Applicable to Entuity v21.0 upwards
To access configuration set functionality
To add and specify a configuration set
To assign servers to a configuration set To assign users and user groups to a configuration set
To manage the Views in a configuration set
To import the config of a server to a configuration set
To release a server from a configuration set
To edit the parameters of a configuration set
Note regarding remote servers configured for external authentication
To manually sync a configuration set
To pause a sync
To check the sync status of a configuration set
To view the sync history of a configuration set
To manage the functionality of a configuration set from the Configuration Set tab
Introduction:
The server configuration set functionality in Entuity enables you to create server configurations from a central server and then push them to remote polling servers as appropriate. It also enables you to keep existing and new remote polling servers up to date with current configurations from the central server.
You can create configuration sets to which you can add servers. A server cannot belong to more than one configuration set.
To access configuration set functionality:
Configuration set functionality is accessible via the Configuration Set tab on the Multi-Server Configuration page (Main Menu > Administration > Multi-Server Configuration > Configuration Set).
To view configuration sets:
The configuration sets that you have added are detailed in the table under the Configuration Set tab on the Multi-Server Configuration page.
The table displays the following details:
Column Name | Description |
---|---|
Name | name of the configuration set. |
Description | description given to this configuration set. |
Create Time | time and date that this configuration set was created. |
Created By | user account that created this configuration set. |
Servers | servers assigned to this set. |
Syncing |
the parameters that are specified to be synced (see To add a configuration set below), including up to all three of the following:
|
Status |
status indicator of the sync of servers on this configuration set, along with a % bar detailing the progress of all servers' synchronization. Click on the progress bar to open a form providing details of the current sync (please see To check the sync status of a configuration set below for further information). Click the status icon to pause/unpause the automatic synchronization of this configuration set. This column is only available when on the central/consolidation server. It is not available from a remote server. |
To add and specify a configuration set:
Adding a configuration set has two stages:
- Create the configuration set via the Add button.
- Specify its parameters via the Assign Servers, Manage Users and Manage Views.
To add a configuration set:
- Navigate to the Configuration Set tab on the Multi-Server Configuration page.
- Click Add at the top of the page (or via the Overflow Menu).
- The Add Configuration Set form will open on the right of the page
- Specify a Name and Description for the configuration set.
- Sync Views - specify whether the servers in this configuration set will be required to have the same Views. If enabled, existing Views on this server will be replaced by the Views specified in the Manage Views option (see below). By default, this is not enabled.
- Sync Users - specify whether the servers in this configuration set will be required to have the same users. If enabled, existing users on this server will be replaced by the users specified in the Manage Users option (see below). By default, this is not enabled. Note, it is not possible to create a config set that contains a user who does not have a specified password.
- Sync User Groups - specify whether the servers in this configuration set will be required to have the same user groups. If enabled, existing users group on this server will be replaced by the user groups specified in the Manage Users option (see below). By default, this is not enabled.
- Sync OS Services - (from Entuity v21.0 P03 upwards) specify whether to sync OS Services details, e.g. service name and service rules. To enable this setting, you must also enable Sync Views above.
- Sync CPE Mapping Rules - (from Entuity v22.0 upwards) specify whether to sync CPE Mapping Rules across the servers in this configuration set. CPE Mapping Rules and Groups are used to automatically discover potential//candidate CPEs (so long as vulnerability monitoring is enabled).
- Sync User Defined Thresholds - (from Entuity v22.0 upwards) specify whether to sync user defined thresholds across the servers in this configuration set. Note, if a user defined threshold utilizes a custom event, then that custom event will need to be created on all servers in a configuration set in order for the user defined threshold to successfully sync across those servers.
To assign servers to a configuration set:
Note: assigning a server to a configuration set will replace all users, user groups and Views in that server with those specified for that configuration set (depending on the configuration set's sync preferences). As soon as you assign a server to a configuration set (even if the configuration set is empty and has no users, user groups or Views specified to it), that configuration set will then be queued for synchronization and therefore the existing configuration on that server will be lost. If you want to prevent this immediate loss of existing server configuration, ensure that you do not assign servers to the configuration, or pause the synchronization (via the Status column icon), until you are happy that the configuration set contains everything you need.
Note regarding remote servers configured for external authentication: servers that are configured for external authentication (e.g. LDAP) are permitted to be part of a configuration set, but their users will not be synced in accordance with the configuration set's parameters, even if the Sync Users option is enabled.
- From the Configuration Set tab of the the Multi-Server Configuration page, select the configuration set that you wish to edit from the table.
- Click Assign Servers at the top of the page (or via the Overflow Menu or right-click Context Menu).
- The Assign Servers form will open on the right of the page.
- Tick the boxes of the servers that you wish to include in the configuration set. If any of the servers in the list already belong to another configuration set, a warning will appear below the server's name. If you attempt to add a server that already belongs to another configuration set, a warning will appear when you save your changes.
- Click Done in the top right of the form to save your changes, otherwise click Cancel. Because adding a server can cause the replacement of users, user groups and Views, a confirmation dialog will appear when you click Done.
To assign users and user groups to a configuration set:
- From the Configuration Set tab of the the Multi-Server Configuration page, select the configuration set that you wish to edit from the table.
- Click Manage Users at the top of the page (or via the Overflow Menu or right-click Context Menu).
- This will open the Account Management page, from which you can add, edit or remove users and user groups to a specified configuration set. Select either the Users or Groups tab in the top right of the page, and select the configuration set from the Server/Configuration Set dropdown field in the top left of the page. You can then add, edit or remove users as you wish.
For users:
For user groups:
Note, it is possible to add a user group from a central server to a remote server that is on an earlier version of Entuity.
Please see these articles for further help and information on managing user accounts and user groups in Entuity.
To manage the Views in a configuration set:
- From the Configuration Set tab of the the Multi-Server Configuration page, select the configuration set from the table that you wish to edit.
- Click Manage Views at the top of the page (or via the Overflow Menu or right-click Context Menu).
- This will open the View Management page, from where you can add, edit and delete Views, and specify content and incident/event filters for Views. On the View Management page, select the configuration set from the Server/Configuration Set dropdown field in the top left corner, and then specify and manage the Views that you wish to include to this configuration set.
Please see this article for further help and information on View Management in Entuity.
To import the config of a server to a configuration set:
The Import Current Config functionality enables you to extract all users, user groups and Views from a selected server and then import them to the currently selected configuration set. As a result of this, all existing content of the configuration set will be replaced with the imported data.
You can also use an empty configuration set (i.e., one that does not contain any servers) as a backup for server configurations. You can assign users, user groups and Views to this empty configuration set, and if in the future you wish to populate a server that no longer has its previous configuration, you can do so from this configuration set.
- From the Configuration Set tab of the the Multi-Server Configuration page, select the configuration set from the table to which you want to import users, user groups and Views.
- Click Import Current Config via the Overflow Menu or right-click Context Menu.
- The Import Configuration form will open on the right of the page. Select a server from which you want to import users, user groups and Views and then click Done to save your changes, otherwise click Cancel.
To release a server from a configuration set:
You can release a server from a configuration set in one of two ways:
Via the Configuration Set tab:
- From the Configuration Set tab under on the Multi-Server Configuration page, select the configuration set from the table that you wish to edit.
- Click Assign Servers at the top of the page (or via the Overflow Menu or right-click Context Menu).
- On the Assign Servers form that opens, untick the server(s) that you want to release from the configuration set, and click Done to save your changes, otherwise click Cancel. The server will be immediately released from the configuration set.
Via the Remote Servers tab:
- From the Remote Servers tab under on the Multi-Server Configuration page, select the server from the table that you wish to release.
- Click Release from Configuration Set via the Overflow Menu or right-click Context Menu. The server will be immediately released from the configuration set.
To edit the parameters of a configuration set:
- From the Configuration Set tab of the the Multi-Server Configuration page, select the configuration set from the table that you wish to edit.
- Click Edit at the top of the page (or via the Overflow Menu or right-click Context Menu).
- The Edit Configuration Set form will open on the right of the page, which contains the same fields as the Create Configuration Set form (see above).
To delete a configuration set:
- From the Configuration Set tab of the the Multi-Server Configuration page, select the configuration set from the table that you wish to delete.
- Click Delete at the top of the page (or via the Overflow Menu or right-click Context Menu).
- A delete confirmation dialog will open. Click Yes.
To sync a configuration set:
When you make a change to a configuration set's parameters (e.g. changing the sync requirements of User Groups), or make a change to what's included in the configuration set (e.g. adding a View to the configuration set), then these changes will be immediately pushed as a job to each server that is a member of the set.
A popout dialog containing a Configuration Set Sync Progress bar will appear where and once you have made your change (e.g. if you are adding users, the popout dialog will appear whilst you are still on the Account Management page), displaying the progress of the automatic sync and any messages associated with it. You can dismiss this window at any time.
Important note regarding existing server configurations: syncing a server will wipe its previous configuration. Before syncing, it is recommended that you take a backup of the existing configuration. If you subsequently remove a server from a configuration set, that server's old configuration will not be restored.
Note regarding remote servers configured for external authentication: servers that are configured for external authentication (e.g. LDAP) are permitted to be part of a configuration set, but their users will not be synced in accordance with the configuration set's parameters, even if the Sync Users option is enabled.
To manually sync a configuration set:
You can also manually sync a configuration set at any time:
- Navigate to the Configuration Set tab under the Multi-Server Configuration page, and from the table select the configuration set that you wish to sync.
- From the Overflow Menu, click Sync Now. A popout dialog will open (that you can manually dimiss), displaying the progress of the sync.
Note, you can only manually sync one configuration set at a time.
You can check the status of this sync in the Status column of the Configuration Set table (Multi-Server Configuration > Configuration Set tab > table > Status column) (see To check the sync status of a configuration set below).
You can check the sync history of a configuration set in the table under the Sync History tab of the Multi-Server Configuration page (see To view the sync history of a configuration set below).
To pause a sync: Select the configuration set that you wish to pause and click Pause Sync via the Overflow Menu or right-click Context Menu. You can also pause the sync from the sync status details form (see below). Once paused, the sync status icon will change to paused.
To check the sync status of a configuration set:
Once you have made a change to a configuration set, you can see its sync status in the Status column of the Configuration Set table. Note, this column is only available when on the central/consolidation server. It is not available from a remote server.
There is a status icon, and the % bar details the progress of all servers' synchronization. Click on the progress bar to open the Status Details form providing details of the current sync (you can also access this form by clicking Status Details from the Overflow Menu or right-click Context Menu):
This form is read-only and details the following:
- Configuration Change ID - ID of the current configuration change, referred to in the Sync History table (see below).
- Synchronization - use the toggle to specify whether syncing is Active or Paused.
- Member Sync Status - details the sync status of each individual server that belongs to this configuration set.
To view the sync history of a configuration set:
Sync history is retained for 30 days, but this can be configured via entuity.cfg.
There are two ways to access the sync history of a configuration set:
- navigate to the Sync History tab of the Multi-Server Configuration page. In the Server/Configuration Set dropdown field, select the configuration set for which you want to view the sync history.
- select the desired configuration set from the Configuration Set tab of the Multi-Server Configuration page, and click Sync History from the Overflow Menu or right-click Context Menu. This will open the Sync History tab for the selected configuration set.
From the Sync History tab, you can also view the sync history of individual servers, which is accessible via the Server/Configuration Set dropdown field in the top left of the page:
The Sync History tab shows a table detailing the following:
Column Name | Description |
---|---|
Configuration Set | name of the configuration set. |
Server | server on which the sync took place. |
Sync Time | time and date at which the sync took place. |
Triggered By | user who triggered the sync, e.g. through adding to/updating a configuration set. |
Error Code | code for the sync outcome, e.g. 'Success', 'Synchronization failure', 'Partial failure'. |
Error Message | details of an error, if applicable. The full message can be easily read in the Synchronization Details form (see below). |
Configuration Change ID | unique configuration change ID for this sync change. The configuration change ID is an auto-incremented number - each time you update a configuration set, the set gains a new change ID. Once the remote servers in this configuration set have been synced, they will each display this same latest configuration change ID. Column hidden by default. |
Users | summary of changes in this sync to the number of users, e.g. '1 removed = 3 total', or '2 added = 4 total'. |
Total Users | total number of users after this sync. Column hidden by default. |
Users Removed | number of users removed in this sync. Column hidden by default. |
Users Added | number of users added in this sync. Column hidden by default. |
User Groups | summary of changes to the number of user groups after this sync, e.g. '1 added = 3 total', '2 removed = 1 total'. |
Total User Groups | number of user groups after this sync. Column hidden by default. |
User Groups Removed | number of user groups removed in this sync. Column hidden by default. |
User Groups Added | number of user groups added in this sync. Column hidden by default. |
Views | summary of changes to the number of Views after this sync, e.g. '1 added = 6 total', '2 removed = 4 total'. |
Total Views | total number of Views after this sync. Column hidden by default. |
Views Removed | number of Views removed in this sync. Column hidden by default. |
Views Added | number of Views added in this sync. Column hidden by default. |
To view details of an individual sync record, click Details at the top of the page (or via the Overflow Menu or right-click Context Menu).
This will open the Synchronization Details form on the right of the page, which summarises all the information for that particular synchronization (the information being the same as that in the table above). This form allows you to read the Error Message more easily, if applicable.
If a sync has failed on a server(s): To retry synchronization, you can trigger synchronization of an individual server from the Remote Servers tab of the Multi-Server Configuration page, by clicking Sync Now (via the Overflow Menu or right-click Context Menu):
To manage the functionality of a configuration set from the Configuration Set tab:
You can navigate to the functionality specified in a configuration set by selecting the config set and then accessing the Overflow Menu (or the right-click Context Menu). From there, you can click the relevant functionality, and you will be taken to the appropriate page.
For example, clicking Manage CPE Mapping Rules will take you to the Vulnerability Monitoring page.
RESTful API:
Please see the following for help and information on managing server configuration sets using Entuity RESTful API:
- List config sets, and create new config sets
- List summary info about config sets
- Update or delete a config set, and pause the synchronization of a config set
- List and populate the configuration of a config set
- List active config from a server, determined by the optional parameter(s)
- Populate the configuration of a config set from a local server
- List servers currently assigned to a specified config set, and add and remove servers from a config set
- Force control of a server (that already belongs to a diferent config set) when adding it to a new config set
- Trigger synchronization for a specifed config set
- List sync (change) history for all config sets, or filter by individual config set and/or member servers
- List all users in a config set, and add users to a config set
- Change a user's password, or delete a user from a config set
- User group membership:
- Modify user membership of a specified user group on a specified config set
- Add users to a specified user group on a specified config set
- Delete a user from a specified user group on a specified config set
- List the Views in a config set, and add Views to a config set
- Update, rename or delete Views in a config set
- List the content filters in a config set, and add or update config filters
- List the incident filters in a config set, and add or update incident filters
- List the event filters in a config set, and add or update event filters
- List the profiles in a specified server configuration set, and add a new profile to a config set
- List details of, modify, or delete a profile within a config set
- List details of, modify, or delete an OS Service in a specified config set
Comments
0 comments
Please sign in to leave a comment.