How to monitor remote ECA clusters from Eyeglass
- Remote Service Authentication and Protocol
- Service Registration Monitoring in Eyeglass
- Service States
- Health States
Remote Service Authentication and Protocol
Eyeglass can communicate with multiple Ransomware Defender or Easy Auditor endpoints. Each endpoint must have a unique API token, generated by the Superna Eyeglass REST API window:
Once a token has been generated for a specific ECA, it can be used in that ECA’s startup command for authentication, along with the location of Eyeglass.
Communication with the ECA is bidirectional at the start (ECA -> Eyeglass for security events). Eyeglass will query the analytics database and test database access on regular interval.
The ECA should:
- Heartbeat
- Notify Eyeglass of any detected threats
- Periodically send statistics on processed events.
- Periodically poll for updated Ransomware definitions, thresholds, and Ignore list settings.
Service Registration Monitoring in Eyeglass
Eyeglass icon “Manage Services” displays all registered ECA’s and CA UIM probes operating remotely from the Eyeglass appliance. The screenshot below shows 3 ECA nodes registered and the health of each process running inside the node.
Service States
- Active: Has checked in with heartbeat
- In-Active: Has failed to heartbeat, no longer processing
Health States
- Up - running and up time in days
- Down - not running
The Delete icon per service registration should not be used unless directed by support. This will remove the registration from the remote service.
© Superna Inc