Scribd Logo
Upload

Welcome to Scribd!

  • MXs Managed by SOM 20

    Uploaded by

    vijay konduru
    20 views16 pages
    This document provides a user guide for SecureSphere's Database Activity Monitoring product version 14.7. It describes how to manage multiple MX servers using the Security Operations Manager (SOM), including registering MXs with SOM, applying shared policies and reports, and deploying MXs behind a network address translator. The document also provides instructions for setting up secure communication between SOM and MXs using SSL certificate authentication.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a user guide for SecureSphere's Database Activity Monitoring product version 14.7. It describes how to manage multiple MX servers using the Security Operations Manager (SOM), including registering MXs with SOM, applying shared policies and reports, and deploying MXs behind a network address translator. The document also provides instructions for setting up secure communication between SOM and MXs using SSL certificate authentication.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views16 pages

    MXs Managed by SOM 20

    Uploaded by

    vijay konduru
    This document provides a user guide for SecureSphere's Database Activity Monitoring product version 14.7. It describes how to manage multiple MX servers using the Security Operations Manager (SOM), including registering MXs with SOM, applying shared policies and reports, and deploying MXs behind a network address translator. The document also provides instructions for setting up secure communication between SOM and MXs using SSL certificate authentication.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    v14.

    7 Database Activity Monitoring User Guide

    v14.7 Database Activity Monitoring User


    Guide

    v14.7 Database Activity Monitoring User Guide 1


    Contents

    Contents
    MXs Managed by SOM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
    Working with SOM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
    Registering MXs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
    Setting Up SSL with Certificate Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
    Setting Up SSL with Certificate Authentication on SOM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
    Setting Up SSL with Certificate Authentication on MX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
    SSL Certificate Expiration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
    Removing MXs from SOM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
    Deploying MX and SOM Behind a NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
    Understanding MX Deployment Behind a NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

    v14.7 Database Activity Monitoring User Guide


    v14.7 Database Activity Monitoring User Guide

    MXs Managed by SOM


    SecureSphere Security Operations Manager (SOM) is a multi-domain management solution that dramatically
    improves the operational efficiency of managing SecureSphere deployments with multiple MX Management Servers.

    This section presents how to work with SOM and it contains the following sections:

    • Working with SOM


    • Registering MXs
    • Deploying MX and SOM Behind a NAT

    v14.7 Database Activity Monitoring User Guide 3


    v14.7 Database Activity Monitoring User Guide

    Working with SOM


    SOM consolidates the management, visibility and reporting across multiple SecureSphere MX Management Servers,
    and provides system wide health metrics and statistics. Various objects can be configured on SOM and then
    downloaded to all the MXs registered to that SOM. Once the object was downloaded to MX, it is presented on MX as
    SOM object and it is locked for editing in most of cases.

    You can apply the following objects defined on SOM: policies, action sets, reports, global objects and signatures.
    Objects downloaded from SOM are displayed in the MX GUI with the special icon which indicates that this object was
    defined on SOM and only limited changes are allowed.

    Policies defined on SOM are applied to MXs using the following two flows:

    • Mandatory: Enables sending the policies defined on SOM to MX and running them immediately on all the server
    groups/services/applications. In this flow policies downloaded from SOM cannot be unapplied.
    • Optional: Enables sending the policies defined on SOM to MX and keeping them there without applying them,
    or applying them only to a part of the services there. Once the policy is on MX, you can decide if you want this
    policy to run now or later.

    Scheduling for reports and audit policies can be defined on SOM and downloaded to MXs or defined locally on each
    MX.

    For more information about working with SOM, refer to the SOM User Guide.

    v14.7 Database Activity Monitoring User Guide 4


    v14.7 Database Activity Monitoring User Guide

    Registering MXs
    In order to allow SOM to manage an MX, you need to register that MX on SOM.

    Note: You can only register Mxs to SOM with SSL certificate via port 8084.

    All the MXs that have been registered on that SOM are presented in the Registered MXs table.

    Registered MXs

    Registered MXs
    Description
    Parameters

    Name Read only MX name.

    SOM to MX communication status.

    The following options are available:


    Status
    • Running: The MX is registered on SOM and it is up and running.
    • Disconnected: The MX is registered on SOM and it is down.
    • Not Registered: The MX is not registered on SOM.

    SOM to MX synchronization status.

    The following options are available:

    • Synchronized: MX successfully received all the data from SOM, so the


    configuration on MX is fully synchronized with SOM.
    Synchronization Status
    • Synchronizing: MX is a process of receiving full configuration update from
    SOM.
    • Not Synchronized: There was an attempt to send a configuration update from
    SOM to MX and MX could not receive it.
    • Permanently Not Synchronized: After 10 unsuccessful attempts to send the
    configuration to MX, SOM stops trying.

    v14.7 Database Activity Monitoring User Guide 5


    v14.7 Database Activity Monitoring User Guide

    Registered MXs
    Description
    Parameters

    Version MX version number.

    License The product licenses that are installed on MX.

    Last Update Time When was the last time that MX responded to status check.

    v14.7 Database Activity Monitoring User Guide 6


    v14.7 Database Activity Monitoring User Guide

    Setting Up SSL with Certificate Authentication

    Using SSL with Certificate provides authentication and data encryption. This method is recommended when SOM and
    MX are located in different local networks and sensitive data is sent.

    In order to establish the communication between SOM and MX with authentication and encryption, SOM and MX must
    present certificates to each other. You need to import or generate a SOM certificate before registering a new MX. Once
    the certificate is ready, you need to export it in order to send it to MX.

    Using SSL with Certificate Task Overview

      Action Description For more information, see...

    On SOM: Generate a SOM Generate a SOM certificate that will Setting Up SSL with Certificate
    1
    certificate be used to communicate with MXs. Authentication on MX

    Export the new certificate into a


    On SOM: Export the new SOM Setting Up SSL with Certificate
    2 file that will be used on MX and
    certificate Authentication on MX
    copy this file to the MX machine.

    See the procedure To define the


    The port 8084 is usually used for
    On MX: Set the Communication communication port on MX in
    3 SSL with Certificate
    Port Setting Up SSL with Certificate
    communication option.
    Authentication on SOM

    See the procedure To generate an


    Generate an MX certificate that will
    MX certificate in Setting Up SSL
    4 On MX: Generate an MX certificate be used to communicate with
    with Certificate Authentication on
    SOM.
    MX

    Export the new certificate into a See the procedure To export MX


    On MX: Export the new MX
    5 file that will be used on SOM and certificate Setting Up SSL with
    certificate
    copy this file to the SOM machine. Certificate Authentication on SOM

    See the procedure To upload SOM


    On MX: Upload the SOM certificate certificate to MX in Setting Up SSL
    6 Upload the SOM certificate to MX.
    to MX with Certificate Authentication on
    SOM

    v14.7 Database Activity Monitoring User Guide 7


    v14.7 Database Activity Monitoring User Guide

      Action Description For more information, see...

    See the procedure To upload MX


    Optional - On SOM: Upload the MX
    7 Upload the MX certificate to SOM. certificate Setting Up SSL with
    certificate to SOM
    Certificate Authentication on MX

    Register a new MX on SOM and See the procedure To register a


    during the registration process new MX with SSL certificate in
    8 On SOM: Register a new MX
    select the SSL with Certificate Setting Up SSL with Certificate
    option. Authentication on MX

    v14.7 Database Activity Monitoring User Guide 8


    v14.7 Database Activity Monitoring User Guide

    Setting Up SSL with Certificate Authentication on SOM

    To generate a SOM certificate:

    1. In the Main workspace, select Setup > Settings. Select SOM to MX Communication Settings. The SOM to MX
    Communication Settings pane appears.
    2. In the SOM Certificate details section, click Replace Certificate. The Generate New SOM Certificate dialog
    box appears.
    3. Click on Click Here, the Upload Certificate dialog box appears.
    4. If you have a valid certificate in the PFX format, do one of the following:
    ◦ Click Browse next to the PFX file box and type the password.
    ◦ If a certificate has been previously installed on the machine and you want to overwrite it, click Overwrite
    Existing Certificate.
    ◦ Click Upload. The Upload dialog box appears with the status bar that presents the progress of the upload.
    5. If you do not have a valid certificate, in the Generate New SOM Certificate dialog box, set the period of time in
    which the certificate is valid using the From/To options. The default for From is today. The default for To is a
    year from today.
    6. Click Generate. The Generate Certificate status bar appears, presenting the progress of the certificate
    generation.

    To export SOM certificate:

    1. In the Main workspace, select Setup > Settings. Select SOM to MX Communication Settings. The SOM to MX
    Communication Settings pane appears.
    2. In the SOM Certificate details section, click Export Certificate. The Export Certificate dialog box appears
    presenting the export status bar.
    3. Once the export process is completed, click Download Certificate to open/save the certificate file. Depending
    on your browser settings, the certificate is downloaded either to a predefined folder or to the folder that you
    specify.
    4. Send the file to the MX machine using your preferred file transfer method (use a thumb drive, shared drive or
    network file copy).

    To upload MX certificate:

    1. In the Main workspace, select Setup > Settings. Select SOM to MX Communication Settings. The SOM to MX
    Communication Settings pane appears.
    2. In the SOM Certificates table, click Create New. The Upload Trusted Certificates dialog box appears.
    3. In the Upload Trusted Certificates dialog box, click Browse and select the file to upload.
    4. If you want the new certificate to overwrite an existing one, select Overwrite Existing Certificate.
    5. Click Upload. The uploaded MX certificate appears in the SOM Certificates table.

    To register a new MX with SSL certificate:

    1. In the Main workspace, click Setup > Registered MXs. The Registered MXs window appears.
    2. In the Registered MXs window, click Add. The Add New MX dialog box appears.
    3. In the Add New MX dialog box, type the name of the MX that you want to add and click Create. The Add New
    MX dialog box closes and the MX details pane displays the name of the new MX.
    4. In the MX details pane, set the following general settings:

    v14.7 Database Activity Monitoring User Guide 9


    v14.7 Database Activity Monitoring User Guide

    ◦ Name: The name of the new MX as you want it to appear on SOM and on MX.
    ◦ Host Name/IP Address: The host name or the IP address of the new MX.
    ◦ Username: MX’s admin username that is used to enter SecureSphere GUI.
    ◦ Password/Verify Password: MX’s admin password that is used to enter SecureSphere GUI.
    5. Define the following Communication Settings, as described in the table below.
    6. Define the following Drilldown Settings:
    ◦ Drilldown Security Options: Enables navigating into the MX with the following methods:
    • Use SSL: Browsing MX using HTTPS.
    • Do not Use SSL: Browsing MX using HTTP.
    ◦ Drilldown Port:The port that is used by SOM to navigate to MX.
    7. To save your setting at any configuration stage, click Save.
    8. To save your settings and to complete the first time registration, click Save & Register. The new MX appears in
    the Registered MXs table.
    9. To save any changes that are performed on a registered MX, click Save.
    10. To verify that the new settings have been applied, click Test Connections.

    Communication Settings

    Setting Description

    Authentication Options: Select SSL with Certificate.

    Enables verifying the host. SOM makes sure that this host is really who it says it is, as
    certificate itself does not prove that.

    SOM verifies the host name of the received certificate by resolving its address using
    Verify MX Host Name: DNS and comparing it to sender's address.

    This option is recommended when you suspect that the MX certificate may be leaked
    to malicious users who may try to use it to establish connection with SOM. In this
    case use this option and ensure that DNS will correctly resolve the address of the MX.

    The port that is used to communicate with the MX.

    Select 8084.

    Communication Port: You can set port numbers that is different from the default value.

    Note: The communication port numbers must be the same on SOM and MX. It is
    needed to set the communication port on MX in Setup>Settings>SOM to MX
    Communication Settings>Communication Port.

    v14.7 Database Activity Monitoring User Guide 10


    v14.7 Database Activity Monitoring User Guide

    Setting Up SSL with Certificate Authentication on MX

    To define the communication port on MX:

    1. In the Main workspace, select Setup > Settings. Select SOM to MX Communication Settings. The SOM to MX
    Communication Settings pane appears.
    2. Set the Communication Port parameter to 8084.

    Note: The communication port numbers must be the same on SOM and MX. 8084 is the
    default port number. You can define a different port number for this authentication
    method on both, SOM and MX. For the instructions on how to use a communication port
    different from 8084 for this authentication method on MX, refer to the Knowledge Base
    or contact Imperva Technical Support.

    To generate an MX certificate:

    1. In the Main workspace, select Setup > Settings. Select SOM to MX Communication Settings. The SOM to MX
    Communication Settings pane appears.
    2. In the MX Certificate details section, click Replace Certificate. The Generate New MX Certificate dialog box
    appears.
    3. Click on Click Here, the Upload Certificate dialog box appears.
    4. If you have a valid certificate in the PFX format, do one of the following:
    ◦ Click Browse next to the PFX file box and type the password.
    ◦ If a certificate has been previously installed on the machine and you want to overwrite it, click Overwrite
    Existing Certificate.
    ◦ Click Upload. The Upload dialog box appears with the status bar that presents the progress of the upload.
    5. If you do not have a valid certificate, in the Generate New MX Certificate dialog box, set the period of time in
    which the certificate is valid using the From/To options. The default for From is today. The default for To is a
    year from today.
    6. Click Generate. The Generate Certificate status bar appears, presenting the progress of the certificate
    generation.

    To export MX certificate:

    1. In the Main workspace, select Setup > Settings. Select SOM to MX Communication Settings. The SOM to MX
    Communication Settings pane appears.
    2. In the MX Certificates Details section, click Export Certificate. The Export Certificate dialog box appears
    presenting the export status bar.
    3. Once the export process is completed, click Download Certificate to open/save the certificate file. Depending
    on your browser settings, the certificate is downloaded either to a predefined folder or to the folder that you
    specify.
    4. Send the file to the SOM machine using your preferred file transfer method (use a thumb drive, shared drive or
    network file copy).

    To upload SOM certificate to MX:

    v14.7 Database Activity Monitoring User Guide 11


    v14.7 Database Activity Monitoring User Guide

    1. In the Main workspace, select Setup > Settings. Select SOM to MX Communication Settings. The SOM to MX
    Communication Settings pane appears.
    2. In the SOM Certificates table, click Create New. The Upload Trusted Certificates dialog box appears.
    3. In the Upload Trusted Certificates dialog box, click Browse and select the file to upload.
    4. If you want the new certificate to overwrite an existing one, select Overwrite Existing Certificate.
    5. Click Upload. The uploaded SOM certificate appears in the SOM Certificates table.

    v14.7 Database Activity Monitoring User Guide 12


    v14.7 Database Activity Monitoring User Guide

    SSL Certificate Expiration

    Certificates are valid for a restricted period of time. SecureSphere provides the following capabilities for dealing with
    certificate expiration:

    • A System Event is generated as the certificate is close to the expiration day. The event is generated on SOM
    when the SOM certificate is about to reach its expiration, and on each MX as its own certificate is close to the
    expiration day.
    • A new certificate may be automatically generated when the existing one expires.

    To define SSL certificate expiration on SOM and on MX:

    1. In the Main workspace, select Setup > Settings. Select SOM to MX Communication Settings. The SOM to MX
    Communication Settings pane appears.
    2. In the SOM to MX Communication Settings pane, set the items in the table SSL Certification Expiration
    Settings below.
    3. Click Save.

    SSL Certification Expiration Settings

    Parameter Description

    Certificate Validity (read-only): Presents the validity that was defined when this certificate was created.

    System Warning Before Certificate Enables to define how many days before the certificate expires a
    Validity Expires (In Days): System Event will be generated

    Enables generating a new certificate automatically once the validity has


    been expired. One day before the validity expires, SOM automatically
    Generate Certificate Automatically When generates a new certificate.
    Certificate Validity Expires:
    The period for which the new certificate is valid is defined in the Auto
    Certificate Validity.

    Enables to define certificate validity for SSL certificates that were


    Auto Certificate Validity:
    automatically generated by SOM.

    v14.7 Database Activity Monitoring User Guide 13


    v14.7 Database Activity Monitoring User Guide

    Removing MXs from SOM

    All the MX registered to SOM appear in the Registered MXs table on SOM. Removing an MX from SOM, simply means
    removing this MX from the Registered MXs table.

    On MX you can see the SOM connection status in the Monitor > Dashboard, as follows:

    • When MX is registered to SOM and they are connected, the SOM Status pane displays: Connected to SOM.
    • When MX is removed from SOM using the Registered MX table option on SOM, the SOM Status pane does not
    appear in the Dashboard on MX.
    • When the communication between SOM and MX is lost, MX users can detatch MX from SOM using the Disconnect
    option that appears in the SOM Status pane in the Dashboard on MX.

    To remove MX from SOM:

    1. On SOM, in the Main workspace, click Setup > Registered MXs. The Registered MXs window appears.
    2. In the Registered MXs table, select the MX that you want to remove and click Remove.

    v14.7 Database Activity Monitoring User Guide 14


    v14.7 Database Activity Monitoring User Guide

    Deploying MX and SOM Behind a NAT


    You can deploy a SOM behind a NAT. The number of MXs that can be registered to the SOM has no particular limitation
    due to the SOM being behind a NAT.

    You can also deploy an MX behind a NAT when the SOM isn't behind a NAT, or there is no SOM. For more information,
    see Understanding MX Deployment Behind a NAT.

    To deploy a SOM behind a NAT:

    1. For more information, seeSSH to the SOM machine;


    2. Open the file /opt/SecureSphere/server/SecureSphere/jakarta-tomcat-secsph/webapps/SecureSphere/
    WEB-INF/properties/common.properties in a text editor.
    3. Set the value of the som.ip.override parameter as the SOM's external IP address.
    4. Run the following command to restart the SOM:

    impctl restart server

    5. Register your MX machines to SOM. For more information, see Registering MXs.

    v14.7 Database Activity Monitoring User Guide 15


    v14.7 Database Activity Monitoring User Guide

    Understanding MX Deployment Behind a NAT

    • When you deploy an MX behind a NAT, you need to expose the following ports for the MX to be visible. These
    ports are:
    • 8083
    • 8084
    • It is recommended that you use a multi-NAT, since a regular NAT exposes only one IP address, and only one MX
    can be behind it. However, a multi-NAT that allows multiple IP addresses enabling you to have many MXs
    behind it.

    v14.7 Database Activity Monitoring User Guide 16

    You might also like