Hostdetails

Dashboard

The Host Detail Dashboard provides a compact overview of all relevant information about a host, allowing you to instantly recognize the current security status and any necessary actions.

Navigation is divided into two sections: The vertical menu contains all functions and settings directly related to the host, while the horizontal menu lists information that passively relates to the host, i.e., elements that reference this host.

The most important information, including real-time monitoring and hard disk status, is summarized centrally in the dashboard so that all host-related data can be called up quickly.

The most important information, including real-time monitoring and hard disk status, is summarized centrally in the dashboard so that all host-related data can be called up quickly.

Device Information

The view under Device Information provides a detailed insight into the hardware and software configuration of your systems. Here you will find all relevant information about the operating system, firmware, hardware, and network interfaces at a glance. This overview helps you better understand the condition of your devices, identify potential security risks early, and take targeted measures for system hardening.

Issues

A list of the alarms triggered by the individual host can be found here. The issue overview across all assets is available under Issues. Use the extended filter function and the free text search to display the relevant results.

Settings

Make your personal configurations under Settings.

You can use the Policy Manager to effectively edit the settings of several hosts.

General Settings

  1. Assign an alias and a description to easily identify the host.

  2. Use Tags to group your hosts. Tags can be utilized for Alarms and the Policy Manager.

  3. Designate a technical and a business owner afterward.

  4. If the host has a publicly accessible IP, the API will automatically detect the approximate location upon creation and visually highlight it on a map. Additionally, detailed geographical information such as host, country, city, street, building, floor, and room can be recorded for more precise location management. This information is particularly relevant for compliance requirements and facilitates location-based administration.

Core Features

Decide directly from the view which features you want to activate for the host. Available options include:

  • IDS

  • IPS

  • Advanced Persistent Threats

  • File Integrity Monitoring

  • Collecting log entries as a SIEM collector

  • Executing custom plugins

Advanced Settings

Use the advanced settings to activate the IDS on this host, allow automated system updates and make settings on the tray icon.

Intrusion Detection Level

Allow the analysis of your network traffic by Enginsight IDS on the host. Specify under IP anonymization whether all IP addresses should be anonymized during detection and determine the detection level of the IDS.

Automated system updates

Enable the automatic installation of all system updates through automated system updates. Restrict the update rate to only security-relevant updates or set to restart the system after the update if necessary.

Miscellaneous

Allow extended software monitoring on a daily schedule. Decide under Extended software monitoring on all disks whether all services should be included in the monitoring. Specify whether the Pulsar Agent may access logs by enabling Recording of security relevant events. You can also exclude resources from the recordings in the following settings.

Tray Icon

Enable Enginsight Tray Icon, through which you can execute actions manually or decide if you want to receive security status information in Show Notifications.

To save your configuration, click on Save changes.

Monitoring

With the export function, you can export both complete views and filtered results directly from the platform. This gives you the flexibility to save and process exactly the data that is relevant for your analyses or reports.

Metrics

Here you will find the classic monitoring curves for CPU, RAM, SWAP, network, hard disk utilization and performance. The number of hard disks is automatically determined for each host and a separate diagram is then created for each hard disk for utilization and performance.

You can set the start and end time of the metrics manually. You also have the option of exporting the view using the corresponding button; here you can choose between the results of your current search or selected entries.

Custom Metrics

Create new custom metrics under Plugins by assigning them to a host. You can obtain the results for your host here.

Software

Here you will find an overview of your installed software.

Enginsight checks the installed software every 60 minutes by default. To manually update the software inventory, click on the Update button.

Use the following alerts to monitor your software:

  • Installed/Uninstalled Software Notification when software is installed or uninstalled.

  • Software is installed Notification when a specific software is installed on a host. Tags can be used to check all hosts or specific groups.

  • Software is not installed Notification if a certain software is not installed on a host. Tags make it possible to check all hosts or specific groups.

Services

Under Services, you will find an overview of all running and stopped services of your server or client as well as further details. You can start, restart and stop the services directly from the platform using the respective buttons in the top right-hand corner of the screen. You can also export lists here and easily create proof of compliance.

A service is a program that is started automatically when the computer is started and runs in the background without the user interacting with it. It waits to do its job and usually does not have a graphical user interface. Many services are supplied by the operating system to ensure the basic functions of the computer. Services can also be installed later, e.g. when new software is installed.

Alerts for services

Alerts can be set for services in order to be notified when a service is running or not running. The “System-relevant service is not executed” alert can be used to activate a common alarm for all system-relevant services.

If a service produces false alarms, you can add it to the exception list so that it is ignored by the monitoring in future.

Extended service monitorin

By default, the Enginsight Pulsar agent only monitors automatically started services on the hosts, as this is sufficient for the vast majority of cases. If you want to monitor all services with Enginsight, activate the Extended service monitoring option in the advanced settings of the host.

Processes

Here you will find a list of all processes running on your system, including CPU and RAM utilization, any sub-processes, the user name and the process ID. This also makes it possible to create alerts involving specific processes. For example, a warning by e-mail if a certain process is no longer available on your host. You can also use the quick alert button for this. It is also possible to close processes directly from the platform (KILL).

Connections

Under Connections, you will find an overview of the open ports on your servers and clients. This overview enables you to identify potential security risks, such as unwanted open connections or gateways for attacks.

As a general rule, the more ports are open, the more vulnerable the system is to hacker attacks, as the software behind the port can potentially have security vulnerabilities. For this reason, the number of open ports should be kept to the necessary minimum (especially for servers).

By marking a connection as system-relevant, you document that the open port is correct. You will then no longer receive a warning in the menu. As a rule, Enginsight automatically detects which service is involved. The information is used to scan for cyberattacks in a targeted and resource-saving manner with the intrusion detection system. If automatic detection of a service is not possible, you can add the service manually. This allows you to optimize the performance of the IDS.

Please note that automatic blocking via the autopilot when using a reverse proxy only works correctly if the correct service has been recognized or selected for the service/services behind the reverse proxy. This may be particularly necessary when using non-standard ports, e.g. for HTTP.

Add alerts

With the New open port alarm, you can be alerted when a new port is opened. We recommend activating the alarm via tag on all your monitored servers.

If a service produces false alerts, you can add it to the exception list so that it is ignored by the monitoring in future.

Jobs

Here you will find a history of all scripts executed on your host. If, for example, you have executed a script on some hosts yourself or the Pulsar has executed scripts, you will find a corresponding entry here. The entry also contains a log file with the standard output (stdout) and the error output (stderr), if any occurred.

Vulnerability Management

Vulnerability Management is a powerful tool that helps you quickly identify and fix vulnerabilities. It provides a detailed overview of vulnerabilities, including severity and CVSS scores, so you know immediately which gaps are critical.

Vulnerabilities

Get an overview of existing vulnerabilities. At the top of the entry you will find a classification of the severity. You will also find the official CVSS score (Common Vulnerability Scoring System), dev available CVE (Common Vulnerable Exposure) and, if available, an EPSS score and associated software.

By clicking on a CVE identifier, you can access a current article on the selected vulnerability in our vulnerability database. Export the results of your current search or use the checkboxes to select entries that you would like to export from the platform.

Appease vulnerabilities

Use the multiedit function to appease several entries with just one click. Furthermore, you can select in the overlay whether the specific CVEs are to be selected or all associated CVEs of the following Common Platform Enumeration.

Add Exception

  1. Select one or more vulnerabilities using the checkboxes, then click on Suppress in the upper right corner. You will then be able to choose Add Exception. The overlay will open:

  2. Select the category Add Exception.

  3. Optionally, enter a Comment which will be appended to all selected vulnerabilities matching the type.

  4. Under Scope, General Exception is selected by default.

  5. Confirm your entry by clicking on Suppress.

Suppress

  1. Mark individual vulnerabilities and click on Suppress in the upper right corner. The following overlay will open:

  2. Optionally, enter a Comment which will be appended to the selected vulnerabilities.

  3. Choose the category Specific CVEs. Below you will find all previously selected CVEs listed.

  4. Confirm your entry by clicking on Suppress.

Update Manager

Under Updates, you will find a list of updates that can be installed with Enginsight. Select the desired updates and patch your software by clicking on Install updates.

Each update action provides valid feedback, which helps to reduce the risk score, as the update is triggered regardless of whether the host is online or offline at that moment.

You can be informed about new available updates with the New updates available alert.

You can find more information about updates with Enginsight under Update Manager.

Please also note the option of AutoUpdates with Enginsight.

Update History

Here you will find a list of all update histories, regardless of whether an update is pending, is currently being carried out or has already been completed. You can see all of this in this overview.

Compliance

The Compliance section summarizes all automatic and organizational system hardening relating to the host and provides you with a detailed overview of the current status of your host.

Automatic Systemhardening

The entries include information about the severity and status of your checks, as well as affected checklists and the risk value. Use the free text search and the filter function to quickly find entries from the list.

To apply entries directly, select one or more directly from the list and click Apply. The following window will then open, in which all selected controls will be listed. Then click on Apply to activate them for your host.

Organizational System Hardening

Here you will find all organizational system hardening affecting the host, including the severity level, the relevant control and the status of your checks, as well as responsibilities, information on auditing and the risk value. Use the free text search and the filter function to quickly find entries from the list. You can find detailed instructions on how to create checklists and controls here.

To audit one or more entries at the same time, click on the corresponding button. The following window will then open, in which you can add a comment and store external references. Below this you will find a collection of all affected controls. Check the box if the control has been fulfilled and decide whether this should be applied to all affected hosts.

Intrusion Detection System

The Intrusion Detection System (IDS) is an indispensable tool for security monitoring that automatically detects network anomalies and immediately sounds the alarm.

Netzwerkanomalien

Under Network anomalies you will find the analysis results of the Intrusion Detection System. Search for specific entries by defining the desired time period. The free text search also allows you to find entries quickly. Treat risks directly from the view or use the export function to pull results from the platform.

You can use the Suspicious network traffic alert to be informed about attack scenarios. The dynamic blocking of the Shield module allows you to block network attacks.

File Integrity Monitoring

FIM (File Integrity Monitoring) is a security solution that monitors changes to files and system configurations to help you detect tampering or unauthorized changes. It helps you to identify suspicious activities at an early stage and prevent security incidents.

In order for FIM to record logs on your host, it is essential that you enable the File Integrity Monitoring function in the host settings, otherwise this view will remain empty.

Dateioperationen

Here you will find all the logs recorded by File Integrity Monitoring that relate to this host. Change the time of your view to search for specific entries and use the overview to maintain a constant overview of your integrity.

Advanced Persistent Threats

Advanced Persistent Threats (APTs) are targeted, long-lasting attacks that traditional security solutions often fail to detect.The host-based detection view allows you to perform a deep analysis directly on the host and brings all suspicious findings together in one place.

Detections

Here you will find a list of all findings on your host relating to Advanced Persistent Threats.The upper diagram gives you information about the accumulation of findings over time, while below you will find a list of all specific entries.

Furthermore, clicking on an entry takes you to the threat view, where you can check all the details of the detected anomaly in detail.

Add Whitelist

You have the option of whitelisting a detection directly from the view. To do this, click on the corresponding button behind the entry, whereupon a window opens. Enter a name and a short description for the whitelist, define the assigned host(s) and then add file paths. Save your configuration by adding the whitelist.

Last updated

Was this helpful?