Now that you’ve gotten through the top five things to get up and running with Halo, let’s take a look at the next five items you could tackle!
1. Setting up automated scanning
When dealing with the security of a sprawling infrastructure, automation is key. Halo has a basic level automation out-of-the-box (automatic firewall updates on new servers, for example), but you have the ability to automate your security process even more by going to Site Administration > Scanner Settings > Enable Automatic Scanning.
2. Configuring alerts / alert profile
Every team is different – if you have set up FIM, CSM, and other scan alerts, you may also want to configure who on your team receives alerts. You can do this by setting up alert profiles, under Policies > Alert Profiles. You can then apply these profiles to server groups in the same way you can assign security policies.
3. Server Access Management
It can be difficult to keep track of server accounts across your server environment. Halo’s Server Access Management (SAM) module helps you keep track of what accounts and access levels exist on your servers. Check out a SAM report on one of your servers to see:
- How many / which accounts have root access?
- When did those accounts last log in?
- Where else does one user exist across other servers in that group?
Explore the module to see how Server Access Management can help you get visibility into your environment. This is especially helpful if you are a customer of public cloud and would like to monitor the provider’s access to your servers.
4. Supplemental CSM policies
You’ve already set up a core configuration policy to check the configuration settings of your operating system, but you can apply multiple policies for an even greater level of security. Check out the “OS Extended” policies for a finer grained look at your operating system. You may also want to check out our templates for services you are running on your server, like Apache or MYSQL. Just clone the policies you want, apply them to server groups, and scan away.
5. Special Events Policies
Halo gives you additional visibility into your servers that doesn’t necessarily fit in boxes like “File Integrity” or “Configuration Scanning” – for example, your server shutting down or changing ip address. We’ve grouped these extra events as “Security Events” policies – your default policy can be found under Policies > Special Event Policies.
* Bonus – Check out some of our supplemental tools in our Halo Toolbox!
We’ve got some great supplemental tools posted on GitHub, in the new CloudPassage Toolbox. Perhaps you’d like to add a firewall rule to all of your policies, or maybe an html-formatted page showing the IP addresses from which Halo Portal users have logged in? Browse the supplemental scripts in our toolbox to see how you can make Halo work harder for you.