Internet Security Systems 3.5, Desktop Protector Connecting to ICEcap Manager

Chapter 4: Configuring RealSecure Desktop P rotector

Connecting to ICEcap Manager

Introduction RealSecure Desktop Protector interacts with ICEcap Manager management and reporting

console to provide enterprise-wide security monitoring and management. If ICEcap

Manager application has granted local control, you can use the ICEcap tab to manually

configure how Desktop Protector reports intrusion information to an ICEcap server.

Procedure To configure the local Desktop Protector agent to report to ICEcap Manager and receive

updates from ICEcap Manager:

1. On the Main Menu, select Tools ÆEdit BlackICE Settings.

2. Select the ICEcap tab.

3. Is Enable local configuration editing selected?

■If yes, go to Step4.

■If no, you cannot change any settings from the local agent. Contact your ICEcap

administrator.

4. Select Reporting enabled.

5. In the URL text box, enter the fully qualified URL of the ICEcap server in the format

http://<ICEcap server name>:<HTTP event port number>

. For example, if

ICEcap Manager is on a server named ICECAP using event port 8082 (the default),

enter

http://ICECAP:8082

. You can use the ICEcap server’s IP address or DNS

name.

6. In the Account Name text box, enter ICEcap Manager account name to use when

uploading data. Refer to your ICEcap Manager documentation for more information

about account names. The default account name is iceman.

7. In the Password text box, enter the current ICEcap Manager event password. This is

the password that Desktop Protector uses to authenticate itself when it reports events

to the ICEcap server.

8. In the Group Name text box, specify ICEcap Manager g roup to which this Desktop

Protector installation is assigned.

Note: This group must be created beforehand in ICEcap Manager and must have the

correct configuration settings to report properly. See the RealSecure ICEcap Manager

User Guide for more information about groups and group name precedence settings.

9. In the Proxy URL text box, enter the fully qualified URL for the proxy server, if any. If

you are not using a proxy server, leave this field blank.

10. Click OK.

Testi ng yo ur IC Eca p

connection

To see if your local agent can communicate with the ICEcap server:

1. On the Main Menu, select Tools ÆEdit BlackICE Settings.

2. Select the ICEcap tab.

3. Click Te st.

Desktop Protector sends a proactive heartbeat to the ICEcap server and ICEcap

Manager updates the local agent’s settings.

4. One of four messages appears in the Last Status text box: