Use the Agents page of the Managed Hosts Settings dialog to configure the agent(s) to be used to monitor remote managed hosts and SharePoint farms. Once an agent is deployed, use the Agents view to check its status and performance metrics.
|
Note: For EMC managed hosts, if you are collecting resource activity (Collect and aggregate events on the Resource Activity page) or real-time security updates (Collect activity for real-time security updates on the Security Scanning page), you can only specify one agent to scan the EMC storage device. |
|
Note: You can only specify one agent to scan a cloud host. |
Control/setting | Description | ||
---|---|---|---|
Select the agent | Select the agent host computer to be used to monitor the target computer. | ||
Select the service account |
Select the service account with sufficient permissions to access both the target computer and the agent host. An agent requires a service account that has the rights to read security information on the remote host. Only previously configured service accounts that are registered with Data Governance Edition are available for selection. For more information, see Readying a service account and domains for deployment. | ||
Add | After selecting the agent and service account, click the Add button to add it to the Agents list. | ||
Remove |
Select an agent from the Agents list and click the Remove button to remove it from the Agents list.
| ||
Agent list |
Displays the agent(s) selected to monitor the target computer.
|
Control/setting | Description |
---|---|
Agent Service Account |
Select the service account with sufficient permissions to access the SharePoint farm. The service account must be the SharePoint farm account (same account that is used to run the SharePoint timer service and the One Identity Manager service (job server)). The SharePoint farm account also needs to be added to the local Administrators group on the SharePoint server. Only previously configured service accounts that are registered with Data Governance Edition are available for selection. For more information, see Readying a service account and domains for deployment. |
Managed paths determine the unstructured data for which a security index is maintained. A managed path is the root of an NTFS directory tree to be scanned by an agent, or a point in your SharePoint farm hierarchy below which everything is scanned. The agent monitors the specified managed paths for changes to security settings to maintain the security index. In addition, if resource activity collection is enabled, the agent collects resource activity for resources within these same managed paths.
Use the Managed Paths page on the Managed Host Settings dialog to specify the paths to be monitored and scanned for the target managed host.
|
NOTE: For all managed host types, when placing a resource under governance, the resource must be a managed path or a folder or share under a managed path.
|
Control/setting | Description | ||
---|---|---|---|
Managed paths list |
Displays the managed paths to be monitored by the agent.
| ||
Add |
Use the Add button to define the paths to be monitored. Clicking the Add button displays the Managed Paths Picker dialog allowing you to select the paths to be managed and the agent to be used to scan the selected managed paths. On the Managed Paths Picker dialog, click the check box to the left of a path to add it to the managed paths list and use the Agent Selection field to specify the agent to be used to scan the different managed paths.
| ||
Remove | Use the Remove button to remove a path from the managed paths list. Select the path(s) to be removed and click the Remove button. |
The Managed Paths Picker dialog allows you to select the managed paths (root of an NTFS tree) to be scanned by the selected agent. This dialog appears when you select the Add button on the Managed Paths page of the Managed Host Settings dialog for a managed host.
This dialog contains the following controls:
Control | Description | ||
---|---|---|---|
Managed Paths Selection |
Displays a hierarchical view of the NTFS tree. Navigate to the managed path(s) to be scanned and select the check box to the left of an NTFS directory to select it. By default, everything under a selected managed path will also be selected for scanning. To exclude parts of a managed path, clear the top level path's check box and select and clear individual check boxes to ensure you are scanning only those items you want to scan. Once a managed path is specified, a check mark appears in the check box to the left of the managed path. In addition, the name of the agent appears in the Scanning Agent column to the right of the managed path. | ||
Agent Selection |
When using multiple agents to scan a remote managed host, select an agent from the Agent Selection drop-down menu after selecting the managed paths to be monitored. Repeat this process for each of the agents, selecting different managed paths for each agent. The Scanning Agent field in the Managed Paths Selection grid displays the agent selected to scan the different paths.
| ||
OK |
Click the OK button to save your selections and close the dialog. | ||
Cancel |
Click the Cancel button to close the dialog without saving your selections. |
Use the Security Scanning page on the Managed Host Settings dialog to define when an agent is to perform the initial security scan and when to watch for changes to the structure and security of the file system. Where possible, schedule the scan to low peak hours to avoid heavy network traffic.
The default behavior for security scanning is different depending on the type of agent deployed:
You can modify the scan schedule and define the time and frequency with which the agent scans the target computer using the options available on the Security Scanning page. In addition to defining the security scan schedule, you can specify whether to ignore files and only store folder security data, as well as continuously monitor the file system and apply real-time updates to scanned security data.
|
Note: The schedule times for security scanning are based on the agent's local time. |
Control/setting | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
Scanning Schedule |
Use the options in the Scanning Schedule pane to define the frequency at which the agent performs a full security scan on the target managed host.
| ||||||||
Scan start time |
Specifies the local time of day, with respect to the machine on which the agent is running, when the security scan is to start. The default start time is 2:00:00 AM. To change this time, use the arrow controls to specify a new time.
| ||||||||
Run Daily |
Select this option to scan the target computer on a daily schedule. Use the days of the week check boxes to define when the scan will occur during the week and the Scan start time field to specify the time the daily scan is to begin.
| ||||||||
Run on an interval |
Select this option to scan the target computer on an hourly interval instead of a daily schedule. Selecting this option enables the Every control to specify the interval to be used.
| ||||||||
Run once |
Select this option to schedule a single security scan of the agent.
| ||||||||
Immediately scan on agent restart or when managed paths change |
Select the Immediately scan on agent restart or when managed paths change option if you want the agent to scan immediately when it is added, when the agent is restarted and when any managed paths are changed.
| ||||||||
Ignore all files and only store folder security data |
The Ignore all files and only store folder security data indicates whether the agent is to capture file security data for the target managed host during an agent scan. When this option is cleared, the agent will include file security data in the agent scan.
| ||||||||
Collect activity for real-time security updates |
Select the Collect activity for real-time security updates option to have the agent watch for changes to the structure and security of the file system on the target managed host (that is, monitor create, delete, and rename operations, as well as DACL, SACL, and Owner changes). This results in a more up-to-date security index.
|
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy