View Categories

Server management

13 min read

1) Endpoint Status Summary in Argus

  1. Active:
    • Description: These endpoints are currently online and communicating with the Argus manager without issues.
    • Typical Use Case: Active endpoints are being monitored in real-time for security events and are receiving configuration updates and commands from the Argus manager.
  2. Disconnected:
    • Description: These endpoints were previously connected but have lost communication with the Argus manager.
    • Typical Use Case: Disconnected endpoints might be offline, powered down, or experiencing network issues. They are not currently sending security events to the Argus manager.
  3. Pending:
    • Description: These endpoints have been registered but are waiting for a connection to be established with the Argus manager.
    • Typical Use Case: Pending endpoints might be newly added and are awaiting the initial connection or might be in the process of being configured.
  4. Never Connected:
    • Description: These endpoints have been registered in the Argus manager but have never established a connection.
    • Typical Use Case: Never connected endpoints might be devices that have been scheduled for future deployment or have configuration issues preventing them from connecting.

Using Argus to Monitor Endpoint Status

  • Dashboard: The Argus dashboard provides an overview of the status of all endpoints, allowing you to quickly identify endpoints that are active, disconnected, pending, or never connected.
  • Alerts: Set up alerts to notify you when an endpoint’s status changes, helping you to proactively manage and troubleshoot endpoint issues.
  • Configuration Management: Ensure that all endpoints are correctly configured to communicate with the Argus manager, including network settings, agent installation, and proper registration.
  • Troubleshooting: Use the logs and diagnostic tools provided by Argus to investigate and resolve issues with endpoints that are disconnected or never connected.

Additional Endpoint Information in Argus

  1. Last Registered Agent:
    • Description: The most recently added endpoint in the Argus manager.
    • Typical Use Case: This can help administrators identify newly added devices and ensure they are configured correctly and start communicating as expected.
    • How to View: This information can be typically found in the Argus dashboard or by querying the agent information via the Argus API.
  2. Most Active Agent:
    • Description: The endpoint that has generated the most security events or has the highest level of communication with the Argus manager.
    • Typical Use Case: This helps in identifying the most monitored or potentially most at-risk endpoints, allowing for focused security analysis and resource allocation.
    • How to View: The most active agent can be identified through the Argus dashboard, often under event statistics or agent activity logs.
  3. Agent Details:
    • Description: Comprehensive information about a specific endpoint, including its status, configuration, and recent activity.
    • Typical Use Case: Used for detailed monitoring and troubleshooting of individual endpoints to ensure they are functioning correctly and securely.
    • How to View: Detailed agent information can be accessed via the Argus dashboard, through agent-specific views, or by querying the Argus API.

2) Endpoint Groups

What are Endpoint Groups?

Endpoint Groups in Argus are logical collections of endpoints (agents) that share common attributes or purposes. Grouping endpoints allows you to apply configurations, monitor activities, and generate reports for a specific set of devices efficiently.

Where to Find Endpoint Groups?

You can manage endpoint groups through the Argus management interface, which is accessible via a web browser. The endpoint groups section is typically found under the under server management.

How to Use Endpoint Groups?

  1. Adding New Groups:
    • Navigate to Endpoint Groups: In the Argus management interface, go to the server management on left menuà select “endpoints Groups”.
  1. Add New Group: Click the “Add New Group” button. A form will appear where you can specify the group’s name and, optionally, its description.
  1. Configure Group: After creating the group, you can add endpoints to it by selecting them from the list of available agents and assigning them to the new group.
  2. Refreshing Group Information:
    • Refresh Groups: Click the “Refresh” button to update the list of endpoint groups. This action ensures that the information displayed is current and reflects any recent changes in the endpoint status or configuration.
  3. Exporting Formatted Data:
    • Export Data: Click the “Export” button to download the endpoint group information in a formatted file.

Managing Individual Group Details

Each endpoint group in Argus can be managed individually, allowing you to view, edit, or delete groups as needed.

  1. View Group Details:
    • Select Group: Click on the name of the group you want to view.
    • View Details: The group details page will display information such as the group’s name, description, and the list of endpoints assigned to it. This view helps you understand the composition and status of the group.
  2. Edit Group Details:
    • Select Group: Click on the name of the group you want to edit.
    • Click “Edit”: On the group details page, click the “Edit” button.
    • Modify Information: Update the group’s name, description, or endpoints as needed.
    • Save Changes: Click “Save” to apply the changes.
  3. Delete Group:
    • Select Group: Click on the name of the group you want to delete.
    • Click “Delete”: On the group details page, click the “Delete” button.
    • Confirm Deletion: A confirmation dialog will appear. Confirm the deletion to remove the group. Note that deleting a group will not delete the endpoints within it; they will simply be ungrouped.

3) Rules in Argus

Argus rules are essential for defining how security events are detected and handled. This guide provides an overview of how to manage rule files, add new rule files, refresh rules, export rules in a formatted way, create custom rules, and use the search functionality. Additionally, it explains how to view and edit individual rules displayed in XML format.

Overview of Argus Rules

Argus Rules are XML-based definitions that determine how the Argus manager processes and identifies security events. They help in recognizing specific patterns in the collected data, generating alerts, and triggering automated responses.

Where to Find Rules in Argus?

You can manage Argus rules through the Argus management interface, typically found under the server management section in the left side menu.

Managing Rules in Argus

  1. Manage Rule Files:
    • View Rule Files: This section lists all the available rule files. Each rule file can be expanded to see the rules it contains.
  1. Add New Rule Files:
    • Add Rule File: Click the “Add New Rule File” button. You will be prompted to upload a new XML rule file or create one from scratch using a text editor provided in the interface.
    • Save Rule File: After adding the rules, save the file to include it in the rule set used by Argus.
  1. Refresh Rules:
    • Click Refresh: Click the “Refresh” button to update the displayed rule files and rules, ensuring you see the most current data.
  2. Export Formatted Rules:
    • Export Rules: Click the “Export” button to download the rule files.
  3. Custom Rules:
    • Create Custom Rules: You can create custom rules to tailor the detection capabilities to your specific environment.
    • Add Custom Rule File: Click on “Add New Rule File” and create a new file or edit an existing one to include your custom rules.
    • Save Custom Rules: Ensure the custom rules are saved and validated to be correctly integrated into the Argus rule set.
  4. Search Bar:
    • Search for Rules: Use the search bar at the top of the rules section to find specific rules or rule files quickly. Enter keywords related to the rule content or names.
    • View Search Results: The search results will display matching rules, allowing you to navigate directly to the relevant rule file or rule.

4)Decoders in Argus

Decoders in Argus are essential for interpreting and normalizing log data from different sources. This guide provides an overview of how to manage decoder files, add new decoder files, refresh decoders, export decoders in a formatted way, create custom decoders, and use the search functionality. Additionally, it explains how to view and edit individual decoders displayed in XML format.

Overview of Argus Decoders

Argus Decoders are XML-based definitions that determine how the Argus manager interprets and normalizes log data from various sources. Decoders help in parsing log messages to extract relevant information, which is then processed by Argus rules.

Where to Find Decoders in Argus?

You can manage Argus decoders through the server managementà Decoder

Managing Decoders in Argus

  1. Manage Decoder Files:
    • View Decoder Files: This section lists all the available decoder files. Each decoder file can be expanded to see the decoders it contains.
  2. Add New Decoder Files:
    • Add Decoder File: Click the “Add New Decoder File” button. You will be prompted to upload a new XML decoder file or create one from scratch using a text editor provided in the interface.
  1. Save Decoder File: After adding the decoders, save the file to include it in the decoder set used by Argus.
  2. Refresh Decoders:
    • Click Refresh: Click the “Refresh” button to update the displayed decoder files and decoders, ensuring you see the most current data.
  3. Export Formatted Decoders:
    • Export Decoders: Click the “Export” button to download the decoder files.
    • Download File: Confirm to generate and download the formatted decoder file.
  4. Custom Decoders:
    • Create Custom Decoders: You can create custom decoders to tailor the log interpretation capabilities to your specific environment.
    • Add Custom Decoder File: Click on “Add New Decoder File” and create a new file or edit an existing one to include your custom decoders.
    • Save Custom Decoders: Ensure the custom decoders are saved and validated to be correctly integrated into the Argus decoder set.
  5. Search Bar:
    • Search for Decoders: Use the search bar at the top of the decoders section to find specific decoders or decoder files quickly. Enter keywords related to the decoder content or names.
    • View Search Results: The search results will display matching decoders, allowing you to navigate directly to the relevant decoder file or decoder.

5) Cluster

Cluster Management in Argus allows you to manage multiple Argus nodes working together to provide a scalable and high-availability solution.

  • What: Configuration and management of multiple Argus nodes.
  • Where: Accessed through the “Cluster” section in the server management of left side menu bar.
  • How: Add, remove, and manage nodes, monitor cluster status, and ensure synchronization between nodes for efficient log processing and analysis.

6) Logs

Log Management in Argus is essential for collecting, storing, and analyzing log data from various sources.

  • What: Collection and analysis of log data.
  • Where: Found in the “Logs” section in the server management of left side menu bar.
  • How: View and search logs, export log.

7) Settings

Settings in Argus provide options to configure and customize the Argus environment according to your needs.

  • What: Configuration options for Argus.
  • Where: Located in the “Settings” section in the server management of left side menu bar.
  • How: Adjust settings for user management, alerting, integrations, agent configuration, and other system parameters.

8) Status

Status Monitoring in Argus gives an overview of the current state and health of the Argus infrastructure.

  • What: Real-time status of Argus components.
  • Where: Accessed through the “Status” section in the server management of left side menu bar.
  • How: Monitor the health of agents, managers, and clusters; view system performance metrics and component statuses.

Statistics

Statistics in Argus provide insights into the performance and operational metrics of the Argus deployment.

  • What: Performance and operational metrics.
  • Where: Found in the “Statistics” section in the server management of left side menu bar.
  • How: View detailed statistics on events, alerts, log processing, and resource utilization over different periods.

9) Dev Tools

Development Tools in Argus are designed for developers and advanced users to interact with the Argus API and test custom configurations.

  • What: Tools for development and API interaction.
  • Where: Located in the “Dev Tools” section in the server management of the left side menu bar.
  • How: Access the Argus API, execute API calls, test custom rules and decoders, and interact with the Argus backend programmatically.

10) Ruleset Test

Ruleset Test in Argus allows users to validate custom rules against sample log data to ensure they function as expected.

  • What: Testing of custom rulesets.
  • Where: Found in the “Ruleset Test” section in the server management of left side menu bar.

11) Security

Security in Argus encompasses various features to protect and monitor the security posture of the Argus environment.

  • What: Security configurations and monitoring.
  • Where: Accessed through the “Security” section in the server management of left side menu bar.
  • How: Configure security settings, monitor security events, set up intrusion detection and prevention, and manage user access controls.

Detailed Overview of Security Management in Argus

Security Management in Argus

Security management in Argus is a critical component that encompasses user management, role-based access control (RBAC), policy configurations, and role mappings. These features ensure that access to the Argus environment is controlled and monitored, maintaining a secure and organized system.

1. Users

User Management in Argus allows administrators to create and manage user accounts, defining who can access the Argus management interface and what actions they can perform.

Creating a User:

  • Navigate to Users: Access the “Users” section from the Security management interface.
  • Add New User:
    • Click on the “Add User” button.
    • Fill in the user details, including:
      • Username: A unique identifier for the user.
      • Password: A strong password for account security.
      • Full Name: The user’s full name for identification.
      • Email: The user’s email address for notifications.
  • Assign Roles:
    • Choose one or more roles from the available list to assign the appropriate permissions to the user.
  • Save User:
    • Click “Save” to create the new user account with the defined roles and permissions.

2. Roles

Role Management in Argus involves creating and assigning roles to users. Roles define a set of permissions that determine what actions a user can perform within the Argus management interface.

Creating a Role:

  • Navigate to Roles: Access the “Roles” section from the Security management interface.
  • Add New Role:
    • Click on the “Add Role” button.
  • Fill in the role details, including:
    • Role Name: A unique name for the role.
    • Description: A brief description of the role’s purpose.
  • Define Permissions:
    • Select the specific permissions to be granted to the role. Permissions can include access to certain sections, ability to perform specific actions, and more.
  • Save Role:
    • Click “Save” to create the new role with the defined permissions.

3. Policies

Policy Management in Argus involves defining policies that govern user behavior and access within the system. Policies can enforce security rules and compliance requirements.

Creating a Policy:

  • Navigate to Policies: Access the “Policies” section from the Security management interface.
  • Add New Policy:
    • Click on the “Add Policy” button.
  • Fill in the policy details, including:
    • Policy Name: A unique name for the policy.
    • Description: A brief description of the policy’s purpose.
  • Define Policy Rules:
    • Specify the rules and conditions that make up the policy. This can include access control rules, usage restrictions, and compliance requirements.
  • Assign Roles:
    • Choose the roles to which this policy will apply. Users with these roles will be subject to the policy rules.
  • Save Policy:
    • Click “Save” to create the new policy with the defined rules and role assignments.

4. Roles Mapping

Role Mapping in Argus links user accounts to roles based on predefined criteria, ensuring that users have the appropriate permissions for their responsibilities.

Creating a Role Mapping:

  • Navigate to Roles Mapping: Access the “Roles Mapping” section from the Security management interface.
  • Add New Role Mapping:
    • Click on the “Add Role Mapping” button.
    • Fill in the mapping details, including:
      • Mapping Name: A unique name for the role mapping.
      • Description: A brief description of the mapping’s purpose.
  • Define Mapping Criteria:
    • Specify the criteria for mapping users to roles. This can include user attributes like department, job title, or other relevant factors.
  • Assign Roles:
    • Select the roles that will be assigned to users who match the defined criteria.
  • Save Role Mapping:
    • Click “Save” to create the new role mapping with the defined criteria and role assignments.

Leave a Reply

Your email address will not be published. Required fields are marked *