User guide

ManualsBrandsIBM Manualscomputers & electronicsProventia G, Mntc

Chapter 6: Managing the Appliance through SiteProtector

Managing with SiteProtector

Introduction SiteProtector is the IBM ISS management console. With SiteProtector, you can manage

components and appliances, monitor events, and schedule reports. By default, your

appliance is set up for you to manage it through Proventia Manager. If you are managing

a group of appliances along with other sensors, you may prefer the centralized

management capabilities that SiteProtector provides.

What you manage

with SiteProtector

When you register the appliance with SiteProtector, SiteProtector controls the following

management functions of the appliance:

● Firewall settings

● Intrusion prevention settings

● Alert events

To change any settings for the functions listed here, you must use SiteProtector.

You can manage update and installation settings in Proventia Manager or in SiteProtector.

Note: When you register the appliance with SiteProtector, some areas of Proventia

Manager become read-only. When you unregister the appliance from SiteProtector,

Proventia Manager becomes fully functional again.

What you manage

with Proventia

Manager

You must manage the following local functions directly on the appliance, even when the

appliance is registered with SiteProtector:

● enabling or disabling SiteProtector management

● viewing quarantined intrusions

● deleting quarantine rules

● manual updates

How the

SiteProtector Agent

Manager works

When you enable SiteProtector management, you assign the appliance to an Agent

Manager. Agent Managers manage the command and control activities of various agents

and appliances registered with SiteProtector and facilitate data transfer from appliances to

the Event Collector, which manages real-time events it receives from appliances.

The Agent Manager sends any policy updates to appliances based on their policy

subscription groups. (A subscription group is a groups of agents or appliances that share a

single policy.) Decide which group the appliance should belong before you register it with

SiteProtector. Eventually, the group's policy is shared down to the appliance itself.

For more information about the Agent Manager, see the SiteProtector documentation or

online Help.

How SiteProtector

management works

When you register the appliance with SiteProtector, the appliance sends its first heartbeat

to the Agent Manager to let the Agent Manager know that it exists. A heartbeat is an

encrypted, periodic HTTP request the appliance uses to indicate it is still running and to

allow it to receive updates from the Agent Manager. When you register the appliance with

SiteProtector, you set the time interval (in seconds) between heartbeats.