Important Updates to Cybersecurity Software

HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.

See the new names here > New, Simpler Names for HelpSystems Security Software.

--------------------

Harvesting the Journal Receiver data can be done at the Consolidator level or the Endpoint level.

Consolidator

The Consolidator is the central system and manages Assessment requests between the Consoles and Endpoints. The Consolidator serves as the middleware between Consoles and Endpoints and is responsible for all application logic and rules. All audit data is stored on the Consolidator, along with report definitions, product security settings, data retention settings, and policy definitions.

To set at the Consolidator level

Note: The default in Compliance Monitor is set to run based on the Consolidator defaults for each Endpoint. If you choose to run by Endpoint you will need to go to the properties of that Endpoint, right click and go to Properties, select the Automatic Tab and take the check mark off “Use Consolidator Defaults”. Then, select the Journal Codes you want to retain.

  1. Right click the Consolidator, select Properties, and select the Automatic tab.
  2. Click each data type you would like to harvest under the Available Types column and click > to add it to the Selected Types column.
  3. The first time you start automatic collections, set the day to the number of days you have Journal Receivers on your system so it will pick up all the journal receiver information for the Entry Types you have chosen to collect.
  4. After the initial run, go back and specify how often you want to run journal harvesting in the Frequency to harvest data text box.  If, for example, you had specified 7 days to gather the last 7 days of journal receivers, it will only run once every 7 days.

Endpoint

An Endpoint is a system you want to audit. You must define an Endpoint for each system that you wish to audit. A lightweight agent operates on each Endpoint to collect data that will be forwarded to a Consolidator.

To set at the Endpoint level

  1. Right click on the Endpoint, select Properties, then select the Automatic tab.
  2. Ensure Use Consolidator Defaults is unchecked. To set up first time harvest of journal receiver data, specify the number of days you wish to have journal receivers on your system.
  3. Click each data type you would like to harvest under the Available Types column and click > to add it to the Selected Types column.
  4. After the initial run, go back and specify how often you want to run journal harvesting in the Frequency to harvest data text box. If, for example, you had specified 7 days to gather the last 7 days of journal receivers, it will only run once every 7 days.

    When set to pull data, the consolidator does not override, but adds data to the file. Retention is set under Properties: Set Collection Aging to the number of days you want to retain.

  • Manual Assessments. These are the requested assessments you would see in the bottom part of your screen under Collections and Available Reports. This indicates that the Consolidator will retain 40 total assessments or 30 days’ worth, whichever it reaches first.
  • Automatic Assessments. Automatic Assessments retain the harvested journal data. If set to “0,” all information will be retained. The maximum age within an assessment is 366 days at this time, and the Maximum storage used is based on the BLOB file that contains the data (this is the compressed file size).

Note:Harvested data is only used for Log Files.

To run reports manually using the auto-harvested data

  1. Go to the Automatic tab on the bottom left of the screen.
  2. On the bottom left side of automatic screen, highlight the Endpoint (system) you want the report for.
  3. The available reports appear on the right side of the screen.
  4. Double click the report of interest and enter a date range.
  5. Click OK. The report will start building on screen.
  6. The Collection and Available Reports section at the bottom displays the reports harvested from different Endpoints. Right-click to review a report's log file.

To select to use the Auto Harvested data in a Batch Assessment report

  1. Right-click the Consolidator.
  2. Go to Batch Assessment/Reporting.
  3. If you have a batch assessment already created, highlight assessment, click Edit.
  4. Click Next until you reach the screen to select the reports.
  5. Select the Log File reports you need in this assessment.
  6. Click on the Tab Log File Options.

    Note: When using the auto harvest data in Batch assessments, reports are limited to Log File Reports only.

  7. At the bottom of the page, check “Use automatic assessment data (will NOT collect any new data)”. A message will appear: “Note: When using Automatic Assessment data, only Log-File reports will be processed.”

Note: Check “Prevent Deletion” to prevent other users from deleting your assessment. It is not deleted by the retention setting.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: November 07, 2018