Start Guide
Follow our best practice guide to configure Enginsight from scratch in no time.
Last updated
Was this helpful?
Follow our best practice guide to configure Enginsight from scratch in no time.
Last updated
Was this helpful?
The starting point is a freshly installed on-premises instance or a newly created SaaS account. After successfully installing the onPrem or account setup in SaaS, follow the steps below.
hosts quickly and easily using the provided scripts under the menu item Hosts.
It is possible to roll out the Pulsar agent via Windows .
Best practice recommendation for first tags:
Assign the tag IDS and the tag IPS. Other tags could result from your company structure, such as department tags (HR, Controlling, etc.) or location tags.
Best practice recommendation for the first two policies: It is best to create a separate policy for each feature, start with a policy on the "Server" tag and enable system event monitoring.
Create another policy on the tag "IDS" and enable network monitoring with IDS level 2.
Best practice recommendation for two configuration options: Leave Hacktor on the default configuration for a quick initial scan and to show the top finds. For a deep scan, change the scan frequency to "Low" and extend the port range to: 1-65535. Attention, depending on the number of IP addresses to be scanned, this scan may take several days.
Best practice recommendation for target systems
Enter the subnet mask of the network segment to be scanned as the target systems, e.g.: 192.168.70.0/24. Create a new target system for each network segment and name it according to its purpose, e.g.: management network, server network, client network, etc.
Keep in mind that Hacktor must be able to reach the IP addresses to be scanned. Therefore you have the possibility to install several Hacktors in different network segments.
Best practice recommendation for the initial submission:
Specify the target system to scan and the hacktor that should perform the scan. Otherwise, you can leave the default for now.
If necessary, exclude printers if you already know that they are obsolete or have not been configured, as otherwise unexpected behavior may occur.
Best Practice Recommendation:
You can also use the recurring execution via the templates to start a test once at night, for example. This is worthwhile, for example, in productive critical environments.
Best Practice Recommendation:
Enable all modules of the Observer.
Best Practice Recommendation: Enter as URL something like: https://yourdomain.com. Select the appropriate region and leave the scan areas in the default.
Best Practice Recommendation:
Add your network segments by entering the CIRD and assign meaningful names such as server network, management network, etc.
Activate the permanent monitoring to start the inventory.
Best practice recommendation for first alerts:
New vulnerabilities (CVSS score) as of level 7
Suspicious network traffic as of limit "HIGH"
Failed login attemt
New admin account created
Website not available
Endpoint rating got worse
Days until certificate expires
Once you have become more familiar with Enginsight, we recommend that you turn your attention to the following topics.
In addition, an observer can be explicitly configured to monitor internal targets, i.e. targets within its private network area.
The Installed/Unistalled Software alert allows you to monitor any changes to a host's software status.
Use the "Blocked networdk attack" alert to be alerted directly about a successful block.
Use the two alert scenarios "New open port" for servers and websites.
Be alerted about changes in DNS entries at websites.
This guide is intended to give you a short and quick introduction to the Enginsight platform. You should now be able to basically find your way around and have a good overview of Enginsight's line capabilities.
Hacktor After you have successfully installed the first Hacktor, the configuration is crucial for the duration of the scan and the quality of the results.
Define Best practice recommendation for target systems.
Create audit Based on a template, you determine which target systems should be scanned by which hack gate.
Start Using the templates page, you can now start a pentest at any time based on the template. Additionally, it is worthwhile to run the tests automatically on a regular basis
Configure Set the observer region. The region should reflect the location of the Observe, e.g. if the Observer is on the internal network, the name could be "internal".
Set up the first When entering the URL, pay attention to whether you want to scan the http or https URL. If in doubt, you should always specify the URL with https.
Configure After you have installed Watchdog, you can use it to inventory network segments, monitor for new subscribers, or implement ping, port, or SNMP monitoring.
Define the first .
Enable (IPS) for the hosts on which you want to block suspicious network activity. We recommend using an appropriate tag here as well. Then use the Autopilot in the Shield menu to create a . Here we recommend the blocking level 2.
Activate the . This will inventory any software, even if it was not installed with a regular installer.
Automate . We recommend that you automate the installation of security-relevant updates in particular.
Enable . The plugins system is very powerful and allows you to run self-defined plugins on a regular basis or in the course of defined alerts.
Use your , for example, to test the network for outdated local user accounts.
With the help of the , you extend the blackbox scan to a greybox scan. This increases the quality of the vulnerability scan results in particular.
The supreme discipline is the creation of . This is especially useful if you want to test a specific application individually.
Your observers can act as "" observers. In this way, one observer can be used by multiple clients.
In the Windows environment, group policy changes and unauthorized should be monitored. These scenarios require additional configuration in the log behavior of the servers.