Patch
An essential set of Saved Questions, Dashboards, and Categories are created when the Initial Content pack is imported during the VMware TrustPoint Security Server installation. Additional Saved Questions, Dashboards, and Categories are created when you import additional VMware TrustPoint Security Server content packs and the solution modules.
When you get started with Interact, review the Initial Content so that you are aware of the configuration objects that are already available to you. Reviewing the Initial Content can also help you to familiarize with the Questions that can be asked, and ways of grouping them to facilitate reporting and administration tasks. After you understand how these configuration objects can be used, you will be ready to create your own when necessary.
With VMware TrustPoint Security Server Connect™ (Connect), you can integrate VMware TrustPoint Security Server with a SIEM, log analytics tools, threat feeds, or send email notifications.
Connections
A connection is the link between a connection source and one or more connection destinations. The connection source might be data that VMware TrustPoint Security Server is creating, like an Answer or a log message. The connection destination is something outside of VMware TrustPoint Security Server that you are integrating with, like a security information and event management (SIEM) tool.
Connection destinations
Connect includes templates for many common SIEM tools, file, log, and email formats. You can use these templates to integrate with configuration management databases (CMDB), trouble ticketing systems, and proprietary IT systems.
Sensors use familiar, industry-standard scripting languages rather than arcane, proprietary coding syntax. Ideally, a Sensor should use the scripting engine available on the largest number of devices under management.
For computers running a Microsoft Windows operating system, VBScript typically provides the most comprehensive "out-of-the-box" coverage as it has been installed by default in every desktop release of Microsoft Windows from Windows 98 and in Windows Server from Windows NT 4.0 Option Pack. Any other scripting language the Microsoft Windows operating system supports, such as PowerShell, can also be used to develop Sensors, as long as the respective scripting engine already exists or can be deployed and configured on the systems that do not have it already installed. For example, PowerShell is part of many newer Microsoft operating systems, but it may require changes to the PowerShell Execution Policies on the target computers before you can successfully execute PowerShell scripts on the target computers.
For computers running Mac OS X or a Linux operating system, shell script generally provides the most comprehensive "out-of-the-box" coverage. Again, Sensors can be developed using any Mac OS X or Linux supported scripting languages as long as the respective scripting engine already exists or can be deployed and configured on the systems that do not have it already installed.
Some Sensor configuration objects cannot be edited. A VMware TrustPoint Security Server "Reserved Sensor" is a core system Sensor, and its code is not meant to be edited by end-users. Reserved Sensors include Computer Name, Action Statuses, Computer ID, and Download Statuses.
With the Image Service system, you have centralized control of a full desktop instance in a distributed infrastructure.
You can update a single base layer in the data center, and automatically synchronize the full image with all associated endpoints when they connect to the network.
You can enforce all layers without overwriting user-installed applications, data, or preferences.
With Image Service, you can migrate operating systems while preserving user profile and data.
With Discover, you can identify unknown assets in your network and take action to manage them Discover features network scanning for unmanaged assets, unmanaged asset inventory, and metadata tagging. Discover simplifies asset management by providing actions that you can use to deploy TrustPoint Client, receive notifications about newly managed and unmanaged assets, and block unmanaged assets from accessing the network.
VMware TrustPoint Security Server IOC DetectTM (IOC Detect) provides indicator of compromise(IOC) detection and YARA rule matching for management and analysis capabilities to enable real-time responses to intrusions. IOC Detect also provides a REST API that allows for integration between IOC Detect and other parts of the security network.
With the core Incident Response(IR) solution, you can deploy a set of IR tools to each endpoint. With these tools on the endpoints, you can:
IRGatherer
You can collect information from compromised Windows, Linux, and Mac OSXendpoints for further forensic analysis. In addition, investigate potentially compromised systems by looking at file system metadata, event logs, and memory.
With VMware TrustPoint Security Server Trace™ (Trace) ,you can directly investigate key forensic and security events on Windows endpoints, across the network. Trace provides a live and historical view of critical events including process execution, logon history, network connections, and file and registry changes. The Trace solution is comprised of three parts:
VMware TrustPoint Security Server Protect™ (Protect) delivers proactive protection to block malicious attacks on endpoints using native operating system and third-party controls at the speed and scale of VMware TrustPoint Security Server across your environment.
VMware TrustPoint Security Server Patch™ (Patch) provides you with a powerful tool to manage Windows operating system patches across your enterprise at the speed and scale of VMware TrustPoint Security Server. Patch provides a straightforward patching workflow for both simple and advanced patch deployment. You can deploy a single patch to a single machine or perform more complex tasks such as using advanced rule sets to deliver groups of patches across your environment.
Patch generates in-depth reports and returns current results from every endpoint. Patch can quickly summarize the deployment status for any given patch, providing several types of information:
VMware TrustPoint Security Server Patch also allows you to define custom workflows and schedule patches based on advanced rules or exceptions built around allowlists, denylists, dynamic groups and patch lists. For example, VMware TrustPoint Security Server Patch can be configured to always apply critical Microsoft patches to all machines except for datacenter servers, or to always exclude .NET patches.