In this Article: 

Armor Security Services

The tables within the sections below provide context to the Product and Operation fields used in the Schedule Task form. 


Overview

The Toolbox is a combination of services that allows customers to remotely manage services on Virtual Machines on their account.  Below are how to steps for using the toolbox as well as descriptions of the services you can manage with the toolbox.


How to Schedule a Task

Users can access the Toolbox in the Armor Management Portal (AMP) on the Toolbox screen. The Toolbox screen is in the Infrastructure section of AMP. For more information on the Toolbox screen, click here. Once a task has been scheduled, the page will list all pending and completed tasks. The Schedule Task button will be available at the top of the screen. 


  1. Navigate to the Toolbox screen in AMP.
  2. Click Schedule Task.
  3. Click the Product drop-down and select the desired Armor Security Service.
  4. Click the Operation drop-down and select the desired operation. 
  5. If necessary, enter additional configuration parameters in the Additional Configuration text box. 
  6. Enter a Task Name in the Task Name field.
  7. Click Schedule Future Date to select the task date.
    1. Unless configured otherwise, all tasks will run at the next Agent Heartbeat (every 15 minutes).
  8. Click Select VMs button.
  9. Select the appropriate Virtual Machines using the check boxes.
  10. Click Select VMs.
  11. Click Schedule Task


Security Services

Below are the Armor Security Services you can manage from the Armor Toolbox. 


Trend


Trend is the parent sub-agent for all Trend modules, including Malware Protection, File Integrity Monitoring, and Intrusion Prevention.

One of the features available in Agent 3.0 is Recommendation scans. Recommendation scans provide a good starting point for establishing a list of rules that you should implement. During a recommendation scan, the Armor Agent scans the operating system for installed applications, the Windows registry, open ports, and more. 

In order to use Malware Protection, File Integrity Monitoring, and Intrusion Prevention, please install the Trend Sub-Agent. To take advantage of Recommendation scans, turn on Ongoing Recommendation scans in the Toolbox. 

OperationDescription
trend installInstall Trend
trend uninstallUninstall Trend
trend statusAgent Status
trend ongoing-recommendation-scan onTurn On Ongoing Recommendation scan
trend ongoing-recommendation-scan offTurn Off Ongoing Recommendation scan
trend recommendation-scanSchedule a Recommendation Scan

.

Malware Protection


The Armor Malware Protection service protects your Virtual Machines against file-based threats such as malware, viruses, and more.

To use this feature, select the Malware Protection product in the Toolbox and choose the "on" operation. 

OperationDescription
av onTurn anti-malware protection on
av offTurn anti-malware protection off

.

File Integrity Monitoring


The Armor File Integrity Monitoring service detects changes to files and critical system areas (e.g. Windows registry) that could indicate suspicious activity. If you have enabled Recommendation scans (Trend sub-agent), you can run Recommendation scans with FIM to identify a list of rules that should be applied based on the configuration of your Virtual Machine. You can also choose to have the recommended rules automatically applied to your machine. 

To use this feature, select the FIM product in the Toolbox and choose the "on" operation. To use this feature with Recommendation scans, select the FIM product in the Toolbox and choose the "auto-apply-recommendations-on" operation. 

OperationDescription

fim on


Optional Parameter:

fim on auto-apply-recommendations=on

fim on auto-apply-recommendations=off

Turn file integrity monitoring on



Auto-apply recommendations on

Auto-apply recommendations off

fim off

Turn file integrity monitoring off

fim list-available-rulesList available rules
fim list-assigned-rulesList assigned rules
fim assign-rulesAssign rules
fim unassign-ruleUnassign rule

fim add-custom-filepath-rule

Add custom filepath
fim update-custom-filepath-ruleUpdate custom filepath

fim delete-custom-filepath-rule

Delete custom filepath

fim get-custom-filepath-rule

Get custom filepath

.

Intrusion Prevention System


The Armor Intrusion Prevention System service detects or prevents known and zero-day vulnerabilities (e.g. SQL injections attacks, cross-site scripting attacks, etc). Customers can use IPS in prevent or detect mode, depending on whether you want traffic to be blocked or not. If you have enabled Recommendation scans (Trend sub-agent), you can run Recommendation scans with IPS to identify a list of rules that should be applied based on the configuration of your Virtual Machine. You can also choose to have the recommended rules automatically applied to your machine. 

To use this feature, select the IPS product in the Toolbox and choose the "prevent" or "detect" operation. To use this feature with Recommendation scans, select the IPS product (prevent or detect mode) in the Toolbox and choose the "auto-apply-recommendations-on" operation. 


OperationDescription

ips detect


Optional Parameter:

ips detect auto-apply-recommendations=on

ips detect auto-apply-recommendations=off

Turn intrusion prevention on in detect mode



Auto-apply recommendations on

Auto-apply recommendations off

ips prevent


Optional Parameter:

ips prevent auto-apply-recommendations=on

ips prevent auto-apply-recommendations=off

Turn intrusion prevention on in prevent mode



Auto-apply recommendations on

Auto-apply recommendations off

ips offTurn intrusion prevention off
ips list-assigned-rulesList assigned rules
ips assign-rulesAssign rules
ips unassign-ruleUnassign rule

.

Vulnerability Management


Armor’s Vulnerability Scanning service detects OS and application vulnerabilities present in your environment.

To use this feature, select the Vulnerability Management product in the Toolbox and choose the "on" operation. 

OperationDescription
vuln installInstall Qualys vulnerability management
vuln uninstallUninstall Qualys vulnerability management

.

Logging


The Armor Logging service ships OS logs to Armor for correlation and analysis.

To use this feature, select the Logging product in the Toolbox and choose the "on" operation. 

OperationDescription
logging installInstall logging service
logging uninstallUninstall logging service


Log Relay


To use this feature, select the Log Relay product in the Toolbox and choose the "install" operation.  

OperationDescription
relay installInstall Log Relay Software
relay uninstallUninstall Log Relay Software


Additional Services

Armor's Tagging feature allows users to add metadata tags to their logs. Users can search for these tags via API or in the Armor Management Portal (AMP) on the Virtual Machines screen. 

Tags


To use this feature, select the Tags product in the Toolbox and choose the "create tags" operation. In the Additional Configuration text box, enter a key value pair (e.g. key=pair). You can enter more than one tag using a comma as separator. 

OperationDescription
create-tagsCreate Tags
delete-tagsDelete Tags
describe-tagsDescribe tags