Armor Knowledge Base  

Frequently Asked Questions

Topics Discussed

Vulnerability Scanning


Rapid7 Vulnerability Scanning for Armor Complete

Learn about the patching and vulnerability scanning updates for Armor Complete users. 

 See more

In short, what is changing?

As of September 4, 2019, Armor Complete users will now utilize a new vulnerability scanning service provided by Rapid7. 


What does this new service provide?

Every week, a new scanning report will display in AMP. You can review the details of this report to view which vulnerabilities have been detected in your environment. With this information, you can perform your own patching and other troubleshooting activities.  

Every week, a new report will be displayed and accessible from the Vulnerability Scanning screen. 

When you select a report, you can view details based on affected virtual machines, or based on detected vulnerabilities. 

You can select a detected vulnerability to view patching information. 

What will happen to the existing Patching screen? 

The Patching screen will be deprecated and replaced by the newly launched Vulnerability Scans screen. 

The Vulnerability Scans screen will provide a more useful security experience, including:

  • Detailed information about detected vulnerabilities
  • Instructions for remediation
  • Confirmation of successfully applied patches 


With this new experience, why am I seeing more vulnerabilities than previously reported on the deprecated Patching screen?

The deprecated Patching screen was dedicated to reporting outstanding OS patching information. 

The replacement experience (powered by Rapid7) not only reports the same information, but also provides insight into vulnerabilities detected against applications running on the same machine, along with richer details, including an overview of the vulnerability, references, and path to remediation.


Who is responsible for remediating the vulnerabilities reported in the new experience?

As noted in the Armor Complete Shared Responsibility document, both Armor and the customer are responsible, depending on the type of vulnerability:

  • Armor: Responsible for OS-level patching for using pre-defined schedules (ex: WSUS schedules for Windows machines).  For example, a Microsoft-reported Windows patch would fall into this category. To learn the schedule for particular virtual machines or make adjustments, please contact Armor Support. 
  • Customer: Responsible for application-level patching on each virtual machine.  For example, a vulnerability for Adobe Flash or Microsoft SQL Server would fall into this category


How does the new experience determine the severity of detected vulnerabilities? For example, what is the difference between Critical vs. High?

The Vulnerability Scans screen also displays severity levels for each detected vulnerability. A severity is assigned to a vulnerability based on the Common Vulnerability Scoring System (CVSS). CVSS is the accepted system to rate the severity status of a vulnerability. To learn more, please see the National Vulnerability Database website. 

More information on how CVSS's scores correspond to severities displayed in the Armor Management Portal (AMP), review the Vulnerability Scanning (Armor Complete) documentation. 


What is the cost associated with this new vulnerability scanning service?

There is no charge. This service will be included as a default service to all Armor Complete users. 


Will the previous vulnerability scanning service (Coalfire Navis) be deprecated or removed?

No. For Armor Complete users subscribed to Coalfire Navis, that service will continue to operate. In AMP, on the Vulnerability Scanning screen, there will be two tabs available for these two vulnerability scanning options: Compliance (for Coalfire Navis) and Vulnerability Scans (for Rapid7). 


Why are both vulnerability scanning options being offered together?

Each option provides a different service; with Coalfire Navis, you receive compliance-related features, and with Rapid7, you receive detailed vulnerability reports with patching-related information. 


CompliantReportsFreeConfigure / schedule a scan
Navis CoalfireYesNoNoYes
Rapid7NoYesYes

No

The reports are scheduled to compile results every Sunday at 10pm, local server time.


How do I add this new vulnerability scanning service to my account?

With this release, Vulnerability Scanning (with Rapid7) has already been added to your account, with a report already generated. You can access the Vulnerability Scans tab in the Vulnerability Scanning screen to view a report. 


Do I need to update my firewall rules? 

No. To accommodate this service, Armor has already updated firewall rules for Armor Complete users. 


Will any APIs be removed? 

Yes. The following APIs will be deprecated:

  • Get Packages Status
  • Get Packages 

The Armor Knowledge Base will be updated to reflect these API changes. 

Will any new APIs be introduced? 

While new APIs have not been created, Armor Complete users can now utilize APIs that were previously specific to Armor Anywhere users:

  • Get Vulnerability Scans
  • Get Vulnerability Scan Reports
  • Get Vulnerability Scan Details for a Report
  • Get Vulnerability Scan Details for a Vulnerability
  • Get Vulnerability Scan Report
  • Get Vulnerability Scan Date 
  • Get Vulnerability Scan Statistics 
  • Get Vulnerability Scan Statistics for a Report
  • Get Vulnerability Scan Scoring Details 
  • Get Vulnerability Scans Data for Affected Virtual Machines

To learn more, review the Vulnerability Scanning APIs in NOT PUBLISHED Security API Calls


What other changes will take place after the Patching screen is deprecated? 

  • While the Patching screen will remain visible in AMP, if you click on Patching, you will be redirected to the newly released Vulnerability Scanning screen. 
  • The Get Overvall Security Status API call (/core/security-dashboard/stats/overall) will be updated. In the return, the following patching-related values will return as null: 
    • osPatchingOkStatus
    • osPatchingWarningStatus
    • osPatchingCriticalStatus
  • The following Armor API calls will initially be retired, and then deprecated: 
    • GET /core/packages/{coreInstanceId} 
    • GET /core/packages/counts 
    • GET /core/packages/gettotalstatus 
    • GET /core/packages/pending 
    • GET /core/packages/status 
    • POST /core/packages/ 
    • POST /core/packages/installed 
    • POST /core/packages/updatecount 
    • POST /core/packages/updates 
  • In a future release, the Armor Agent will be updated to remove any remaining patching functionality from corresponding machines. 


Q1 2019 at Armor


Learn about the changes that took place to Armor's products in Q1. 

 See more


Updated Service (Support) Offerings


This section applies to Armor Complete and Armor Anywhere users.


In short, what will change?

To provide better service and customized support, Armor has revamped the entire support process by offering three levels of service, Basic, Advanced, and Enterprise.

Service LevelTarget User TypeAdditional Information
BasicFor smaller organizations with security and compliance needs but on a tighter budget.Basic Support is included at no extra charge, providing robust monitoring, SOC and ticketing support 24/7/365.
AdvancedFor larger companies who want dedicated support, guidance and advocacy but don’t require 24/7 attention.Most new Armor clients choose Advanced.Advanced Support clients get all of the advantages of Basic Support plus are assigned a Customer Experience Manager, and have access to Armor resources by phone during normal business hours.Named Customer Experience Manager (CXM)
Customer Experience Managers operate as a central point of contact to manage the quality, efficiency and delivery of Armor services throughout the client’s relationship with Armor. CXMs ensure close collaboration and integration between Armor and client teams and processes across the life-cycle of their engagement. CXMs are measured by their ability to maintain high client satisfaction and loyalty ratings with their assigned clients.
EnterpriseFor large-scale organizations seeking dedicated Customer Experience Manager support and round-the-clock access to Armor team resources. Includes Quarterly Executive Business Reviews. Armor Enterprise Support clients receive all of the advantages of Advanced Support plus get 24/7/365 access to Armor resources by phone as well as receive quarterly Executive Business Reviews.
Architecture Analysis and Guidance
Armor will coordinate working sessions with clients to review, create and update network diagrams, as well as system and application information to better support the environment.
Executive Business Review
Delivered quarterly, the Executive Business Review is an interactive discussion of recent client projects, and security and service delivery metrics. The review includes a briefing on Armor’s current roadmap.


Which level of support am I enrolled in? 

In a separate email, you will be notified regarding your assigned service level. You will receive this email by the end of January 2019. 

When will the billing process be updated?

After March 2019, you will see your bill updated based on your assigned service level. 

Can I switch to another service level in the middle of a billing cycle?

No. While you can notify Armor about switching to another service level, you will remain in the original service level until the end of the billing cycle. The switch will take place on the first day of the new billing cycle. 

Does Armor provide free and basic support?

Yes. Basic service is available to users who are not assigned to the Advanced or Enterprise services.  

What are the differences between each service level? 

Review the following table to under the differences between each service level. 


BasicAdvancedEnterprise
PricingIncluded, no additional costMonthly charge of $995Monthly charge of $10,500 or 10% of client MRR (whichever is higher)
Self-Service SupportBasicAdvancedEnterprise
Full product documentation and support/troubleshooting guides are available 24/7/365 to users at the Armor Knowledge Base.YesYesYes
Included Infrastructure Management (For Armor Complete Only)*BasicAdvancedEnterprise
VM Configuration and DeploymentYesYesYes
Addition/Removal of Services Including Backup and DR ConfigurationYesYesYes
24/7 Server Monitoring YesYesYes
Troubleshooting YesYesYes
Patching SupportYesYesYes
OS Support YesYesYes
Network Configuration Support YesYesYes
Architecture Analysis and Guidance NoNoYes
API ServicesBasicAdvancedEnterprise
API Services Access Full access, unlimited useFull access, unlimited useFull access, unlimited use
Coverage and Engagement ProfileBasicAdvancedEnterprise
Security Operations Center24/7/36524/7/36524/7/365
Ticket Support24/7/36524/7/36524/7/365
Ticketing/IncidentsUnlimited Tickets or Open IncidentsUnlimited Tickets or Open IncidentsUnlimited Tickets or Open Incidents
Phone SupportNot Applicable8am-5pm CST & GMT, M-FRound-the-Clock Coverage 24/7/365
Response SLO48 hoursNot Applicable Not Applicable
Expanded Service ExcellenceBasicAdvancedEnterprise
Customer Experience ManagerNot Applicable Named Customer Experience Manager Named Customer Experience Manager 
Business ReviewsNot Applicable Not Applicable Quarterly Executive Business Reviews (EBR) 
Response SLABasicAdvancedEnterprise
Ticket HandlingNot ApplicablePriority ticket handling.  
6 hours for acknowledgement during coverage hours.
Priority ticket handling.  
30 minutes for acknowledgement. 
Service Credit EligibilityNot ApplicableUp to 3% credit on support service for impacted month. Request for credit must be made in writing (via ticket) within 72 hours of incident.Up to 5% credit on support service for impacted month. Request for credit must be in writing (via ticket) within 120 hours of incident.

Incident Investigation

Each incident includes 2 free hours of investigation.Each incident includes 2 free hours of investigation.Each incident includes 2 free hours of investigation.
*Infrastructure Management pertains to Armor Complete solutions only


Updated Vulnerability Scanning


This section applies to Armor Complete users.


In short, what will change?

Vulnerability scanning will be automatically added to all virtual machines. 

Will vulnerability scanning be added to newly created machines and already-existing virtual machines? 

Vulnerability scanning will be added to all virtual machines, regardless of when they were created. 

How do I know if my virtual machine contains vulnerability scanning?

In the Armor Management Portal (AMP), you can view the Vulnerability Scanning screen to verify that your hosts contain vulnerability scanning. You can also use this screen to view the status of a scan. To learn more, see Vulnerability Scanning for Compliance


Updated Snapshot Services


This section applies to Armor Complete users.


In short, what will change?

Armor will be discontinuing the Snapshot Service offering, effective March 1, 2019. 

Why is Armor discontinuing the Snapshot Service? 

This service was originally created to support Armor’s Security Operations team in forensics investigations. In reality, this service was not a true backup solution for users. As a result, Armor launched the Advanced Backup add-on product exclusively for end users. 

What will happen to old snapshots? 

As snapshots were only meant to be used for deeper forensics investigations, any data stored in the snapshots will be deleted. This action will not impact your environment?or virtual machines.  Data will be managed in accordance to Armor's compliance policies. 

Will Armor replace this service? 

Yes. For several months, Armor has partnered with Rubrik to offer the Advanced Backup add-on product. You can use this add-on product to take backups of your virtual machines. (These backups are also known as a snapshot.) In the event of data loss, you can use these snapshots to restore your virtual machine to a previous state. These snapshots will be stored with Armor, based on the retention configurations you create in the backup policy. This add-on product is available to users who use the Dallas (DFW01) and Phoenix (PHX01) data centers. To learn more, see Advanced BackupFor all other data centers, you can use the Backup and Recovery add-on product form R1Soft. To learn more, see Backup & Recovery.

Is the Advanced Backup add-on product compatible with Zerto? 

Currently, the Advanced Backup service is not compatible with Zerto; however, Armor is working with Zerto to deliver compatibility in the near future. 


New Ticketing Platform


This section applies to Armor Complete and Armor Anywhere users.


In short, what has changed? 

Later in this quarter, Armor will offer a more robust ticketing service. This update will allow you to configure which users can receive and interact with specific tickets. Additionally, through Armor's email notification feature, you will receive less but more useful notifications. 

How long will tickets be retained?

Armor will maintain a ticket history of 13 months. You can request this data to be pulled from Armor before February 2020.

When will this feature release?

Incremental updates have already taken place; however, more user-focused changes will take place in February 2019. 

New Audit Trail


In short, what has changed?

Armor has introduced a new screen that records and displays every change made to your account. In the Armor Management Portal (AMP), in the Activity screen of the Account section, you can review and download a full history of every account interaction, including the user who made the change. 

To learn more, see Account Activity


Trend Micro


On September 26, 2018 Armor released a new version of Trend Micro Security, which enhanced the current logging subagent.

To accommodate this update, new and existing Armor Anywhere agent installations will require an additional firewall rule.

 See more

For Windows 2012 users, when you install the Armor Agent, the corresponding Trend Micro agent may cause your system to reboot. Trend Micro is currently researching this issue.

Existing Installations 

Before September 26, for any existing installations, please add the following rules:  

Outbound / InboundService / PurposePortDestination
OutboundMalware Protection, FIM, IDS4119/tcp
OutboundDSM4120/tcp
OutboundRelay4122/tcp

For existing installations, do not remove any firewall rules. 

New Installations 

After September 26, for new installations, review the following table of all the firewall rules you must add.

The following ports will need to be opened for each server registered with Armor Anywhere.

Inbound / Outbound

Service / Purpose

Port

Destination

OutboundArmor Agent443/tcp
OutboundMalware Protection, FIM, IDS

4119/tcp

OutboundDSM4120/tcp
OutboundRelay4122/tcp
OutboundLog Management (Filebeat / Winlogbeat)515/tcp
OutboundMonitoring8443/tcp
OutboundRemote Access443/tcp
Outbound

Vulnerability Scanning



*443/tcp
InboundLog Relay (Logstash)
  • 5140/udp
  • 5141/tcp
The IP address for your virtual machine
OutboundLog Relay (Armor's logging service (ELK))
  • 5443/tcp
  • 5400-5600/tcp (Reserved)
    • Armor reserves the right to utilize this port range for future expansion or service changes.

1c.log.armor.com

  • These endpoints are served by the Amazon Elastic Load Balancers. As a result, the actual endpoints will vary dynamically across Amazon's IP ranges.


* The agent will perform a lookup to the applicable DNS entry, which may resolve to one of multiple Amazon Web Services based subnets. As a result, if your firewall does not support outbound filtering by domain name, then you may need to open all outbound traffic to 443/tcp to accommodate this service.

Additionally, verify that your proxy server can externally communicate.


Additional Documentation 

To learn about more pre-installation information, see ANYWHERE Pre-Installation



Log Management


Learn about Log Management product and pricing updates.

 See more

Does the new policy modify my old "per VM" configuration? 


No. Your existing configurations will not change, nor will your billing change.

With these updates, can I bring in data from additional services and have Armor correlate, analyze, and secure even more of my stack for me? 


Yes. In Armor Complete, Log Management enables users to bring in application logs or logs from any custom network appliance in their VPC. Each device is subject to a one-time charge as Armor builds a custom security policy and onboards the unique log source. 

For more information, please contact your account manager. 


Did my standard retention period change? 


Yes. In the Armor Management Portal (AMP), the standard retention period is now 30 days; however, Armor's security teams may have access to view data for a longer period of time. 
If you want to retain data for a longer period of time, you can upgrade to the 13-month log retention plan. 


Does this impact my incident response? 


No. Armor's incident response services are not impacted. For every security incident, Armor provides 2 hours of remediation at no additional cost. 


Can I change my plan?


Yes. In the Armor Management Portal (AMP), you can switch from the 30-day plan to the 13-month plan. 


Related Documentation


To learn more about the Log Management screen in the Armor Management Portal, see Log Management


Meltdown - Spectre Remediation


With the recently discovered Meltdown vulnerability, Armor recommends that you reboot your systems as prompted to take full advantage of upcoming product releases. 

 See more

For Armor's patching actions regarding Meltdown and Spectre, please refer to the ticket opened in your account.

For detailed information regarding both vulnerabilities, you can review the following response kits: 

Review Patch Status


Use the information below to determine the OS patch status for Meltdown/Spectre:

SymbolDescription
A patch is available now.
OA patch has not been confirmed.
XA patch will not be available. As a result, Armor recommends that you upgrade the guest operating system.

Version

Spectre V1 - CVE-2017-5753

Date Available

Spectre V2 - CVE-2017-5715

Date Available

Meltdown - CVE-2017-5754

Date Available

Windows Server





Windows 2012 non-R22018-03-132018-03-132018-03-13
Windows 2012 R22018-01-032018-01-032018-01-03
Windows 20162018-01-032018-01-032018-01-03
Ubuntu Server------
Ubuntu 10.04 LTSXWill Not Be PatchedXWill Not Be PatchedXWill Not Be Patched
Ubuntu 12.04 LTSXWill Not Be PatchedXWill Not Be PatchedXWill Not Be Patched
Ubuntu 14.04 LTS2018-01-09XPatch Pulled2018-01-09
Ubuntu 16.04 LTS2018-01-09XPatch Pulled2018-01-09
CentOS Server------
CentOS Server 52018-01-03XPatch Pulled2018-01-03
CentOS Server 62018-01-03XPatch Pulled2018-01-03
CentOS Server 72018-01-03XPatch Pulled2018-01-03
Red Hat Server------
Red Hat Enterprise Linux 52018-01-03XPatch Pulled2018-01-03
Red Hat Enterprise Linux 62018-01-03
XPatch Pulled2018-01-03
Red Hat Enterprise Linux 72018-01-03XPatch Pulled2018-01-03
Debian Server------
Debian 6XWill Not Be PatchedXWill Not Be PatchedXWill Not Be Patched
Debian 7OTBDTBD2018-01-07
Vormetric Encryption------
Vormetric DSM 6.x

2018-01-202018-01-202018-01-20
Vormetric Guest OS Agent------
LinuxOTBDOTBDOTBD
WindowsN/AN/AN/AN/AN/AN/A




Was this helpful?

Your Rating:
Results:
1 Star2 Star3 Star4 Star5 Star
3 rates