MaxCollectedIisLogs = <iislogs>
The maximum number of collected IIS logs the ESM Console collects when creating the ESM Tech Support file.
MaxCollectedNlogLogs = <nlogs>
The maximum number of collected server logs the ESM Console collects when creating the ESM Tech Support file.
MaxCollectedDbRows = <dbrows>
The maximum number of database records the ESM Console collects when creating the ESM Tech Support file.
UseContentProductionKey = [True | False]
When set to True, the ESM Console uses only production content packages.
Traps Endpoint Security Manager Known Issues
Known issues with the Traps Endpoint Security Manager and Traps agent 4.1. ...
Manage ESM Server Settings
Manage ESM Server Settings The ESM Server facilitates communication between Traps agents and WildFire. The ESM Server periodically communicates with WildFire to send unknown files ...
ESM Tech Support File
ESM Tech Support File From the ESM Console, you can create an ESM tech support file containing the following information: Effective security policy ESM Console ...
Manage Multiple ESM Servers
Manage Multiple ESM Servers After installing each ESM Server (see Install the Endpoint Security Manager Server Software ), the ESM Console displays identifying information about ...
TLS/SSL Encryption for Traps Components
TLS/SSL Encryption for Traps Components Traps supports Transport Layer Security (TLS) versions 1.0 and 1.2 and Secure Sockets Layer (SSL) version 3.0. TLS/SSL, which is ...
Enable Log Forwarding to an External Logging Platform
Enable Log Forwarding to an External Logging Platform The ESM Console and ESM Servers collectively generate logs for over 60 types of events—including security events, ...
What Logic Does the Agent Use When Selecting an ESM Server?
What Logic Does the Agent Use When Selecting an ESM Server? At regular heartbeat intervals, the Traps agent receives a list of all known ESM ...
ESM Server Software Requirements
ESM Server Software Requirements In a Multi-ESM Server deployment you can deploy multiple ESM Servers to support the agents in your organization. Each ESM Server ...
Traps Troubleshooting Resources
Traps Troubleshooting Resources To troubleshoot Traps and the Endpoint Security Manager (comprising an ESM Server, the ESM Console, and a database), use the following resources: ...