Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Armor troubleshoots virtual machines that contain Anti-Malware subcomponents in a Warning or Critical status. To troubleshoot with Armor, you must submit a support ticket.

  1. In the Armor Management Portal (AMP), at the bottom, click New
  2. Click Ticket
  3. In Ticket Subject, enter a descriptive name. 
  4. In Add Recipient, enter the email address of additional users who should receive support updates. 
  5. In Ticket Explanation, enter useful details that can help Armor troubleshoot the problem quickly, especially the name of the virtual name. 
  6. Click Attach File to add relevant images of your issue, such as the code or error message. 
  7. Click Create Ticket
  8. To view the status of your ticket, in the left-side navigation, click Support, and then click Tickets + Notifications

 

...

Armor determines the status of FIM based on how long FIM has been offline.

...

Length of offline statusSecurity Status
2 to 7 daysWarning
8 days or moreCritical

 

Troubleshoot FIM 

Armor troubleshoots virtual machines that contain FIM subcomponents in a Warning or Critical status. To troubleshoot with Armor, you must submit a support ticket.

  1. In the Armor Management Portal (AMP), at the bottom, click New
  2. Click Ticket
  3. In Ticket Subject, enter a descriptive name. 
  4. In Add Recipient, enter the email address of additional users who should receive support updates. 
  5. In Ticket Explanation, enter useful details that can help Armor troubleshoot the problem quickly, especially the name of the virtual name. 
  6. Click Attach File to add relevant images of your issue, such as the code or error message. 
  7. Click Create Ticket
  8. To view the status of your ticket, in the left-side navigation, click Support, and then click Tickets + Notifications

...

Note

...

Overview

The Security Dashboard in the Armor Management Portal (AMP) displays the various statuses of your virtual machines: 

  • Green indicates a virtual machine in a Secured status.
  • Yellow indicates a virtual machine in a Warning status. 
  • Red indicates a virtual machine in a Critical status.

...

The overall status of your virtual machine is based on the individual status of your virtual machine's subcomponents. Your virtual machine contains three subcomponents:

  • Anti-Malware
  • FIM
  • Patching

Armor reviews the status of your three subcomponents and labels your virtual machine based on the status of your most critical subcomponent.

For example, if Anti-Malware and FIM are both in a Secured status, but Patching is in a Critical status, then overall, your virtual machine is labeled as Critical.

In another example, if Anti-Malware is in a Critical status, FIM is in a Warning status, and Patching is in a Secured status, then overall, your virtual machine is labeled as Critical

...

The Anti-Malware status can change based on the following two conditions:

  • The date of your last scan
  • The date that Armor last received your data

Condition 1 - Date of last scan

If the last scan for Anti-Malware took place between 7 to 13 days ago, then the Anti-Malware status changes from Secured to Warning.

If the last scan for Anti-Malware took place 14 days ago or more, then the Anti-Malware status changes from Warning to Critical.

Date of last scanSecurity status
7 to 13 days agoWarning
14 days or moreCritical

 

Condition 2 - Date that Armor last received your data

If Armor last received data between 24 to 48 hours ago, then the Anti-Malware status changes from Secured to Warning.

If Armor last received data over 48 hours ago, then the Anti-Malware status changes from Warning to Critical.

 

Date of Armor receiving your dataSecurity status
24 to 48 hours agoWarning
Over 48 hoursCritical

 

Armor labels the Anti-Malware status based on the worst status of the two conditions. For example, if the date of your last scan was 9 days ago, but Armor last received your data 72 hours ago, then overall, the Anti-Malware status is Critical

Troubleshoot Anti-Malware

To fully use this screen, you must add the following permissions to your account:

  • Read Dashboard Statistics


You can use the Health Overview screen to see the overall health status of your virtual machines.

The top of the Health Overview screen contains four types of information, displayed in various widgets. 

Widget

Description

Overall Health Score

This widget displays an average of the ProtectionDetection, and Response scores.

Info

Scores in the security dashboards are calculated and updated every night at 2:00 AM UTC. 

Protection

This score is based on the stability of the Armor agent and any corresponding subagents. 

For more information, see Protection Dashboard.


Detection

This score is based on the incoming activity (log activity) of the Armor agent and any corresponding subagents.

For more information, see Detection Dashboard


Response

This score is based on the response time for a support ticket between you and Armor.

For more information, see Detection Dashboard

Score RangeHealth Status
8 - 10Good
4 - 7Fair
1 - 3Poor

Vulnerabilities

This widget displays the number of detected vulnerabilities, based on the information from the weekly vulnerabilities report. 

Note

The number of detected vulnerabilities displayed in the widget may differ from the detected vulnerability count that displays in the latest scan report. This is because the widget does not include informational alerts (Severity = Info), while the scan report does include these types of alerts.  

A vulnerability scan takes place every Sunday at 10:00 PM, local server time. After a scan is complete, the corresponding report is added to the Vulnerability Scanning screen of the Armor Management Portal (AMP). Additionally, this widget is updated based on the scan.  

To learn about the Vulnerability Scanning screen, see Vulnerability Scanning.

Security Incidents Total

This widget displays the number of open or pending support tickets that are considered highly important, security-focused incidents, known as Critical Incidents.

Internally, when Armor Support reviews a support ticket, a support personnel can label the ticket as a Security Incident. These tickets will be given a severity rating (low, medium, high, critical), and then displayed in the Security Incidents screen. A Security Incident with a Critical status is also known as a Critical Incident.

In the Security Incidents screen, you will only see an incident if you are listed as a recipient on the support ticket or if you opened the support ticket. 

Armor Support, you, or someone on your account can open a support ticket that can eventually evolve into an incident.

To learn more about the Security Incidents screen, see Incidents


Under Security Alerts Needing Attention, you can click a specific incident, and then you will be redirected to the Security Incident screen with the table already filtered.

Logs Parsed (Past 24h)

This widget displays the number of logs that Armor has received and analyzed in the past 24 hours.



Related Documentation

Content by Label
showLabelsfalse
showSpacefalse
sorttitle
cqllabel in ("dashboard","score")




Was this helpful?
Rate Macro

Scrolltotop