9/8/2023 0 Comments Trend micro deep security![]() Some Integrity Monitoring rules written by Trend Micro require local configuration to function properly. This will display a window showing all available Integrity Monitoring Rules, from which you can select or deselect rules. To add or remove Integrity Monitoring Rules, click Assign/Unassign. The "Assigned Integrity Monitoring Rules" section displays the rules that are in effect for this policy or computer. In the Computer or Policy editor, go to Integrity Monitoring > General. Apply the Integrity Monitoring rulesĪs described above, when you run a Recommendation scan, you can have Deep Security implement the recommended rules automatically. On the Options tab, clear the Allow Real Time Monitoring checkbox. Go to Policies > Common Objects > Rules > Integrity Monitoring Rules and double-click the rule. If you have enabled real-time integrity monitoring scans and find that some recommended rules produce too many events because they are monitoring directories that change frequently, you can disable real-time scanning for those rules. Pay extra attention to rules that monitor frequently-changed properties such as process IDs and source port numbers because they can be noisy and may need some tuning. The best practice is to decide what is critical and should be monitored, then create custom rules or tune the predefined rules. Recommended Integrity Monitoring rules may result in too many monitored entities and attributes. You can optionally specify that Deep Security should implement the rule recommendations that it finds. In the Recommendations section, click Scan for Recommendations. To do this, open the Computer editor and go to Integrity Monitoring > General. Run a Recommendation scan on the computer to get recommendations about which rules would be appropriate. Set the Configuration to "On" or "Inherited (On)" and then click Save. To do this, open the Policy or Computer editor and go to Integrity Monitoring > General. You can enable Integrity Monitoring in the settings for a computer or in policies. The following is a typical procedure for enabling Integrity Monitoring: Turn on Integrity Monitoring ![]() Integrity Monitoring scan performance settings. ![]() When Integrity Monitoring scans are performed.Once you've enabled Integrity Monitoring, you can also learn more about: You can enable Integrity Monitoring in policies or at the computer level. Integrity Monitoring detects changes made to the system, but will not prevent or undo the changes. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |