지금 지원 담당자와 채팅
지원 담당자와 채팅

Change Auditor Threat Detection 7.0.3 - Deployment Guide

Join the Threat Detection server to the coordinator's domain

Join the Threat Detection server to the coordinator’s domain
To join the server to the coordinator’s domain:
1
While logged on to the Threat Detection server, open a command prompt.
2
Run ‘cd /opt/quest/bin’ to change the directory to the Quest tools directory.
3
Run 'sudo ./vastool -u < User SamAccountName> join <domain FQDN>' to join the server to the coordinator’s domain.
* 
NOTE: The user must be a domain administrator or have been delegated the following tasks using the Active Directory Delegation Control wizard:
Create, delete, and manage user account.
Join a computer to the domain.
4
When prompted for the “Password for presidio”, enter the integration password.
5
When prompted for the password for the domain, enter the password of the user account specified in step 3.
The Threat Detection server will now be joined to the domain.
6
Run './vastool info domain’ to verify that the server is joined to the domain. The command will return the domain for the Threat Detection server.

Configure the service account

To configure the service account:
1
While logged on to the Threat Detection server with the username ‘presidio’ and the integration password specified during the Threat Detection server configuration open a command prompt.
2
Run ‘cd /opt/quest/sbin’ to change the directory to the Quest sbin tools directory.
3
Run ‘sudo ./setup-mod_auth_vas4’ to create the service account.
You will now be prompted with a series of questions, accept the default answers for the prompts.
4
When prompted for a sufficiently privileged domain account, enter the domain administrator account (SAMAccountName).
5
Accept the default answer to change group of /etc/opt/quest/vas/HTTP.keytab to Apache.
6
Specify any SPN aliases (if required) or Enter to finish.
7
Run ‘sudo service httpd restart’ to restart the httpd service to finish the configuration.
The service account will now be created in Active Directory.
8
Verify that the service account has been created in the Computers container in the same domain as the Threat Detection server. The service account will be a user account with the same name as the Threat Detection server with “HTTP” appended to it.

Creating a Threat Detection configuration

A Threat Detection configuration must be created to view activity, receive alerts, and analyze anomalies on the dashboard.

When a configuration is created, the Threat Detection server is automatically joined to your coordinator's domain and an associated service account is created. This is required to enable single-sign on to the Threat Detection dashboard.

To create a Threat Detection configuration
1
From Change Auditor select Administration Tasks | Configuration | Threat Detection.
2
Enter the Threat Detection server fully qualified domain name and integration password you created when deploying the Threat Detection server.
3
Enter the account used to join the Threat Detection server to your coordinator’s domain. (Use this format for the account: <Domain>\<User Name>.)
* 
NOTE: The user must be a domain administrator or have been delegated the following tasks using the Active Directory Delegation Control wizard:
Create, delete, and manage user account.
Join a computer to the domain.
4
Select how many days of historical events should be sent to Threat Detection server. For information on how to determine the best amount for you, see Historical events and your baseline calculations.
5
Select Apply Changes.

Reviewing configuration status

The status of the Threat Detection configuration is displayed on the configuration page.

To see the Threat Detection configuration status
1
Select Administration Tasks | Configuration | Threat Detection.
2
Click Refresh.
 
Table 4. Available configuration states
State
Description

Configured

The Threat Detection server is properly configured.

Not configured

The Threat Detection server is not configured. See Creating a Threat Detection configuration.

NOTE: If you see this status after removing a configuration and want to configure Threat Detection again, see Removing a configuration for details.

Update is required

An update is required on the Threat Detection server. See Upgrading the Threat Detection server.

License required

A valid Threat Detection license has not been applied.

License expired

The Threat Detection license has expired.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택