Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
MENU
Home
Traps
Traps Endpoint Security Manager Administrator's Guide
Administer the ESM Server
Multi-ESM Deployments
Manage Multiple ESM Servers
Document:
Traps Endpoint Security Manager Administrator's Guide
Manage Multiple ESM Servers
Download PDF
Last Updated:
Wed Sep 30 09:32:21 PDT 2020
Current Version:
4.2 (EoS)
Version 4.2 (EoS)
Table of Contents
Search the Table of Contents
Traps Overview
About Traps
Malware Protection Overview
Exploit Protection Overview
Traps Components
ESM Console
ESM Server
Database
Endpoints
Traps Agent
External Logging Platform
WildFire
Forensic Folder
Traps Deployment Scenarios
Standalone Deployment
Small Deployments
Small Single-Site Deployment
Small Multi-Site Deployment
Large Deployments
Large Single-Site Deployment
Large Multi-Site Deployment with One Endpoint Security Mana...
Large Multi-Site Deployment with Roaming Agents (Without VP...
Large Multi-Site Deployment with Roaming Agents (With VPN)
Prerequisites
Hardware Requirements
Standalone Endpoint Security Manager Hardware Requirements
Distributed Endpoint Security Manager Hardware Requirements
Software Requirements
ESM Console Software Requirements
ESM Server Software Requirements
Database Software Requirements
Set Up the Traps Infrastructure
Set Up the Endpoint Infrastructure
Activate Traps Licenses
Set Up the Endpoint Security Manager
Endpoint Infrastructure Installation Considerations
TLS/SSL Encryption for Traps Components
Configure the MS-SQL Server Database
Install the Endpoint Security Manager Server Software
Install the Endpoint Security Manager Console Software
Manage Proxy Communication with the Endpoint Security Manager
Load Balance Traffic to ESM Servers
Install ESM Components Using Windows Msiexec
Install ESM Components
Uninstall ESM Components
Set Up the Endpoints
Recommended Traps Deployment Process
Traps Installation Options
Manage Traps Installation Packages
Verify Connectivity from the ESM Console
VDI
VDI Overview
Virtualized Applications and Desktops
VDI Modes
Set Up Traps in a VDI Environment
Administer the ESM
Manage ESM Server Settings
Manage ESM Console Settings
Multi-ESM Deployments
Known Limitations with Multi-ESM Deployments
What Logic Does the Agent Use When Selecting an ESM Server?
Manage Multiple ESM Servers
Traps Licenses
Add a Traps License Using the ESM Console
Add a Traps License Using the DB Configuration Tool
Manage Administrator Access to the ESM Console
Administrative Roles
Administrative Privileges
Administrative Users
Administrative Authentication
Configure Administrative Accounts and Authentication
Configure Administrative Roles
Configure Administrative Users, Groups, or Organizational U...
Configure the Authentication Mode
Change the Ninja-Mode Password
Export and Import Policy Files
User-Defined Rules
Content Updates
Manage Content Updates
Monitoring
Maintain the Endpoints and Traps
Use the Endpoint Security Manager Dashboard
Monitor Security Events
Use the Security Events Dashboard
Manage Security Events
View Security Error Log Details
View the Security Event History on an Endpoint
Monitor the Endpoints
View Endpoint Health Details
View Notifications About Changes in the Agent Status
View the Rule History of an Endpoint
View the Service Status History of an Endpoint
Remove an Endpoint from the Health Page
Monitor the ESM Servers
View the Health of the ESM Servers
View Notifications About the ESM Server
View the Rule Summary
Monitor Data Retrieval
Get Started with Rules
Endpoint Policy Rule Concepts
Policy Rule Types
Policy Enforcement
Default Protection Policy
Common Rule Components and Actions
Conditions
Define Activation Conditions for a Rule on Windows Endpoint...
Define Activation Condition for a Rule on Mac Endpoints
Define Activation Conditions for Linux
Include or Exclude Endpoints Using Conditions
Delete or Modify a Rule Condition
Target Objects
Manage Endpoint Groups
Name or Rename a Rule
Save Rules
Manage Saved Rules
Filter Rules
Disable or Enable All Protection Rules
Show or Hide the Default Policy Rules
Wildcards and Variables in Policy Rules
Wildcards in Policy Rules
Environment Variables in Policy Rules
Environment Variable Support for Windows Vista and Later Re...
Environment Variable Support for Windows XP
Example: Using Wildcards and Variables in Restriction Rules
Process Management
Process Protection Types
Processes Protected by the Default Policy
Add a New Protected Process
Import or Export a Process
View, Modify, or Delete a Process
View Processes Currently Protected by Traps
Malware Protection
Malware Protection Policy Best Practices
Malware Protection Flow
Manage Malware Protection Rules
Malware Protection Rules
Configure Child Process Protection
Configure Anti-Ransomware Protection
Configure the Gatekeeper Enhancement MPM
Manage Restriction Rules
Block Execution from Local Folders
Define External Media Restrictions
Manage Global Whitelists
Add a New Restriction Rule
Whitelist a Network Folder
Restriction Rules
WildFire Integration
WildFire Integration Concepts
ESM Forwarding
Verdicts
Verdict Caches
File Type Analysis
Set Up the ESM to Communicate with WildFire
Set Up a Private WildFire Cloud
Configure a WildFire Rule
Manage Hashes for Files
View and Search Hashes
Filter File Hash Records
File Hash Search Conditions
Export and Import Hashes
View a WildFire Report
View the History of a Verdict
Override a WildFire Verdict
Recheck a WildFire Decision
Report an Incorrect Verdict
Upload a File to WildFire for Analysis
Manage Quarantine Settings
Restore a Quarantined File
Manage Trusted Signers
Exploit Protection
Exploit Protection Rules
Windows Exploit Protection Modules (EPMs)
Mac Exploit Protection Modules (EPMs)
Linux Exploit Protection Modules
Create an Exploit Protection Rule
Exclude an Endpoint from an Exploit Protection Rule
Manage the Endpoints
Manage Traps Action Rules
Traps Action Rules
Add a New Action Rule
Manage Data Collected by Traps
Uninstall or Upgrade Traps on the Endpoint
Manage Agent Settings Rules
Traps Agent Settings Rules
Add a New Agent Settings Rule
Define Event Logging Preferences
Hide or Restrict Access to the Traps Console
Define Communication Settings Between the Endpoint and the ESM Server
Define Heartbeat Settings Between the Agent and the ESM Ser...
Define Communication Settings Between the Agent and the ESM...
Collect New Process Information
Manage Service Protection
Change the Uninstall Password
Create a Custom User Alert Message
Remove an Endpoint from the Health Page
Install an End-of-Life Traps Agent Version
Forensics
Forensics Overview
Forensics Flow
Phase 1: Prevention Event Triggered
Phase 2: Automated Analysis
Phase 3: Automated Detection
Phase 4: Collection of Forensic Data
Forensic Data Types
Best Practices for Managing Forensic Data
Manage Forensics Rules and Settings
Forensics Rules
Change the Default Forensic Folder
Change the Forensic Folder Destination Using the ESM Consol...
Change the Forensic Folder Destination Using the DB Configu...
Create a Forensics Rule