Manage ESM Server Settings
The ESM Server facilitates communication between Traps agents and WildFire.
The ESM Server periodically communicates with WildFire to send unknown files for analysis, request verdicts associated with executable files and files containing macros, and submit requests to reanalyze a file. The ESM Server also communicates with Traps agents to retrieve the operational status of the agent, obtain reports on processes running on the endpoint, send the agent the latest security policy.
You can customize and change the frequency of these communications using the Database (DB) Configuration Tool (see Configure ESM Server Settings Using the DB Configuration Tool) or using the ESM Console. Use the following workflow to change the settings using the ESM Console:
- From the ESM Console, select SettingsESMSettings.
- Configure any of the following settings for the ESM Server:
- Quarantine Network Path—(Traps 3.1 and earlier versions and deprecated in Traps 4.2.4 and later releases) Default forensic folder to use when the Traps agent cannot reach the folder associated with the ESM Server to which the agent is connected.
- Inventory Interval (Minutes)—Enter the frequency at which Traps sends a list to the ESM Server to report the applications that are running on the endpoint.
- Heartbeat Grace Period (Seconds)—Enter the allowable grace period for a Traps agent that has not responded (range is 300 to 86,400; default is 4200).
- Forensic Folder URL—BITS-enabled forensic folder URL.To encrypt forensic data, we strongly recommend that you use SSL to communicate with the forensic folder. To use SSL, include the fully qualified domain name (FQDN) and specify port 443 (for example, HTTPS://ESMserver.Domain.local:443/BitsUploads). If you do not want to use SSL, specify port 80 (for example, http://ESMSERVER:80/BitsUploads).
- Keep-alive Timeout (Minutes)—Period of time (in minutes) after which the ESM sends a keep-alive message to an external logging platform (range is 0 or greater; default is 0). The keep-alive message alerts the external logging platform that the ESM component is up and collecting logs. The ESM Console indicates the time at which each ESM Server sent the last keep-alive message in the Last Heartbeat field on the additional details view of the ESM Server on the SettingsESMMulti ESM page.
- Update From Server Package Address—Externally accessible URL of the ESM Console used to host upgrade packages for Traps agents. By default, when you configure an action rule to upgrade the Traps software, the rule is configured to use the ESM Console hostname. If the ESM Console is accessible by the DNS record only and not by the default ESM Console hostname, use this field to specify a URL beginning with an HTTP or HTTPS prefix followed by the DNS record.If you do not specify a server URL in this field, the action rule to upgrade agents uses your current session to determine the SSL preference. For example, if you log into the ESM Console using HTTP and create an action rule to upgrade the agents, the agents receive an upgrade path with an HTTP prefix. If you log in using HTTPS, the agents receive an HTTPS prefix.
- Use DNS For Address Resolution—Select this option to enable DNS for address resolution. By default, this option is disabled to prevent excessive DNS error logging.
- Automatic Revocation—By default, the ESM Server automatically revokes a license from an agent after a period of 90 days. To change the Revocation Period, enter a value from 30 to 365 days. Or, to prevent the ESM Server from revoking the license, clear the option for Automatic Revocation. When Automatic Revocation is disabled, the ESM Server does not revoke the license regardless of the length of time in which the Traps agent has not established communication with the ESM Server.
- Save your changes.
Traps Licenses A Traps license enforces the expiration date and maximum number of endpoints that you can manage (agent pool size) from the ESM Console. ...
VDI Installation Considerations
VDI Installation Considerations Optimize the default session policy on the VDI test pool to assure stable session spawning when the VDI is recompiled. Every new ...
Manage Multiple ESM Servers
Manage Multiple ESM Servers After installing each ESM Server (see Install the Endpoint Security Manager Server Software ), the ESM Console displays identifying information about ...
Customizable ESM Server Settings
Customizable ESM Server Settings The following table lists the settings that you can configure for the ESM Server. Setting Description Default PreventionsDestFolder = Legacy upload ...
Large Single-Site Deployment
Large Single-Site Deployment This single-site deployment scenario supports up to 150,000 Traps agents and consists of the following components: One dedicated database server One ESM ...
Issues Addressed in Traps Endpoint Security Manager 4.2
List of addressed issues in the Traps Endpoint Security Manager 4.2. ...
Change the Forensic Folder Destination Using the ESM Consol...
Change the Forensic Folder Destination Using the ESM Console To allow you to further troubleshoot or analyze security events, such as a prevention or crash, ...
Endpoint Infrastructure Installation Considerations
Endpoint Infrastructure Installation Considerations To install or upgrade the ESM components consider the following: The ESM Server and the ESM Console must run the same ...
What Logic Does the Agent Use When Selecting an ESM Server?
What Logic Does the Agent Use When Selecting an ESM Server? At regular heartbeat intervals, the Traps agent receives a list of all known ESM ...