Host details
Last updated
Was this helpful?
Last updated
Was this helpful?
Here you get an overview of the most important key data and analysis results of your host. Among other things, you will find concrete recommendations for action and the rating on security vulnerabilities, updates, network activities and configurations (A++, A+, A, B, C, F).
Use the sidebar on the left to access the detailed views of the respective analyses.
Here you get system information that the mainboard provides. The information serves you for a better identification of the host, for example via the model designation or the serial number of the mainboard.
Here you will find the classic monitoring curves about CPU, RAM, SWAP, network, hard disk usage and performance. For each host, the number of hard disks is automatically determined and then a separate diagram for utilization and performance is created for each hard disk.
You can manually set the start and end time of the metrics. You can also switch to live mode.
For each metric you will receive a Quick Alarm button. This allows you to create an alarm for each metric with just a few clicks.
In this overview you can see all user-defined metrics you have created.
Here you will find an inventory of your software with the software name, version and source of the software. Such an inventory can be helpful e.g. for software license management or for the creation of a procedure directory according to DSGVO.
Normally Enginsight checks the installed software every 60 minutes. If you want to manually update your software inventory, simply click the "Manual refresh" button.
You can switch the following alarms to software:
Installed/uninstalled software Receive notification when software is installed/uninstalled.
Software is installed Receive a notification when the software is installed.
Software is not installed Receive a notification when a software is not installed.
Autostarts provides you an overview of software that is automatically started when your host reboots.
You can delete Autostarts directly from our platform. Just click on the trashcan icon behind the entry.
New autostarts, especially for servers, should always be checked for their necessity and legitimacy. The "New Autostart" alert can therefore be used to notify you if an autostart is added. It is best to switch the alert via tag to all your monitored servers.
Services provides you an overview of all running and stopped services of your server or client and their starttype. You can start, restart and stop the services directly from the platform.
Not every service that is stopped can be classified as problematic. Therefore, you can manually define which services are system relevant. By default, all services are assumed to be system relevant and a corresponding warning is displayed in the sidebar and the host overview when they are stopped. However, if you deselect the system relevant option, no warning is displayed if the service is stopped.
Connections provides you an overview of the open ports of your servers and clients that have the status LISTEN. You should check these regularly to detect potential hacker gateways or unwanted open connections. You will get information about the status, the local address (LADDR), the destination address (RADDR) and the process name of the open ports.
By marking a connection as system relevant, you document that the open port is ok. You will then no longer receive a warning in the menu.
Enginsight automatically detects which service is involved. The information is used to scan for cyberattacks with the Intrusion Detection System in a focused and resource-efficient way.
If automatic detection of a service is not possible, you can add the service manually. In this way, the performance of the IDS can be optimized.
Please note that automatic blocking via the autopilot when using a reverse proxy only works correctly if the correct service has been recognized or selected for the service/services behind the reverse proxy. This may be particularly necessary when using non-standard ports, e.g. for HTTP.
Alerts can also be switched to services. You can be notified if a service is running or not running. With the alarm "System relevant service is not executed" you can switch a common alert to all system relevant services.
By default, the Enginsight Pulsar Agent only monitors automatically started services on the hosts, as this is sufficient for most cases. If you want to monitor all services with Enginsight, enable the "Extended service monitoring" option in the host's advanced settings.
With the alert "New open port" you can be alerted when a new port is opened. We recommend to set the alarm via tag to all your monitored servers.
Here you will find a list of all processes running on your system (including process ID), the process name, any sub-processes and the user. It is also possible to create alerts that involve specific processes. For example an email alert when a certain process is no longer available on your host. You can also use the Quick-Alarm button for this. It is also possible to close processes directly from the platform (KILL).
Vulnerabilities provides you the results of our CVE scanner (vulnerability scanner).
For each vulnerability you get the CVE score and the ID of the vulnerability. Each CVE has a link to a source where you can get in-depth information about the vulnerability, for example the National Vulnerability Database of the National Institute of Standards and Technology (NIST).
We also provide information on access and impact.
Get an overview of hardenings. Here you can quickly find out which hardenings could be imported automatically and which require a manual update.
Here you get a checklist about the configurations of your host. Incorrectly set configurations can be a gateway for hackers. Checking and correcting them should therefore be a central part of any IT security strategy.
Enginsight already provides configuration guidelines for the following operating systems:
Microsoft Windows Server 2008, 2012, 2016, 2019
Microsoft Windows 10
Chanonical Ubuntu 16
Red Hat Enterprise Linux 6, 7
SUSE Linux Enterprise Server 12
For each configuration you will receive a description as well as a check and fix text. Click on "Configuration details". For some configurations, Enginsight supports an automatic conversion directly from the platform, just click on "AUTOFIX". To fix the configuration manually, click on "MANUALLY REMOVE", add a comment and confirm your fix. An overview of the fixed configurations can be found under the tab "Fixed configurations".
Here you get an overview of all detected system events of the individual host. These are for example failed or successful login attempts.
In Network Anomalies, you can find the analysis results of the individual host's network traffic. Use the search bar to filter the results by category, continent and risk level. You can also limit the selection to a specific time period.
Click on an attack to get to the detailed view.
A list of the updates that can be installed with Enginsight can be found in the Updates section. Select the desired updates and patch your software by clicking on "Update Packages".
You can be informed about new available updates with the alarm "New updates available". Just use the Quick-Alarm-Button.
Here you will find the profiles of the metrics you monitor with the Machine Learning module.
Make your personal configurations under Settings.
General Settings
Assign an alias and description to make it easier to associate the host.
Network recording
To use Enginsight's Intrusion Detection System (IDS), you must enable network logging and specify which attacks to detect.
If you like or if compliance regulations require it, you can anonymize the attackers' IP addresses, which are determined during detection.
Advanced settings
In the advanced settings you will find the following settings:
Customize API URL: Define the API URL to which the agent should send its results. An adjustment may be necessary if the API URL changes. This may be the case, for example, when configuration changes are made to on-premises instances.
Advanced software monitoring: Let scan files to detect more software. This allows you to inventory even those software that are not installed with a regular installer. These can be programs embedded in other applications or portable apps, for example.
Responsibilities
Location
For documentation purposes, you can define the host location (country, city, street, building, floor, room, abbreviation, hoster).
Exception lists
Specific software used on a host may trigger unwanted effects or require different configurations due to its behavior on the system. Exception lists help you to eliminate the side effects, especially to reduce false alerts.
Wildcards help you to define the items to exclude more easily. Just abbreviate your entries with a *_, for example systemd* _ .
Disks: To exclude disks from monitoring (i.e. suppress all alerts for this disk), enter the disks to be ignored here.
Autoupdate
Enable automatic system updates to have Enginsight automatically apply current software versions to the host.
You can limit the automated updates to security-related updates. Feature updates will then not be applied automatically.
Some updates require a reboot to complete the installation. Select the "Restart the system after the update" option to trigger an automatic restart by Enginsight after applying updates that require a restart.
Be careful and check thoroughly whether an automatic restart is possible without negative consequences on the system before enabling the "Restart the system after the update" option.
You use a cron expression to specify when and how often the automated system updates should be performed.
Tray Icon
Activate the tray icon to keep an eye on the perfect functionality of Enginsight at all times. Check the appropriate boxes to activate the tray icon and display notifications as required.
Enginsight's analysis results can also be output as a PDF report. Simply click on 'Create Report' to get an up-to-date overview of your host.
A host report includes:
Metrics and custom metrics
Configurations
CVEs / Vulnerabilities
Network activities
Updates
Here you will find a history of all scripts executed on your host. For example, if the Enginsight Pulsar Agent on your system has been updated or if you have executed a script on some hosts yourself, you will find a corresponding entry here. The entry also contains a log file with the standard output (stdout) and the error output (stderr), if occurred.
A list of alarms triggered by the individual host is available here. The issue overview across all assets is available at .
With the help of Custom Metrics, you can monitor any data of your host, which can be displayed in a time history. This can be data from a SQL database, backups, software license metrics, the number of currently logged in users, the duration of individual requests, sensor data, etc. Of course, can be created for all user-defined metrics, if desired also via Quick Alarm Button. You can also set the start and end time of the metrics manually.
To create a custom metric, all you have to do is create a that reads the data on the corresponding host. Just go to the Plugins item under Hosts. When you create the plugin, you can already select a template for a custom metric.
Afterwards you can define a cronjob for the plugin on the host to collect the data regularly. You can read more about plugins .
You also want to inventory software that has not been installed with a regular installer? Enable Advanced Software Monitoring in the of the individual host or via the .
If a service produces false alerts, you can put it on the so that it will be ignored by monitoring in the future.
If a service produces false alarms, you can put it on the so that it will be ignored by monitoring in the future.
See Actions for help on how to get to the latest version of the software affected by the CVE. For Windows systems, the corresponding update is linked here for Windows-specific security updates. If there is a cumulative update, you can install it directly from the platform. For third-party software, you will find a link to download the current version on the manufacturer's website. For Linux systems, both the native updates and third-party software can be patched directly from the platform. For more information about the update function within the Enginsight platform, please click .
You can also create your own policies and assign them to your hosts using lists. You can find all information about this .
For more information about the System Events feature and the overview of events on all monitored hosts please click .
An overview of the analysis results of all monitored hosts is also available. All information about this and further explanations of the network anomalies feature can be found
More information about updates with Enginsight can be found .
Notice the possibility of with Enginsight.
you will learn how to set up monitoring.
To effectively edit the settings of multiple hosts, you can use the .
Use to group your hosts. For example, you can use tags for and the .
Use to manage multiple host settings more easily.
Extended service monitoring: Activate this option to monitor all and not only those that are started automatically, contrary to the default setting.
Shield: Specify whether the module is allowed to restrict network traffic and block connections.
Run custom plug-ins: Specify whether custom are allowed to run on the host.
Recording of security relevant events: Specify whether the Pulsar Agent is allowed to access logs. Enable the option to use .
Use to manage multiple host settings more easily.
Assign responsibilities. The technical responsible receives a notification when an alert is triggered to the corresponding host if the "" option is active. You can also set .
AutoUpdate: Specify software that should not be updated automatically, i.e. ignored by .
Services: Define that should not be included in alerts and actions. The option is significant should a service trigger false alerts on the "System relevant service is not running" alert.
Connections: Certain software permanently opens and closes new ports. This behavior causes false alerts if you have enabled the New Open Port alert on the host. Enter the process name in the exception list to exclude the corresponding software. You can obtain the process name under .
You can use an to exclude updates from automatic updating.
Use to manage multiple host settings more easily.
