Armor Knowledge Base
Have a suggestion for the Armor Knowledge Base?
Send a message to email@example.com.
Health Overview dashboard
You can use the Health Overview screen to see the overall health status of your virtual machines.
The top of the Health Overview screen contains four types of information, displayed in various widgets.
|Overall Health Score|
This widget displays an average of the Protection, Detection, and Response scores.
This widget displays the number of open or pending support tickets that are considered important, security-focused incidents, known as Critical Incidents or Security Incidents.
Internally, when Armor Support reviews a support ticket, Armor Support can label the ticket as an incident. These tickets will be given a severity rating and then displayed in the Security Incidents screen.
In the Security Incidents screen, you will only see an incident if you are listed as a recipient on the support ticket or if you opened the support ticket.
Armor Support, you, or someone on your account can open a support ticket that can evolve into an incident.
Under Security Alerts Needing Attention, you can click a specific incident, and then you will be redirected to the Security Incident screen with the table already filtered.
|Logs Parsed (Past 24h)|
This widget displays the number of logs that Armor has received and analyzed in the past 24 hours.
This widget displays the number of detected vulnerabilities, based on the information from the weekly vulnerabilities report.
A vulnerability scanning takes place every Sunday at 10:00 PM, local server time. After a scan is complete, the Armor Management Portal (AMP) will update with a new report in the Vulnerability Scanning screen, as well as update the widget.
To learn about the Vulnerability Scanning screen, see Vulnerability Scanning (Armor Anywhere).
Frequently Asked Question
How do the Security Analytics and Scoring pages help me as an Armor customer?
Armor’s Analytics and Scoring pages make it easy for users such as CISOs, Directors and other managers to understand their level of protection and security posture both within their industry and more broadly. The transparency the new pages provide enables users to quickly validate that their environment is protected, and the relevant data is flowing to Armor’s SOC to enable faster detection and more effective response.
How is the Overall Score calculated?
The overall score is an average of your Protection, Detection and Response scores.
How is the Protection Score calculated?
Protection scoring looks at services such as anti-malware, logging, file integrity management, intrusion detection and others running within the Armor Agent and ensures that each has been sending logs and operating without fault over the past 24 hours.
How is the Detection Score calculated?
While the specifics of our scoring methodology are proprietary, the detection score is focused on ensuring that all the agent and system data is being properly collected, analyzed and correlated as we hunt and detect risks to the client environment.
How is the Response Score calculated?
Response scoring looks at the time to communicate and respond to security incidents based on the timestamps for tickets created and managed within the previous 24 hours.
How does the Service Health Widget help me ensure that my environment is secure?
The Service Health Widget provides insight into how any changes you make impact the flow of logs, service heartbeats, policy management or other functions that are automated and managed by Armor. If a system shows unhealthy, Armor recommends validating that the outbound connections and ports from the host device have not been blocked or impeded. For all other issues, Armor actively manages the agent policies, versions, and service function remotely.
Additionally, clients who have dynamic environments which rely heavily on auto scaling will notice that the service health widget may report systems to be unhealthy even though they have been deprecated or torn down in the environment. Leveraging our API’s, clients can maintain their machine list by using the delete VM ID. You’ll find details on our API calls at http://developer.armor.com.
What is the Armor Dwell Time metric depicting?
The Dwell Time metric depicts the amount of time a threat may have persisted on a machine before it was identified and eradicated by Armor.