ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

What appliance settings are preserved in the ATP 3.x or SEDR 4.0 backup file?

book

Article ID: 172137

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

You seek to know which settings are written to the "cfg_export.txt" file included in the satp_backup file in backups generated by Advanced Threat Protection 3.0 and later, including Symantec Endpoint Detection and Response 4.0.

Resolution

The "cfg_export.txt" file contains the user provided settings from the Global settings page and the Appliance settings of the appliance the backup was performed on. Here are the details included in this file:

Global settings:

  1. User Account Settings
  2. Blacklist Settings
  3. Whitelist Settings
  4. SMTP Settings
  5. Backup Settings
  6. SEPM Controller Settings
  7. Synapse SEPM DB Settings

Appliance settings:

  1. Appliance List
  2. DNS Settings
  3. Syslog Settings
  4. Timeserver Settings
  5. Sandboxing Settings
  6. Network Proxy Settings
  7. Enterprise Proxy Settings
  8. Internal Network Settings (All-in-one appliance mode only)
  9. SNMP Settings

Here is an example of a cfg_export.txt file:

#####################################################
ATP Configuration Backup
Hostname: localhost.localdomain
Release: 'Advanced Threat Protection' 3.1.0-678
DB config file: /etc/symantec/sgs-td/dataaccess/db.properties
Backup time: Mon Jul 23 10:19:09 GMT 2018
#####################################################

 

Section 1 : Global Settings

 

##############################
### User Account Settings  ###
##############################
+----------+---------------+-----------------------------+----------+-----------+
| username | displayname   | useremail                   | userrole | isdeleted |
+----------+---------------+-----------------------------+----------+-----------+
| setup    | Setup User    | [email protected]          | setup    |         1 |
| admin    | Administrator | [email protected]         | admin    |         0 |
+----------+---------------+-----------------------------+----------+-----------+

###########################
### Blacklist Settings ###
###########################

+------------------------------------------------------------------+------------+--------------------------+
| target                                                           | targettype | DateAdded                |
+------------------------------------------------------------------+------------+--------------------------+
| 64bf170fe7c42XXXX4afdd4b1da1347882e3bd2af81344f443c829ec5e302af2 | sha256hash | 2018-7-14 17:33:03.6000  |
| a1e6e1ebf4705XXXX52548219d21f2d1                                 | md5hash    | 2018-7-14 17:33:03.8510  |
+------------------------------------------------------------------+------------+--------------------------+

###########################
### Whitelist Settings ###
###########################

+------------------------------------------------------------------+------------+--------------------------+
| target                                                           | targettype | DateAdded                |
+------------------------------------------------------------------+------------+--------------------------+
| e2adb85dbd78c1XXXX2f5b85212cc2272e0ae543dd274b7475986e119313209e | sha256hash | 2018-06-24 19:53:07.2100 |
+------------------------------------------------------------------+------------+--------------------------+

#########################
### quarantine rules  ###
#########################

######################
### SMTP Settings  ###
######################
+--------------+------+----------+-----------+-------------------------------+
| host         | port | username | authorize | serveremail                   |
+--------------+------+----------+-----------+-------------------------------+
| 10.122.12.66 |   25 | NULL     |         0 | [email protected]   |
+--------------+------+----------+-----------+-------------------------------+

#####################
## Backup Settings ##
#####################
backupMethod=ftp
backupHost=192.1.1.1
backupPath=/backups
user=atpuser
scheduleType=minute_schedule
isEnabled=on
minute=1380
utc_hour=-1
dayofmonth(1-28)=N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N,N
dayofweek(SU,M-F,SA)=NULL

##############################
## SEPM Controller Settings ##
##############################
+--------------+----------+---------+------------+----------+---------+
| ip_address   | username | domain  | entry_name | port_num | status  |
+--------------+----------+---------+------------+----------+---------+
| 10.7.185.103 | atpadmin | Default | SEPM       |     8446 | healthy |
+--------------+----------+---------+------------+----------+---------+

##############################
## Synapse SEPM DB Settings ##
##############################
+-----------+--------+--------------+--------+--------+----------+-----------+----------+
| sepm_name | dbtype | dbipaddress  | dbname | dbport | username | isenabled | status   |
+-----------+--------+--------------+--------+--------+----------+-----------+----------+
| SEPM DB   | MSSQL  | 10.1.1.3     | sem5   |   1433 | atpuser  |         1 |  enabled |
+-----------+--------+--------------+--------+--------+----------+-----------+----------+

NOTE: The Synapse Settings and Email Security.cloud settings are not recorded. If the SEPM DB section has data, this means the Synapse setting was Enabled.

 

Section 2 : Appliance Setting

 

######################
### Appliance List ###
######################
+----------------------------------+--------------+-------------+-------------+-----------------+---------+------------+------------+
| machineid                        | name         | mgmtip      | mode        | softwareversion | enabled | enableScan | Role       |
+----------------------------------+--------------+-------------+-------------+-----------------+---------+------------+------------+
| 4C4C4544004XXXX08044C4C04F393432 | ATP-8880     | 10.1.7.1    | mode_uninit | 3.1.0-678       |       0 |          0 | Management |
+----------------------------------+--------------+-------------+-------------+-----------------+---------+------------+------------+

####################
### DNS Settings ###
####################
+---------------+-------------+--------------+-----------------+
| appliancename | primarydns  | secondarydns | use_default_dns |
+---------------+-------------+--------------+-----------------+
| ATP-8880      | 10.1.2.2    | 10.2.2.3     |               0 |
+---------------+-------------+--------------+-----------------+

#######################
### Syslog Settings ###
#######################
+---------------+-----------+------+----------+--------------------+
| appliancename | ipaddress | port | protocol | use_default_syslog |
+---------------+-----------+------+----------+--------------------+
| ATP-8880      | 10.0.0.1  |  601 | TCP      |                  0 |
+---------------+-----------+------+----------+--------------------+

############################
### Timeserver Settings  ###
############################
+---------------+-----------------------+-------------------------+
| appliancename | ipaddress             | use_default_time_server |
+---------------+-----------------------+-------------------------+
| ATP-8880      | ntp.testdomain.com    |                       0 |
+---------------+-----------------------+-------------------------+

############################
### Sandboxing Settings  ###
############################
+---------------+----------+-----------------------+---------------------+----------------------------------+
| appliancename | useCynic | malwareAnalysisServer | malwareAnalysisUser | malwareAnalysisToken             | malwareAnalysisUseNetworkProxy | malwareAnalysisValidateCertificate | malwareAnalysisCertFileContent |
+---------------+----------+-----------------------+---------------------+----------------------------------+
| ATP-8880      |        0 | 10.1.1.1              | atpuser             | 234231252356XXXX6113463451242363 |                              0 |                                  0 |                                |
+---------------+----------+-----------------------+---------------------+----------------------------------+

###############################
###  Network Proxy Settings ###
###############################
+---------------+-----------+-----------+--------------------------+
| appliancename | ipaddress | isenabled | use_default_proxy_server |
+---------------+-----------+-----------+--------------------------+
| Default       | 10.0.0.1  |         1 |                     NULL |
+---------------+-----------+-----------+--------------------------+

##################################
###  Enterprise Proxy Settings ###
##################################
+---------------+-------------+------------------------------+
| appliancename | ipaddress   | use_default_enterprise_proxy |
+---------------+-------------+------------------------------+
| Default       | 10.0.0.1    |                         NULL |
| Default       | 10.0.1.1    |                         NULL |
| Default       | 192.168.1.1 |                         NULL |
+---------------+-------------+------------------------------+

##################################
###  Internal Network Settings ###
##################################
+---------------+-----------+------------+------------------+------------------------------+
| appliancename | ipaddress | subnetmask | description      | use_default_internal_network |
+---------------+-----------+------------+------------------+------------------------------+
| Default       | 10.0.0.0  | 255.0.0.0  | Internal network |                         NULL |
+---------------+-----------+------------+------------------+------------------------------+

######################
###  SNMP Settings ###
######################
+---------------+------+---------+----------+----------+-------------+------------------+
| appliancename | host | type    | username | AuthType | EncryptType | use_default_snmp |
+---------------+------+---------+----------+----------+-------------+------------------+
| ATP-8880      |      | Manager | atpuser  | SHA      | DES         |                0 |
| Default       |      | Manager | 10.2.1.5 | MD5      | DES         |             NULL |
+---------------+------+---------+----------+----------+-------------+------------------+