If you add an endpoint, but the endpoint is not registered at that time due to a network problem or the computer being inaccessible, you can manually register the endpoint. Any time you no longer need an endpoint, you can delete that endpoint.
You can also change endpoint properties, such as a contact email, at any time after you have added the endpoint. Some endpoint properties apply to specific operating systems. For example, the CUM PTF property applies only to iSeries endpoints. The endpoint properties include importance level, which allows you to indicate each endpoint’s value to your organization. For more information about modifying the importance level property, see Section 2.5.2, Assigning Importance to Endpoints.
NOTE:
After you have added a custom endpoint property, the property cannot be deleted.
Deleting an endpoint does not remove the Secure Configuration Manager software installed on the agent computer.
As your organization grows and changes, you might need to add endpoints to the asset map in the console.
To add an endpoint to an existing agent:
In the left pane, click IT Assets.
In the IT Assets tree pane, expand Agents and select the appropriate folder.
In the content pane, right-click the agent to which you want to add the endpoint, and then click Add Endpoint.
Click Next.
(Optional) To find an existing system on which to add an endpoint, click Existing Systems. Select a system and click OK.
In the Name field, type a name for the endpoint.
Select the appropriate endpoint type from the Endpoint Type field, such as Windows Machine or Active Directory, or accept the default endpoint type.
Click IP Lookup to look up the IP address of the endpoint or type the IP address into the IP Address field. Secure Configuration Manager supports IPv4 and IPv6 addresses.
(Optional) To add more information about the computer that you are adding as an endpoint, update the optional property fields. Some endpoint types might have a subset of the following optional property fields.
|
Field |
Description |
|---|---|
|
Contact Email |
Email address of the contact person. |
|
Contact Name |
Name of the contact person. |
|
Cumulative PTF |
Cumulative PTF (program temporary fix) applied to the iSeries operating system. |
|
Database Port |
Port that the agent is using to communicate with Core Services, if you are adding a database endpoint. |
|
Importance |
Criticality level of the endpoint. |
|
Instance Name |
Name of the database instance, if you are adding a database endpoint. |
|
Is DHCP Client |
Whether this computer has its IP address dynamically assigned by a DHCP server. |
|
License Type |
Product for which you are licensing this endpoint. |
|
Location |
Location of the computer hardware. |
|
Major Version |
Major version of the operating system. Secure Configuration Manager automatically updates this information when registering Windows, SQL Server, NAS Server, IIS, and Active Directory endpoints. Not available for Lightweight UNIX or Oracle systems. |
|
Minor Version |
Minor version of the operating system. The list of available minor versions depends upon the selected major version. Secure Configuration Manager automatically updates this information when registering Windows, NAS Server, and Active Directory endpoints. Not available for SQL Server, IIS, Lightweight UNIX, or Oracle systems. |
|
Notes |
Descriptive notes about the computer. Not available for Lightweight UNIX, UNIX, iSeries, or Oracle systems. |
|
Service Pack |
Microsoft Service Pack applied to the Windows operating system. Not available for NAS servers. |
|
Time Zone |
Time zone in which the physical computer on which the endpoint is located is found. An endpoint computer can be in a different time zone than the Core Services computer or the managing agent. |
|
Use |
The purpose of the endpoint computer. |
(Optional) To add the endpoint to a group, complete the following steps:
Select the Add Endpoint to a Group check box.
Click Groups.
Select an existing group to which you want to add the endpoint, or create a new group.
(Optional) To create a new group, enter the new group name and description, and then click Create New Group.
Click Finish to return to the Define Endpoint window.
(Optional) To add more than one endpoint, click Add Endpoint. Repeat Step 6 through Step 10 for each endpoint that you want to add.
Click Finish.
When a minor vulnerability occurs on a high-value asset, you may consider the vulnerability a high risk in your environment. Secure Configuration Manager lets you assign an importance value to each endpoint so you can weight resulting risk scores based on the value of the asset to your organization. An endpoint’s importance level represents the criticality of that asset to your company business and applications. For example, you may consider a corporate mail server a greater security risk than a desktop workstation with a very critical vulnerability, even if the mail server has a less critical vulnerability. You can change the importance level by modifying the endpoint’s properties. To assign an importance level to an endpoint, your console user account needs the Assign Importance permission. For more information, see Section 3.6, Managing Permissions.
Importance levels range from Very Low to Very High. By default, an endpoint has a Medium importance when it is created. Secure Configuration Manager maps each level to a percentage that is ultimately multiplied by the exposure score to determine the risk score, which numerically expresses the current level of an endpoint’s vulnerability. Secure Configuration Manager calculates the exposure score for each endpoint by using the scoring method, threat factor, and number of violations for a security check. The threat factor serves as an approximate penalty value, greater than 0, used to calculate the exposure score of a security check. Secure Configuration Manager maps each importance level to a multiplier value. The multiplier value serves as the percentage ultimately multiplied by the exposure score to determine the risk score. For more information about scoring, see Section 6.3, Understanding Risk Scoring.
NOTE:An endpoint may belong to more than one group. Since an endpoint can have only one importance level, you should assign the highest level to the endpoint when you view the endpoint across all groups. For example, if an endpoint has “Medium” importance in the Sales group, but has “High” importance in the Managers group, assign a “High” importance level to that endpoint.