3Using ePolicy Orchestrator
You must use ePolicy Orchestrator to configure and manage Host Intrusion Prevention, which consists of these basic tasks:
Install/check in Host Intrusion Prevention server files and client package.
Use the Host Intrusion Prevention installer to check in the Host Intrusion Prevention server files, which include a NAP file, content with default signatures and rules, and reports to the ePolicy Orchestrator Repository. Check in the Host Intrusion Prevention client package to the ePolicy Orchestrator Repository. For details, see the Host Intrusion Prevention 6.0 Installation Guide.
Deploy Host Intrusion Prevention clients.
Use the ePolicy Orchestrator console to deploy Host Intrusion Prevention clients to computers in the Directory console tree. For details, see the ePolicy Orchestrator
3.6Product Guide.
Configure Host Intrusion Prevention policies.
Configure the IPS, firewall, application blocking, and general policies to apply to the clients. The default settings in each policy provide basic protection, but for tighter security you need to tune the deployment and configure policies to fit your environment. See the appropriate chapters in this guide for details.
Assign owners to policies in the Policy Catalog.
Ownership is assigned in the Policy Catalog, For details see the ePolicy Orchestrator
3.6Product Guide.
Send Host Intrusion Prevention policy update information to clients.
ePolicy Orchestrator sends updated information to Host Intrusion Prevention clients. The clients enforce the policies, collect event information, and transmit the information back to ePolicy Orchestrator. The interaction between client and server is determined by the ePolicy Orchestrator agent policy settings. For details, see the ePolicy Orchestrator 3.6 Product Guide.
Set up notifications in ePolicy Orchestrator for Host Intrusion Prevention events.
For details, see the ePolicy Orchestrator 3.6 Product Guide.
Run reports in ePolicy Orchestrator to view event and protection results.
Information on Host Intrusion Prevention client activity is sent to ePolicy Orchestrator and stored in its database. Use the console to run reports on Host Intrusion Prevention protection.
23
