Armor Knowledge Base

Home > Armor Anywhere - Product User Guide > Health Overview Dashboard (Armor Anywhere) > Protection Dashboard (Armor Anywhere)

Overview

In the Protection screen, the Protection score focuses on the stability of Armor services to determine if

The agent is responding (hearbeating) to Armor
The agent has registered properly

For Armor Anywhere, the Protection scores focuses on the following services:

Malware Protection
FIM
IDS
Filebeat (for Linux)
Winlogbeat (for Windows)
Vulnerability Scanning

Error rendering macro 'excerpt-include'

No link could be created for 'Protection dashboard (snippet)'.

Improve your Protection score

You can use the information below to troubleshoot the issues displayed in the Protection screen.

Armor recommends that you troubleshoot these issues to:

Improve your Protection scores
Improve your overall health scores
Increase the overall security of your environment

Review each step to troubleshoot your problem. If the first step does not resolve the issue, then continue to the second step until the issue has been resolved. As always, you can send a support ticket.

To learn how to send a support ticket, see Support Tickets.

Error rendering macro 'excerpt-include'

No link could be created for 'Troubleshoot logging score (snippet)'.

Error rendering macro 'excerpt-include'

No link could be created for 'Troubleshoot Malware Protection scores (snippet)'.

Error rendering macro 'excerpt-include'

No link could be created for 'Troubleshoot FIM score (snippet)'.

Intrusion Detection System (IDS)

Armor Service Issue Remediation

IDS

IDS has not provided a heartbeat in the past 4 hours.

Step 1: Verify the status of the agent

	Description	Command
Windows	Verify that the service is running	gsv -displayname trend
Linux	Verify that the service is running	ps_axu \| grep ds_agent

Step 2: Check the connectivity of the agent

	Description	Command
Windows	Verify the URL endpoint epsec.armor.com	& "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetAgentStatus \| sls -pattern url
	Confirm connection to the URL	`new-object` `System.Net.Sockets.TcpClient('146.88.106.210', 443)`

Linux	Verify the URL endpoint epsec.armor.com	/opt/ds_agent/dsa_query -c GetAgentStatus \| grep AgentStatus.dsmUrl
	Confirm connection to the URL	`telnet` `146.88.106.210` `443`

Step 3: Manually heartbeat the agent

Description

Command

Windows

Verify a 200 response

PS C:\Users\Administrator> & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_control.cmd" -m
HTTP Status: 200 - OK
Response:
Manager contact has been scheduled to occur in the next few seconds.

Linux

Verify a 200 response

/opt/ds_agent/dsa_control -m

IDS

IDS is installed but has not been configured.

Step 1: Verify the status of the agent

	Description	Command
Windows	Verify that the service is running	gsv -displayname trend
Linux	Verify that the service is running	ps_axu \| grep ds_agent

Step 2: Check the connectivity of the agent

	Description	Command
Windows	Verify the URL endpoint epsec.armor.com	& "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetAgentStatus \| sls -pattern url
	Confirm connection to the URL	`new-object` `System.Net.Sockets.TcpClient('146.88.106.210', 443)`

Linux	Verify the URL endpoint epsec.armor.com	/opt/ds_agent/dsa_query -c GetAgentStatus \| grep AgentStatus.dsmUrl
	Confirm connection to the URL	`telnet` `146.88.106.210` `443`

Step 3: Manually heartbeat the agent

Description

Command

Windows

Verify a 200 response

PS C:\Users\Administrator> & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_control.cmd" -m
HTTP Status: 200 - OK
Response:
Manager contact has been scheduled to occur in the next few seconds.

Linux

Verify a 200 response

/opt/ds_agent/dsa_control -m

IDS

IDS is not installed or enabled.

Step 1: Verify the status of the agent

	Description	Command
Windows	Verify that the service is running	gsv -displayname trend
Linux	Verify that the service is running	ps_axu \| grep ds_agent

Step 2: Check the connectivity of the agent

	Description	Command
Windows	Verify the URL endpoint epsec.armor.com	& "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetAgentStatus \| sls -pattern url
	Confirm connection to the URL	`new-object` `System.Net.Sockets.TcpClient('146.88.106.210', 443)`

Linux	Verify the URL endpoint epsec.armor.com	/opt/ds_agent/dsa_query -c GetAgentStatus \| grep AgentStatus.dsmUrl
	Confirm connection to the URL	`telnet` `146.88.106.210` `443`

Step 3: Manually heartbeat the agent

Windows

PS C:\Users\Administrator> & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_control.cmd" -m
HTTP Status: 200 - OK
Response:
Manager contact has been scheduled to occur in the next few seconds.

Linux

/opt/ds_agent/dsa_control -m

Vulnerability Scanning

Armor Service

Issue

Remediation

Vulnerability Scanning

If IR Agent is not installed

Step 1: Verify the status of the agent

Windows	IR Agent files are located within C:\Program Files\Rapid7 The IR Agent service name is "Rapid7 Insight Agent"
Linux	IR Agent files are located within /opt/rapid7/ir_agent IR Agent logs are located within /opt/rapid7/ir_agent/agent.log* Upgrade logs are one level above, within /opt/rapid7/upgrade*

Step 2: Check connectivity of the agent

Port	Destination
443/tcp (IR Agent)	endpoint.ingress.rapid7.com * (United States) eu.endpoint.ingress.rapid7.com * (Europe, Middle East, Africa)

* The agent will perform a lookup to the applicable DNS entry, which may resolve to one of multiple Amazon Web Services based subnets. As a result, if your firewall does not support outbound filtering by domain name, then you may need to open all outbound traffic to 443/tcp to accommodate this service.

Vulnerability Scanning

The Vulnerability Scanning agent did not run during the most recent scan.

Step 1: Verify the status of the agent

Windows	IR Agent files are located within C:\Program Files\Rapid7 The IR Agent service name is "Rapid7 Insight Agent"
Linux	IR Agent files are located within /opt/rapid7/ir_agent IR Agent logs are located within /opt/rapid7/ir_agent/agent.log* Upgrade logs are one level above, within /opt/rapid7/upgrade*

Step 2: Check connectivity of the agent

Port	Destination
443/tcp (IR Agent)	endpoint.ingress.rapid7.com * (United States) eu.endpoint.ingress.rapid7.com * (Europe, Middle East, Africa)

* The agent will perform a lookup to the applicable DNS entry, which may resolve to one of multiple Amazon Web Services based subnets. As a result, if your firewall does not support outbound filtering by domain name, then you may need to open all outbound traffic to 443/tcp to accommodate this service.

If you are still unable to troubleshoot the issue, then please open a support ticket.

To learn how to send a support ticket, see Support Tickets.

Space shortcuts

Page tree

Theme Press Tour Guide

com.brikit.tour.guide.title

EXTRA LAYER

NOTES

Not the Real Navigation

Dolor Sit Amet

Internal

Customer

Armor Knowledge Base

Overview

Improve your Protection score

Intrusion Detection System (IDS)

Vulnerability Scanning

Armor Defense Inc. Copyright © 2020. All rights reserved.

Space shortcuts

Page tree

Theme Press Tour Guide

com.brikit.tour.guide.title

EXTRA LAYER

NOTES

Not the Real Navigation

Dolor Sit Amet

Internal

Customer

Protection Dashboard (Armor Anywhere)

Search

Armor Knowledge Base

Overview

Improve your Protection score

Intrusion Detection System (IDS)

Vulnerability Scanning

Armor Defense Inc. Copyright © 2020. All rights reserved.