Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Content Layer
Content Column
Content Block

Topics Discussed

Table of Contents

Is Trend Micro Compatible with other Anti-virus software’s ?

Armor recommends against running two different real-time scan engines at once.

To ensure delivery of security outcomes of highest standards, we recommend Trend agent should be the only one running on the system.

Running multiple anti-virus services can hinder each other’s ability to monitor and detect an active compromise on the system.

Content Block


New Multi-factor Authentication (MFA) Experience

Armor will release a new AMP login experience that is slated for the middle of the first quarter of 2022. Customers will see a new login page and new multi-factor authentication (MFA) experience when accessing Armor systems, including the Armor Management Portal (AMP) and the Armor Ticketing System (ATS).

As part of the new MFA experience, all AMP users will be required to re-enroll in MFA on the first login attempt. During the enrollment process, you will be required to setup a phone number for the voice call option, and you can optionally setup the mobile app as well. Each time you login to the Armor platform, you will have the option to select which MFA method to use if you have more than one option configured.

The timing of the rollout of this new login experience, along with links to updated knowledge base content, will be provided in a follow on communication.


Will my current AMP password still work?

If your current password is not expired then it will still allow you to login to the AMP portal. If your password is expired, there will be a similar password reset experience from the AMP login page.

Will my old bookmarked AMP login page still work?

We recommend that you check the URL associated to your bookmark and update it to if it is not already set. That will ensure your link will redirect you correctly to the AMP login page.

How should I prepare for the new MFA experience?

If you are planning to use the mobile app, you will need to download the Okta Verify application to your mobile device. This will be used to setup the mobile app factor during the enrollment process. The direct download links for iOS and Android are as follows:

iOS: ‎Okta Verify

Android: Okta Verify - Apps on Google Play

Do I need to enroll in both MFA options?

No you are not required to enroll in both MFA options. Only the phone call option is required.

Ubuntu 16.04 ESM Update for Armor Private Cloud
Ubuntu 16.04 ESM Update for Armor Private Cloud
Ubuntu 16.04 ESM Update for Armor Private Cloud

Ubuntu 16.04 LTS reaches EOL on April 30, 2021. For customers with VMs that currently run Ubuntu 16.04, Armor will provide such instances with extended security maintenance (ESM), ensuring they will continue to receive security updates.


What is Extended Security Maintenance (ESM)?

Offered by Ubuntu’s vendor Canonical, ESM allows your Ubuntu 16.04 LTS instances to continue receiving security updates for the base OS, critical software packages, and infrastructure components. So despite this Ubuntu version reaching the vendor’s end-of-life, you will continue to experience up-to-date security with your base OS.

Do I need to make any changes to my VMs to take advantage of Ubuntu 16.04 ESM?

No, you do not need to make any changes to your Ubuntu 16.04 LTS based VMs.

When will Ubuntu 18.04 LTS be available for AMP Marketplace?

Armor expects that Ubuntu 18.04 LTS to be available shortly, pending further validation. Armor will notify you by separate communication when it can once again be purchased.

What if I need to provision a new Ubuntu 16.04 LTS machine after the EOL date?

If you need to provision a new Ubuntu 16.04 LTS virtual machine, please visit the AMP Marketplace and navigate to the Virtual Machines section to browse available configurations. Armor will enroll it in ESM for you.

HITRUST Mandates Temporarily Unavailable 
HITRUST Mandates Temporarily Unavailable 
HITRUST Mandates Temporarily Unavailable 

HITRUST mandates are temporarily unavailable. HIPAA reporting and mandates still work and are available. At this time, existing documentation will not be updated. 

Log Search with ChaosSearch Kibana
Log Search with ChaosSearch Kibana
Log Search with ChaosSearch Kibana

Learn about the  latest update to Armor’s Log Search capabilities.


What is the latest update?

Armor now utilizes ChaosSearch to help power its data lake. As part of the change, Armor will also use ChaosSearch’s Kibana for visualization.

How will I access the new Log Search?

As before, users will access Log Search through the Armor Management Portal. Unauthenticated AMP users will experience a Login redirect to Armor’s Single Sign On provider automatically. You may also be prompted with a login screen. Selecting the option for Single Sign On will direct you to the ChaosSearch SSO prompt, at which point you are able to continue after authentication.

What will Log Search look like?

Very similar to what you are already used to. ChaosSearch has its own Kibana portal, so while there are some differences in look and feel, the overall experience for customers will be the same. Navigation will continue to be oriented on the left, starting with Discover, Analytics, and so on.

What should I expect will work differently?

For starters, Log Search will open in a new tab and clicking the Armor logo in the banner will not take you back to Armor.

There will also be limited access to settings, but we are working to improve this for customers.

ChaosSearch index selector is required when searching for Account specific data.  Armor direct customer account data is in the form of (1_XXXX_customer) and partner customers will have their partner account listed first (1024_XXXX_customer).

ChaosSearch also supports partner views allowing a user on a partner account to search all their child account's data in the using the same selected index (1024_partner).

In Log Search, some back end architecture changes were made and as a result, customers/partners gain the ability to search all of their data from July 1st onward. 

Because of these changes and the potential for longer running queries while accessing older data, Log Search will only run one active query per user account. A new query run on top of an active query would be queued upon completion of the active query. To help manage this, Armor has implemented a “Cancel Query” button, located at the top of the screen. With Cancel Query, users can terminate an outstanding query as needed.

An error message will pop up after cancelling a query.

Users might also experience slower response times compared to a previous Log Search experience. This is normal and to be expected because of the addition of new features and the ability to access older data, 

Users are limited in terms of aggregation options as the vendor currently only supports four types of bucket aggregations: Date Histogram, Date Range, Histogram, and Terms. This could cause some issues when migrating existing visualizations reliant on other aggregations.

At this time, “Hits” are not available, but the vendor is working to solve this.

What about my dashboards?

ChaosSearch is currently working to import existing dashboards. Account level saved searches and Dashboards have been saved. 

In the previous experience, dashboards and visualizations were saved at the user account level, which made sharing of these tools difficult. In the new experience, these tools are shared at the account level by all users of the account.

This experience also applies to partner account users in the similar way: saved objects can be created and shared amongst the partner account users, with no child accounts having access to them.  Conversely, the partner account user will have access to view all child account saved objects.

Please be aware of the following (current) caveats:

  • The account ID is inherited from the account context from AMP.
  • Visibility of the current account ID in ChaosSearch is limited until improvements are made.

Release notes

For more information on ChaosSearch Kibana, please refer to ChaosSearch’s documentation.

Armor Data Center Move
Armor Data Center Move

Armor Data Center Move

An FAQ regarding our recent Data Center move can be found below. 


1. Why is Armor changing data centers?

Armor is upgrading our data centers to offer you the most up-to-date infrastructure. As part of this upgrade, we will consolidate the number of providers we use for secure hosting. This change requires that we move our customers to new data centers. Utilizing upgraded and consistent infrastructure will increase the quality and speed of the services you receive from Armor. You will continue to receive the same level of security and compliance you have today.

2. What is the level of the new data centers?

All of the new datacenters are at least a Level 3.

All datacenters have N+1 redundancy or greater across all the major infrastructure systems including generators, UPSs, chillers, and air handlers; minimizing single points of failure and maintaining proper floor loading.

3. Can we visit the new data centers?

Yes, you may visit the new data centers. Please contact us.

4. What should I expect during the move?

During a scheduled maintenance window, we will hot transfer your virtual machine workloads to the new datacenter. During the move, you will still have access to your environment.

5. How long with the move take and is there going to be any downtime?

After extensive testing, we expect that 90% of our customers will move to the new datacenter within the four-hour maintenance window with no downtime.

6. Will my IP Addresses Change?

No, your IPs will not change.

7. Will I be able to access my virtual machines during the data center move?

Yes. However, it is not recommended that you make any changes during the move. Your VPN session may be interrupted during the migration.

8. What happens to my SSL VPN and L2L VPN connections during and after the move?

During your move, if you are on VPN you should expect a disconnection when your Edge Services Gateway (ESG) is moved. SSL VPN connections will need to be re-established. However, L2L connections will automatically re-establish.

9. Will I be able to access my account via AMP during the move?

Yes, but you should refrain from making any infrastructure/VM changes during the move.

10. Do I need to make changes to my firewall rules?

No changes will be needed to firewall rules. We do not recommend making any changes during the move.

11. Do I need to do anything, i.e. upgrading OS or refreshing servers?

No, you do not need to make any changes to your OS or refresh servers because of this move.

12. Will Armor provide the same compliance?

Yes, the compliance we provide will not change. This includes support for HIPAA, PCI, and any other frameworks you depend on Armor to support.

13. Is my monthly invoice going to increase?

There are no pricing changes with this datacenter move.

14. What are the supported operating systems?

There are no changes to the supported operating system.

15. What about my collocated equipment?

If you have collocated equipment, we will contact you about your move timing.

16. What about my jumbo virtual machines or if I process a lot of data?

If your company utilizes large storage capacity on a single VM in excess of 6TB, we will contact you about your move timing.

17. What if my environment straddles two data centers?

Will my data stay in sync? Yes, your data will stay in sync.

18. What should I do if I experience issues during or after the migration?

Customers experiencing issues during or after the migration should contact the Armor Support team.

19. In the case of a problem with the move, do you have roll-back plans?

Yes, we have a process in place to roll-back if needed.

20. Will I be able to pick my maintenance window for the move?

Due to the number of Armor customers that are being moved, we have strategically grouped customers by data center. Please contact us with concerns.

21. What can I do to minimize any risk during the move?

To minimize risk, we recommend not making changes to your environment seven days before your maintenance window to aid with troubleshooting, if needed.

22. What type of resources will I need on my side to support this?

We do not expect you will need extensive testing or migration support during or after the move. However, you are welcome to test your environment after the move as you would with any change.

23. Is Armor moving away from the secure hosting/infrastructure business?

No, this move strengthens our secure hosting and infrastructure business. We will continue to grow this portion of our business and are excited to upgrade our infrastructure.


24. Does Armor's security posture change with this move to Rackspace?

No, Armor remains as the security leader, architect, and executor of security policies and procedures. Rackspace will provide the physical infrastructure and maintenance on behalf of Armor, which all is under the auditability of Armor’s internal GRC and security teams.

25. Will the roles and responsibilities between Armor and its customers change as a result of the move?

There are no changes to Armor's existing Shared Responsibility Matrix for PCI or HITRUST alignment.

26. Will the move to a different data center affect my compliance?

Armor will remain compliant throughout and following the move. Based on your specific compliance requirements, additional actions may be required. Please consult your assessor for assistance.

27. Is Rackspace HITRUST certified?

Yes, Rackspace is HITRUST certified.

28. Is Rackspace PCI certified?

Yes, Rackspace is PCI certified.

29. When will Armor's PCI Attestation of Compliance (AOC) be updated to include the new data centers?

Armor's annual PCI audit begins in July 2020, with an anticipated ROC/AoC date of September 30, 2020. Rackspace data centers will be included in these assessments.

Armor is collaborating with our external auditors to ensure continuous compliance throughout the move and recertification process.

30. Will Armor's AoC be completed and cover the Rackspace environment before my move starts?

Please see above question on PCI AoC and others above.

31. Will Rackspace contract/services be covered under Armor’s AoC?

Yes, Armor’s AoC will include services contracted through Rackspace.

32. When will Armor's SOC2, HITRUST, and ISO-27001 certifications include the new data centers?

Armor's annual SOC2 and ISO 27001 assessments begin in late September, with reports delivered in mid-November 2020.

The 2020 HITRUST (interim) assessment occurred in May, before the start of data center moves. Armor's next full audit will begin in April 2021, with an anticipated reporting date of July 30, 2021.

Armor is collaborating with our external auditors to ensure continuous compliance throughout the migration and recertification process.

33. Has the Rackspace data center been pen tested? (Can you provide results of the pen test of the Rackspace environment)

Rackspace has been pen tested by a third party. Results are restricted and may not be distributed; however, the penetration testing program has been independently evaluated by a third-party audit firm and meets the requirements set forth in the PCI DSS and HITRUST CSF frameworks.

34. What new tooling (for example ASV scans, vulnerability scanning, IDS etc) will be used with the new system?

There are no product changes associated with this move.

35. Does the move nullify Armor's existing certifications?

No, certifications continue to remain in place. Certifications are the result of point-in-time assessments and are valid for a pre-determined period of time. With this change, Armor is working with our external audit firms and certifying bodies to provide evidence of continuous compliance during and after the move.

CoalfireOne Platform Migration
CoalfireOne Platform Migration

CoalfireOne Platform Migration

Learn about the changes expected when Coalfire's latest dashboard is available in April 2020.

titleSee More

Why is Armor implementing a new Coalfire platform?

Coalfire is deprecating their classic platform in favor of a newer offering that incorporates several improvements to their current scanning & assessment experience. Since the classic platform will eventually be retired, Armor is taking action now to migrate all of its current Coalfire subscribers to the new platform.

When will the new platform be available?

Migrations to the new platform are scheduled to occur Wednesday, April 1, 2020 during normal business hours.

What are the benefits of the new Coalfire platform?

The new Coalfire platform promises improved scanning & dispute resolution options, along with a new project-based organization that supports more-granular configuration of schedules, notifications, and blackout windows. Detail on the major new features includes:

  • From a new overall scan status page, one monitor the overall compliance of each project, generate reports, and start/stop scans.

  • You can now scan as frequently as once per week (previously, the most-frequent option available was monthly).

  • Projects are now available, which combine scan schedules with project-specific configurations.

    • Blackout periods can now be defined per schedule (previously, your blackout window was globally-defined across all schedules).

    • Teams of individual users can be assigned to specific projects, should you desire to segment access to particular scan types.

    • Notification configurations are now project-specific, allowing you to define the level of upcoming scan notifications you care to receive per scan type.

    • Each project’s landing page contains an action feed of outstanding tasks towards achieving a passing state.

    • In addition, each landing page also lists the top ten vulnerabilities per project, helping you focus on the remediations with the biggest returns.

  • More advanced filtering around vulnerabilities, hosts, and disputes is available.

  • A new “Dispute Packages” option lets you submit a single dispute that applies to multiple findings.

  • Disputes can now be automatically resolved via a rescan option.

  • Threaded conversations associated with individual disputes are now available. These consolidates all dispute-related conversation (including emails and calls) in a single location within the portal.

Because it’s a new platform, will I receive new Coalfire credentials?

The new Coalire platform has its own dashboard, distinct from the classic dashboard you are currently using. When your account’s migration is complete, your current Coalfire administrator will be the recipient of temporary credentials which can be used to access the new platform.

If you have issues with accessing the new platform’s dashboard or if you fail to receive your new credentials, please contact Armor Support via the Armor Management Portal (AMP).

Can I still access the classic platform’s dashboard?

All current credentials will continue to work for accessing the classic platform. You would use those to access your past assessment & dispute history, which will not be migrated.

How long can I access my assessment & dispute history in the classic platform?

Coalfire’s classic dashboard will no longer be accessible after December 31, 2020. The dashboard itself goes read-only on April 30, 2020. Armor recommends that customers who wish to access past attestations and reports for their future audits should immediately download such data, in the event Coalfire changes either timeline.

As a customer, are there any action items required by me to complete the migration? Will there be any interruption to my service?

Once you have access to the new platform, you will need to reconfigure your scan schedules, as the structure of these has changed to account for the new platform switch to use projects.

Will there any billing changes?

As a benefit of upgrading the Coalfire platform, all of the above new features & benefits will be made available to you for no additional charge.

Depending on your billing date, you may see one-time separate charges related to your current Coalfire subscription. In such an event, the first will be a cancellation (of your existing service in the classic platform), while the second appears as a new subscription (of your service within the new platform). Both charges will feature the same effective dates, which means you will not see unexpected price differences on that invoice. Ongoing, you would resume seeing a single Coalfire subscription charge on your future invoices.

Will there be API changes?

Yes. New API endpoints will now be available for customers and partners who wish to orchestrate Coalfire subscriptions within the new platform. These new endpoints will allow users to perform all routine actions:

  • Create, modify, and disable Coalfire accounts

  • Enable, switch, or cancel subscriptions for the available scanning services

Documentation about these new endpoints will be made available within our API documentation (available at the same day as the cutover to the new platform.

When I log into the classic platform, a banner is displayed which states “Classic Scans no longer supports running new scans for most customers. For these customers, all final disputes and special hosts must be submitted by April 15th.” What does this mean to me?

This banner displays for all customers to alert them of the upcoming read-only state of the classic platform. According to the vendor, Armor customers have until April 30, 2020 to make final changes before the platform becomes read-only.


Intrusion Detection
Intrusion Detection
Intrusion Detection

 Host Intrusion Detection Service on Armor Complete
 Host Intrusion Detection Service on Armor Complete
Host Intrusion Detection Service on Armor Complete

Learn about Host Intrusion Detection Service updates for Armor Complete users. 

titleSee More

Why is Armor changing its Intrusion Detection service from a network-based service (NIDS) to a host-based service (HIDS)? 

As the need to encrypt data to keep it secure increases, more and more traffic entering your environment is encrypted, and NIDS services can’t see into encrypted packets. Armor is moving to a HIDS service to gain additional insight into the traffic both entering and moving through your environment. 


What does this new service provide? 

The HIDS service will provide the same information in AMP, including the following:  

  • Top Signatures (Last 7 Days) 
  • Top VMs (Last 7 Days) 

Additionally, the following data will be available for each HIDS event 

  • VM name 
  • Source IP 
  • Source Port 
  • Destination IP  
  • Destination Port 
  • Event Signature  
  • Event Timestamp 
  • Count 


What is the cost associated with the new service?  

There is no additional cost for the HIDS service. It is included in the Armor Complete product offering at no charge.   


Will the existing NIDS service be deprecated?  

Yes, the existing NIDS service will be deprecated as part of the roll out of the new HIDS service.  


Can I opt out of HIDS?  

Armor is updating the Armor Complete product offering for all customers, so you can’t opt out of HIDS service.   


How do I add this new service to my account? 

No action is required to gain access to the Intrusion Detection feature. Starting on January 22nd, 2020, follow the steps below for access:  

  • Log into the Armor Management Portal (AMP) at 
  • Navigate to Security > Intrusion Detection.  
  • Once there, your environment’s HIDS information will be available for your perusal.  


Do I need to update my firewall rules?  

The HIDS service will be powered by Trend Micro. Since Armor already uses Trend for its Malware Protection and File Integrity Monitoring services, no additional firewall rule changes are required to use the HIDS service.        


Will there be an outage?  

The roll out should not cause an interruption of service or a reboot, however; it may cause a momentary network outage (~15 second) as the policy is updated on your VM.  


Are there any performance impacts to running the HIDS service on the host-level (i.e. CPU utilization, memory, etc)?   

The HIDS service should not cause any performance issues on your VMs. If you notice any issues related to high CPU or memory usage, please contact Armor support.  


Will there be any changes to the Intrusion Detection APIs?  

Currently, there are no APIs for the NIDS or HIDS service. Armor will not be rolling out any new APIs in conjunction with the release of HIDS for Armor Complete.   

Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning

Rapid7 Vulnerability Scanning for Armor Complete
Rapid7 Vulnerability Scanning for Armor Complete
Rapid7 Vulnerability Scanning for Armor Complete

Learn about the patching and vulnerability scanning updates for Armor Complete users. 

titleSee more

In short, what is changing?

As of September 4, 2019, Armor Complete users will now utilize a new vulnerability scanning service provided by Rapid7. 

What does this new service provide?

Every week, a new scanning report will display in AMP. You can review the details of this report to view which vulnerabilities have been detected in your environment. With this information, you can perform your own patching and other troubleshooting activities.  


Every week, a new report will be displayed and accessible from the Vulnerability Scanning screen. 


When you select a report, you can view details based on affected virtual machines, or based on detected vulnerabilities. 


You can select a detected vulnerability to view patching information. 

What will happen to the existing Patching screen? 

The Patching screen will be deprecated and replaced by the newly launched Vulnerability Scans screen. 

The Vulnerability Scans screen will provide a more useful security experience, including:

  • Detailed information about detected vulnerabilities
  • Instructions for remediation
  • Confirmation of successfully applied patches 

With this new experience, why am I seeing more vulnerabilities than previously reported on the deprecated Patching screen?

The deprecated Patching screen was dedicated to reporting outstanding OS patching information. 

The replacement experience (powered by Rapid7) not only reports the same information, but also provides insight into vulnerabilities detected against applications running on the same machine, along with richer details, including an overview of the vulnerability, references, and path to remediation.

Who is responsible for remediating the vulnerabilities reported in the new experience?

As noted in the Armor Complete Shared Responsibility document, both Armor and the customer are responsible, depending on the type of vulnerability:

  • Armor: Responsible for OS-level patching for using pre-defined schedules (ex: WSUS schedules for Windows machines).  For example, a Microsoft-reported Windows patch would fall into this category. To learn the schedule for particular virtual machines or make adjustments, please contact Armor Support. 
  • Customer: Responsible for application-level patching on each virtual machine.  For example, a vulnerability for Adobe Flash or Microsoft SQL Server would fall into this category

How does the new experience determine the severity of detected vulnerabilities? For example, what is the difference between Critical vs. High?

The Vulnerability Scans screen also displays severity levels for each detected vulnerability. A severity is assigned to a vulnerability based on the Common Vulnerability Scoring System (CVSS). CVSS is the accepted system to rate the severity status of a vulnerability. To learn more, please see the National Vulnerability Database website. 

More information on how CVSS's scores correspond to severities displayed in the Armor Management Portal (AMP), review the Vulnerability Scanning (Armor Complete) documentation. 

What is the cost associated with this new vulnerability scanning service?

There is no charge. This service will be included as a default service to all Armor Complete users. 

Will the previous vulnerability scanning service (Coalfire Navis) be deprecated or removed?

No. For Armor Complete users subscribed to Coalfire Navis, that service will continue to operate. In AMP, on the Vulnerability Scanning screen, there will be two tabs available for these two vulnerability scanning options: Compliance (for Coalfire Navis) and Vulnerability Scans (for Rapid7). 

Why are both vulnerability scanning options being offered together?

Each option provides a different service; with Coalfire Navis, you receive compliance-related features, and with Rapid7, you receive detailed vulnerability reports with patching-related information. 

CompliantReportsFreeConfigure / schedule a scan
Navis CoalfireYesNoNoYes


The reports are scheduled to compile results every Sunday at 10pm, local server time.

How do I add this new vulnerability scanning service to my account?

With this release, Vulnerability Scanning (with Rapid7) has already been added to your account, with a report already generated. You can access the Vulnerability Scans tab in the Vulnerability Scanning screen to view a report. 

Do I need to update my firewall rules? 

No. To accommodate this service, Armor has already updated firewall rules for Armor Complete users. 

Will any APIs be removed? 

Yes. The following APIs will be deprecated:

  • Get Packages Status
  • Get Packages 

The Armor Knowledge Base will be updated to reflect these API changes. 

Will any new APIs be introduced? 

While new APIs have not been created, Armor Complete users can now utilize APIs that were previously specific to Armor Anywhere users:

  • Get Vulnerability Scans
  • Get Vulnerability Scan Reports
  • Get Vulnerability Scan Details for a Report
  • Get Vulnerability Scan Details for a Vulnerability
  • Get Vulnerability Scan Report
  • Get Vulnerability Scan Date 
  • Get Vulnerability Scan Statistics 
  • Get Vulnerability Scan Statistics for a Report
  • Get Vulnerability Scan Scoring Details 
  • Get Vulnerability Scans Data for Affected Virtual Machines

To learn more, review the Vulnerability Scanning APIs in NOT PUBLISHED Security API Calls

What other changes will take place after the Patching screen is deprecated? 

  • While the Patching screen will remain visible in AMP, if you click on Patching, you will be redirected to the newly released Vulnerability Scanning screen. 
  • The Get Overvall Security Status API call (/core/security-dashboard/stats/overall) will be updated. In the return, the following patching-related values will return as null: 
    • osPatchingOkStatus
    • osPatchingWarningStatus
    • osPatchingCriticalStatus
  • The following Armor API calls will initially be retired, and then deprecated: 
    • GET /core/packages/{coreInstanceId} 
    • GET /core/packages/counts 
    • GET /core/packages/gettotalstatus 
    • GET /core/packages/pending 
    • GET /core/packages/status 
    • POST /core/packages/ 
    • POST /core/packages/installed 
    • POST /core/packages/updatecount 
    • POST /core/packages/updates 
  • In a future release, the Armor Agent will be updated to remove any remaining patching functionality from corresponding machines. 

Armor Ticketing System
Armor Ticketing System
Armor Ticketing System

On March 2, 2019, Armor launched the updated Armor Ticketing SystemLearn about the support-related enhancements.

titleSee more

In short, what has changed?

Armor's support ticket process has been updated to accommodate the launch of Armor's new ticketing platform. This update helps Armor to offer a more robust ticketing service. With this release: 

  • You can add multiple users to a ticket with one click, as opposed to adding each user individually. 
  • You can select from a list of default ticket types that will direct your ticket to the correct team at Armor.

To accommodate this release, were my tickets moved? 

Internally, yes. All tickets (open or closed) were moved from the previous ticketing system to a new ticketing platform; however, these tickets are still accessible from the View Archived Tickets section of AMP. All open tickets have been recreated in the new ticketing system, where you will continue to work with Armor to resolve the issue. Tickets that have been archived cannot be reopened or modified, but you can read and access attached information within the ticket.

How will my tickets be migrated over? 

Tickets that were closed before March 2, 2019, will be archived. Open or unresolved tickets will be migrated over to the new ticketing platform.

Can I access migrated closed tickets? 

Yes, your closed tickets will be accessible in the newly created View Archived Tickets screen. You can read these closed tickets; however, you cannot reopen or modify these tickets. 

Can I still access attached files from an "archived ticket," such as an attached file with logs? 


How long will migrated tickets be retained? 

Armor will maintain a ticket history of 13 months. You can request this data to be pulled from Armor before March 2020 through a support ticket. 

How will my interaction with tickets change? 

At a high-level, Armor support tickets are no longer stored and managed in AMP; they are stored and managed within the new ticketing system. As a result, when you click an open or unresolved ticket from AMP, you will be presented with a new window to view the ticket details in the new ticketing system.

Can I add specific users to a ticket? 

Yes. After you create a ticket, you have the ability to share a ticket with specific users and / or organizations. When a support ticket is shared with an individual user, the user will automatically receive an email notification, and will receive ongoing updates for the ticket. When a support ticket is shared with an organization, all users within the organization will receive an initial email notification for the ticket; individual users can then subscribe to to all future notifications for that particular ticket by clicking the Get notifications link in the ticket itself.

I am being prompted to login when I attempt to view my ticket using the View Request link in my email notification. What username and password should I use? 

If you are not currently logged into the Armor Management Portal (AMP), you will be prompted to complete the login process. You should use the same username and password that you enter when logging into AMP, including your multi-factor authentication. 

How do I turn off ticket notifications? 

You can turn off notifications for a specific ticket by clicking the Turn off this request's notifications link in the email notification that you received when you created the ticket. Or, you can click the Don’t notify me link in the ticket itself. 

Can I close my own ticket in the new ticketing system? 

In the new ticketing system, tickets are updated and closed by Armor Support. You do not have the ability to close a ticket in the new ticketing system; however, you can leave a comment on the ticket to request closure. 

Can I reopen a ticket in the new ticketing system? 

A ticket cannot be reopened in the new ticketing system. Once a ticket has been closed, if the issue still persists, Armor Support recommends that you open a new ticket. Within the ticket description, include the old ticket number for reference.


To learn more about the Tickets screen, including how to send a support ticket, see Armor Support.

Q1 2019 at Armor
Q1 2019 at Armor
Q1 2019 at Armor

Learn about the changes that took place to Armor's products in Q1. 

titleSee more

Updated Service (Support) Offerings
Updated Service (Support) Offerings
Updated Service (Support) Offerings

This section applies to Armor Complete and Armor Anywhere users.

In short, what will change?

To provide better service and customized support, Armor has revamped the entire support process by offering three levels of service, Basic, Advanced, and Enterprise.

Service LevelTarget User TypeAdditional Information
BasicFor smaller organizations with security and compliance needs but on a tighter budget.Basic Support is included at no extra charge, providing robust monitoring, SOC and ticketing support 24/7/365.
AdvancedFor larger companies who want guidance and advocacy but don’t require 24/7 attention. Most new Armor clients choose Advanced.

Advanced Support clients get all of the advantages of Basic Support plus have access to Armor resources by phone during normal business hours.


For large-scale organizations seeking round-the-clock access to Armor team resources.

Armor Enterprise Support clients receive all of the advantages of Advanced Support plus architecture analysis and guidance.

Architecture Analysis and Guidance
Armor will coordinate working sessions with clients to review, create and update network diagrams, as well as system and application information to better support the environment.

Which level of support am I enrolled in? 

In a separate email, you will be notified regarding your assigned service level. You will receive this email by the end of January 2019. 

When will the billing process be updated?

After March 2019, you will see your bill updated based on your assigned service level. 

Can I switch to another service level in the middle of a billing cycle?

No. While you can notify Armor about switching to another service level, you will remain in the original service level until the end of the billing cycle. The switch will take place on the first day of the new billing cycle. 

Does Armor provide free and basic support?

Yes. Basic service is available to users who are not assigned to the Advanced or Enterprise services.  

What are the differences between each service level? 

Review the following table to under the differences between each service level. 

PricingIncluded, no additional costMonthly charge of $995Monthly charge of $10,500 or 10% of client MRR (whichever is higher)
Self-Service SupportBasicAdvancedEnterprise
Full product documentation and support/troubleshooting guides are available 24/7/365 to users at the Armor Knowledge Base.YesYesYes
Included Infrastructure Management (For Armor Secure Hosting Only)*BasicAdvancedEnterprise
VM Configuration and DeploymentYesYesYes
Addition/Removal of Services Including Backup and DR ConfigurationYesYesYes
24/7 Server Monitoring YesYesYes
Troubleshooting YesYesYes
Patching SupportYesYesYes
OS Support YesYesYes
Network Configuration Support YesYesYes
Architecture Analysis and Guidance NoNoYes
API ServicesBasicAdvancedEnterprise
API Services Access Full access, unlimited useFull access, unlimited useFull access, unlimited use
Coverage and Engagement ProfileBasicAdvancedEnterprise
Security Operations Center24/7/36524/7/36524/7/365
Ticket Support24/7/36524/7/36524/7/365
Ticketing/IncidentsUnlimited Tickets or Open IncidentsUnlimited Tickets or Open IncidentsUnlimited Tickets or Open Incidents
Phone SupportNot Applicable8am-5pm CST & GMT, M-FRound-the-Clock Coverage 24/7/365
Response SLO48 hoursNot Applicable Not Applicable
Response SLABasicAdvancedEnterprise
Ticket HandlingNot ApplicablePriority ticket handling.  
6 hours for acknowledgement during coverage hours.
Priority ticket handling.  
30 minutes for acknowledgement. 
Service Credit EligibilityNot ApplicableUp to 3% credit on support service for impacted month. Request for credit must be made in writing (via ticket) within 72 hours of incident.Up to 5% credit on support service for impacted month. Request for credit must be in writing (via ticket) within 120 hours of incident.

Incident Investigation

Each incident includes 2 free hours of investigation.Each incident includes 2 free hours of investigation.Each incident includes 2 free hours of investigation.
*Infrastructure Management pertains to Armor Complete solutions only
You can also view and download the official data sheet to learn more.

Updated Vulnerability Scanning

This section applies to Armor Complete users.

In short, what will change?

Vulnerability scanning will be automatically added to all virtual machines. 

Will vulnerability scanning be added to newly created machines and already-existing virtual machines? 

Vulnerability scanning will be added to all virtual machines, regardless of when they were created. 

How do I know if my virtual machine contains vulnerability scanning?

In the Armor Management Portal (AMP), you can view the Vulnerability Scanning screen to verify that your hosts contain vulnerability scanning. You can also use this screen to view the status of a scan. To learn more, see Vulnerability Scanning for Compliance

Updated Snapshot Services

This section applies to Armor Complete users.

In short, what will change?

Armor will be discontinuing the Snapshot Service offering, effective March 1, 2019. 

Why is Armor discontinuing the Snapshot Service? 

This service was originally created to support Armor’s Security Operations team in forensics investigations. In reality, this service was not a true backup solution for users. As a result, Armor launched the Advanced Backup add-on product exclusively for end users. 

What will happen to old snapshots? 

As snapshots were only meant to be used for deeper forensics investigations, any data stored in the snapshots will be deleted. This action will not impact your environment?or virtual machines.  Data will be managed in accordance to Armor's compliance policies. 

Will Armor replace this service? 

Yes. For several months, Armor has partnered with Rubrik to offer the Advanced Backup add-on product. You can use this add-on product to take backups of your virtual machines. (These backups are also known as a snapshot.) In the event of data loss, you can use these snapshots to restore your virtual machine to a previous state. These snapshots will be stored with Armor, based on the retention configurations you create in the backup policy. This add-on product is available to users who use the Dallas (DFW01) and Phoenix (PHX01) data centers. To learn more, see Advanced BackupFor all other data centers, you can use the Backup and Recovery add-on product form R1Soft. To learn more, see Backup & Recovery.

Is the Advanced Backup add-on product compatible with Zerto? 

Currently, the Advanced Backup service is not compatible with Zerto; however, Armor is working with Zerto to deliver compatibility in the near future. 

New Ticketing Platform

This section applies to Armor Complete and Armor Anywhere users.

In short, what has changed? 

Later in this quarter, Armor will offer a more robust ticketing service. This update will allow you to configure which users can receive and interact with specific tickets. Additionally, through Armor's email notification feature, you will receive less but more useful notifications. 

How long will tickets be retained?

Armor will maintain a ticket history of 13 months. You can request this data to be pulled from Armor before February 2020.

When will this feature release?

Incremental updates have already taken place; however, more user-focused changes will take place in February 2019. 

New Audit Trail

In short, what has changed?

Armor has introduced a new screen that records and displays every change made to your account. In the Armor Management Portal (AMP), in the Activity screen of the Account section, you can review and download a full history of every account interaction, including the user who made the change. 

To learn more, see Account Activity

Trend Micro Compatibility
Trend Micro Compatibility
Trend Micro Compatibility

titleSee more
Trend Micro
Trend Micro
Trend Micro

On September 26, 2018 Armor released a new version of Trend Micro Security, which enhanced the current logging subagent.

To accommodate this update, new and existing Armor Anywhere agent installations will require an additional firewall rule.

titleSee more

For Windows 2012 users, when you install the Armor Agent, the corresponding Trend Micro agent may cause your system to reboot. Trend Micro is currently researching this issue.

Existing Installations 

Before September 26, for any existing installations, please add the following rules:  

Outbound / InboundService / PurposePortDestination
OutboundMalware Protection, FIM, IDS4119/tcp

For existing installations, do not remove any firewall rules. 

New Installations 

After September 26, for new installations, review the following table of all the firewall rules you must add.

The following ports will need to be opened for each server registered with Armor Anywhere.

Inbound / Outbound

Service / Purpose



OutboundArmor Agent443/tcp
OutboundMalware Protection, FIM, IDS


OutboundLog Management (Filebeat / Winlogbeat)515/tcp
OutboundRemote Access443/tcp

Vulnerability Scanning

InboundLog Relay (Logstash)
  • 5140/udp
  • 5141/tcp
The IP address for your virtual machine
OutboundLog Relay (Armor's logging service (ELK))
  • 5443/tcp
  • 5400-5600/tcp (Reserved)
    • Armor reserves the right to utilize this port range for future expansion or service changes.

  • These endpoints are served by the Amazon Elastic Load Balancers. As a result, the actual endpoints will vary dynamically across Amazon's IP ranges.


* The agent will perform a lookup to the applicable DNS entry, which may resolve to one of multiple Amazon Web Services based subnets. As a result, if your firewall does not support outbound filtering by domain name, then you may need to open all outbound traffic to 443/tcp to accommodate this service.


Additionally, verify that your proxy server can externally communicate.

Additional Documentation 

To learn about more pre-installation information, see ANYWHERE Pre-Installation

Log Management
Log Management
Log Management

Learn about Log Management product and pricing updates.

titleSee more

Does the new policy modify my old "per VM" configuration? 

No. Your existing configurations will not change, nor will your billing change.

With these updates, can I bring in data from additional services and have Armor correlate, analyze, and secure even more of my stack for me? 

Yes. In Armor Complete, Log Management enables users to bring in application logs or logs from any custom network appliance in their VPC. Each device is subject to a one-time charge as Armor builds a custom security policy and onboards the unique log source. 

For more information, please contact your account manager. 

Did my standard retention period change? 

Yes. In the Armor Management Portal (AMP), the standard retention period is now 30 days; however, Armor's security teams may have access to view data for a longer period of time. 
If you want to retain data for a longer period of time, you can upgrade to the 13-month log retention plan. 

Does this impact my incident response? 

No. Armor's incident response services are not impacted. For every security incident, Armor provides 2 hours of remediation at no additional cost. 

Can I change my plan?

Yes. In the Armor Management Portal (AMP), you can switch from the 30-day plan to the 13-month plan. 

Related Documentation

To learn more about the Log Management screen in the Armor Management Portal, see Log Management

Meltdown Spectre Remediation
Meltdown Spectre Remediation
Meltdown - Spectre Remediation

With the recently discovered Meltdown vulnerability, Armor recommends that you reboot your systems as prompted to take full advantage of upcoming product releases. 

titleSee more

For Armor's patching actions regarding Meltdown and Spectre, please refer to the ticket opened in your account.


For detailed information regarding both vulnerabilities, you can review the following response kits: 

Review Patch Status

Use the information below to determine the OS patch status for Meltdown/Spectre:

A patch is available now.
OA patch has not been confirmed.
XA patch will not be available. As a result, Armor recommends that you upgrade the guest operating system.


Spectre V1 - CVE-2017-5753

Date Available

Spectre V2 - CVE-2017-5715

Date Available

Meltdown - CVE-2017-5754

Date Available

Windows Server

Windows 2012 non-R22018-03-132018-03-132018-03-13
Windows 2012 R22018-01-032018-01-032018-01-03
Windows 20162018-01-032018-01-032018-01-03
Ubuntu Server------
Ubuntu 10.04 LTSXWill Not Be PatchedXWill Not Be PatchedXWill Not Be Patched
Ubuntu 12.04 LTSXWill Not Be PatchedXWill Not Be PatchedXWill Not Be Patched
Ubuntu 14.04 LTS2018-01-09XPatch Pulled2018-01-09
Ubuntu 16.04 LTS2018-01-09XPatch Pulled2018-01-09
CentOS Server------
CentOS Server 52018-01-03XPatch Pulled2018-01-03
CentOS Server 62018-01-03XPatch Pulled2018-01-03
CentOS Server 72018-01-03XPatch Pulled2018-01-03
Red Hat Server------
Red Hat Enterprise Linux 52018-01-03XPatch Pulled2018-01-03
Red Hat Enterprise Linux 62018-01-03
XPatch Pulled2018-01-03
Red Hat Enterprise Linux 72018-01-03XPatch Pulled2018-01-03
Debian Server------
Debian 6XWill Not Be PatchedXWill Not Be PatchedXWill Not Be Patched
Debian 7OTBDTBD2018-01-07
Vormetric Encryption------
Vormetric DSM 6.x

Vormetric Guest OS Agent------

Was this helpful?

Rate Macro