Start Guide

Follow our best practice guide to configure Enginsight from scratch in no time.

The starting point is a freshly installed on-premises instance or a newly created SaaS account. After successfully installing the onPrem or account setup in SaaS, follow the steps below.

0 - ToDo`s after onPrem installation

1 - Install and set up first hosts

Install hosts quickly and easily using the provided scripts under the menu item Hosts.

2 - Set up penetration testing

3 - Set up website scan

4 - Inventory of the network segments

5 - Set up alerts

Advanced themes

Once you have become more familiar with Enginsight, we recommend that you turn your attention to the following topics.

Define additional policies

  • Enable Shield (IPS) for the hosts on which you want to block suspicious network activity. We recommend using an appropriate tag here as well. Then use the Autopilot in the Shield menu to create a dynamic rule. Here we recommend the blocking level 2.

  • Activate the extended software monitoring. This will inventory any software, even if it was not installed with a regular installer.

  • Automate updates. We recommend that you automate the installation of security-relevant updates in particular.

  • Enable plugins. The plugins system is very powerful and allows you to run self-defined plugins on a regular basis or in the course of defined alerts.

Extend Pentest Templates

  • Use your own password lists, for example, to test the network for outdated local user accounts.

  • With the help of the auth providers, you extend the blackbox scan to a greybox scan. This increases the quality of the vulnerability scan results in particular.

  • The supreme discipline is the creation of individual test scripts. This is especially useful if you want to test a specific application individually.

Specific observer settings

  • Your observers can act as "dedicated" observers. In this way, one observer can be used by multiple clients.

  • In addition, an observer can be explicitly configured to monitor internal targets, i.e. targets within its private network area.

More alerts

  • In the Windows environment, group policy changes and unauthorized object access should be monitored. These scenarios require additional configuration in the log behavior of the servers.

  • The Installed/Unistalled Software alert allows you to monitor any changes to a host's software status.

  • Use the "Blocked networdk attack" alert to be alerted directly about a successful block.

  • Use the two alert scenarios "New open port" for servers and websites.

  • Be alerted about changes in DNS entries at websites.

This guide is intended to give you a short and quick introduction to the Enginsight platform. You should now be able to basically find your way around and have a good overview of Enginsight's line capabilities.

Last updated

Was this helpful?