Sunteți pe pagina 1din 8
Introduction to Bit9 Parity v6.0 Document Version: 1.0 July 8, 2010 Bit9, Inc. 266 Second

Introduction to Bit9 Parity v6.0

Document Version: 1.0 July 8, 2010

Bit9, Inc. 266 Second Ave, Waltham, MA 02451 USA Tel: 617.393.7400 Fax: 617.393.7499 E-mail: support@bit9.com Web: http://www.bit9.com

Bit9 Communications Audit and Assessment

Contents

Contents Document Purpose 2 Functional and User Interface Changes 3 Updated Server and Agen t Platform

Document Purpose

2

Functional and User Interface Changes

3

Updated Server and Agent Platform Support

3

New Windows Registry Protection

3

Enhanced Custom (Path/Directory) Rules

3

Enhanced Workflows for Typical Tasks

4

Enhanced Approval and Ban Management

4

Changes to the Left Navigation Menu

5

New Console User Preferences Page

5

Home Page Enhancements

5

Dashboard Enhancements

6

Live Inventory SDK: Database Views

6

New Agent/Computer Management Features

7

Enhanced Agent-Server Communications Security

7

Additional Feature Changes

7

Bit9 Support and the Upgrade Process

8

Document Purpose

This document provides a brief introduction to Parity version 6.0 for users upgrading from previous versions. It describes major changes since v5.1.

This document is a supplement to the main Parity documentation on the Parity v6.0 CD (or download). See the Using Parity guide for complete details about features.

The most current Operating Environment Guidelines for Parity v6.0 are provided in a separate document available from Bit9 Support. Hardware and software requirements, as well as upgrade installation instructions, also are documented in the Installing Parity guide.

installation instructions, also are documented in the Installing Parity guide. Introduction to Bit9 Parity v6.0 Page
installation instructions, also are documented in the Installing Parity guide. Introduction to Bit9 Parity v6.0 Page

Functional and User Interface Changes

Functional and User Interface Changes

Updated Server and Agent Platform Support

Server platform changes: The 64-bit versions of Windows 2008 Server are supported for Parity Server v6.0.

Agent platform changes: The 64-bit versions Windows 7, Windows 2008 Server, and Vista are supported for Parity Agent v6.0. Windows 2000 systems are no longer supported, and v6.0 agents will not install on them.

SQL Server platform changes: Parity installation no longer includes a SQL Server Express option. Bit9 Technical Support can advise you on replacing it with your own licensed copy of a supported SQL Server version before installing Parity Server v6.0.

New Windows Registry Protection

Bit9 Parity v6.0 includes support of Registry Rules that enable you to monitor and control changes to the Windows Registry on any computer running a Parity Agent.

The definition of a rule includes the following attributes:

Path in the registry to monitor and/or control.

Action to take when the write operation is attempted. Supported actions include Prompt (user can choose block or allow), Report, and Allow changes to Registry entries.

Process matching criteria, including Any Process, Any Promoted Process (e.g., Installer), Specific Processes, and Any Process Except.

User or Group matching criteria, including Any User, Specific User and Well-Known User Group (i.e. Local System, Local Administrators, Local Service, etc.).

Enhanced Custom (Path/Directory) Rules

Bit9 Parity v6.0 includes support of Custom Rules that enable you to monitor and control both file writing and execution actions based on user-specified criteria. While similar to the Directory Policies available in prior versions of Bit9 Parity, Custom Rules are far more powerful. Custom Rules are on the Custom tab of the Software Rules page.

The rule types include the following:

File Integrity Control – Monitor, and if you choose, prevent modifications to specified folders or files.

Trusted Path - Define folders or files for which file execution is always allowed.

Execution Control - Control behavior when an attempt is made to execute a file matching the rule.

File Creation Control - Control behavior when an attempt is made to write a file matching the rule.

Performance Optimization - Specify folders or files to avoid tracking (execution will still be monitored).

Advanced - Define custom behavior for controlling file execution, creation, and/or tracking.

custom behavior for contro lling file execution, creation, and/or tracking. Introduction to Bit9 Parity v6.0 Page
custom behavior for contro lling file execution, creation, and/or tracking. Introduction to Bit9 Parity v6.0 Page
When you select a rule type, the page displays on ly those fields necessary to

When you select a rule type, the page displays only those fields necessary to complete definition of that type. Depending upon the selected rule type, the definition of the rule may include any or all of the following attributes:

Operation – The operation (Write, Execute or both) you want to control.

Write Action – The action to take when a write operation is attempted; supported actions include Block, Approve, Prompt, Allow, Approve as Installer and Default.

Execute Action – The action to take when an execute operation is attempted; supported actions include Allow, Block, Default, Allow and Promote, and Prompt.

Path or File – The path or file you want to monitor or control; you can use wildcards and macros to include multiple paths or files.

Process – Matching criteria include Any Process, Any Promoted Process (i.e. Installer), Specific Processes, Any Process Except.

User or Group -- Matching criteria include Any User, Specific User or Well-Known User Group (i.e. Local System, Local Administrators, Local Service, etc.)

Enhanced Workflows for Typical Tasks

Parity v6.0 includes user interface changes designed to streamline the workflow for certain typical tasks. Among the key changes related to this are:

Action menu – Actions that were on a variety of buttons spread across a Parity Console page are now available on a single Action menu on many pages. The commands on this menu vary by page, but include commands for approving or banning files, removing bans or approvals, analyzing a file in Parity Knowledge and acknowledging a file.

Multi-selection checkboxes – On many pages, actions that formerly could be applied only to one item at a time can be applied to multiple items at once. These pages now have checkboxes, and actions (such as those on the Action menu) apply to all visible checked items.

Direct access to file actions from Events page – The Events page now includes an Action menu, and if an event description contains a file name or hash, you can act on that file by checking the box on the Events page and choosing a command from the menu. For example, if an event shows that a file was blocked and you want to approve the file, you can check the box on the Events page and then Globally Approve from the Action menu.

Enhanced Approval and Ban Management

Parity v6.0 includes several features for improving management of explicitly approved or banned files:

Combined approval and ban page – The Files tab on the Software Rules page lists all explicitly approved files as well as explicitly banned files. You can add approvals and bans on this page, and you can remove one or more of them in a single operation.

Policy-based approvals – You can create files approvals on a per-policy basis using the Approve (Custom) command, which is available on pages listing files, and also by editing an approval on the Software Rules page Files tab.

Marking a file as an installer when approved – The Approve (Custom) command also allows you to mark a file as an installer at the same time that you approve it.

allows you to mark a file as an installe r at the same time that you
allows you to mark a file as an installe r at the same time that you

Changes to the Left Navigation Menu

Changes to the Left Navigation Menu

The content of the Navigation bar has changed in v6.0:

A Dashboards link navigates to a new Dashboard Management Page.

Files and Computers links are now organized under Assets section.

The Policies section has been removed.

The Rules section includes management of policies, management of rules for software approval and banning, registry protection, and USB device management.

The Software Rules link provides access to all of the options previously available on the Software Approvals and Software Bans pages plus a new Custom tab that includes an enhanced version of what were called "Directory Policies" in previous releases.

The Files tab in Software Rules includes both Approvals and Bans by file.

There is a new Preferences link that allows Parity Console users to change their password and other preferences.

The Login Accounts link replaces the previous User Accounts link.

To better distinguish the Administrator role, Parity Console users with Power User privileges no longer have access to the System Configuration pages.

New Console User Preferences Page

Preferences in the left navigation menu opens the new Preferences page, which provides the following features:

Change Password – Each Parity Console user can change their password. This is especially useful for ReadOnly users, who cannot access the Login Accounts page.

Remember or don’t remember page settings – Each user can decide whether page settings – that is, the filters, columns, and other view parameters they choose on a page – are saved when they navigate away from a page (or logout) and come back to it.

Choose default starting page – Each user can choose (from a menu) which Parity page appears first upon login.

Home Page Enhancements

For Parity Server v6.0, the Home Page is a customizable Dashboard. In addition to key capabilities from the previous Home page, the Home Page dashboard includes new portlets that can assist in management of your deployment:

Top X – Returns the most frequent occurrences of the most important events, including Blocks By User, Blocks By Computer and Blocks by File.

Find Computer – Provides quick search capability based on Computer Name, IP Address or User Name.

Find Files or Events Provides ad hoc search capabilities based on any combination of Computer, User and Filename over a specific time.

Change Policy Provides the ability to quickly change the policy of a selected computer.

You can save any dashboard as the default Home Page for new users, and you can revert to the default from a modified Home Page, if you choose.

and you can revert to the default from a modified Home Page, if you choose. Introduction
and you can revert to the default from a modified Home Page, if you choose. Introduction

Dashboard Enhancements

Dashboard Enhancements

Parity v6.0 includes significant feature enhancements for the Dashboard.

You can change the display settings of the any dashboard, including the Home Page, via the dashboard toolbar:

Dashboard Layout – You can use the Layout menu to change the way portlets are arranged on the dashboard.

Dashboard Width – You can use the Width menu to change the width of the dashboard (in pixels) to better fit your screen resolution and size.

Background Color – You can use the Background Color selector to choose a different color for the background between portlets.

Parity v6.0 includes a new Dashboards page that lists all dashboards available to the logged-in user and provides access to both dashboard viewing and to management activities, such as editing, copying, and deleting dashboards.

When you create a new portlet, menus for Portlet Types and in some cases Subtypes pre-select parameters appropriate to the type and subtype you choose. Parity v6.0 also provides new portlet options, including the ability to display data in a table only, or to add a small table to a graphic portlet. You also can apply complex data filtering to some custom portlets.

Live Inventory SDK: Database Views

Parity Server v6.0 includes public views into the "live inventory" database of files on your Parity- managed computers. With these, you can create your own reporting and data analysis solutions.

Creating your own custom reports using the external database views may be useful when you want to perform complex analysis of file and computer inventory data. It also can be a solution when you have inquiries that perform better through direct database access, you want to run reports on a particular schedule, or you want to output reports to third-party tools.

The database views include:

Public properties of servers and schema in the Parity environment.

All events shown on the Events page

All executions of metered files

Metadata of all computers

Metadata for all unique hashes

Metadata of all file instances on all computers

Metadata of all file instance groups

of all file instances on all computers • Metadata of all file instance groups Introduction to
of all file instances on all computers • Metadata of all file instance groups Introduction to

New Agent/Computer Management Features

New Agent/Computer Management Features

Several new features in Parity Server v6.0 enhance your ability to manage computers running Parity Agent:

Prioritize Updates – On the Computer Details page, you can now choose Prioritize updates to this computer. As the link name suggests, this increases (temporarily) the priority of this computer for receiving upgrades to configuration lists and to the agent itself from Parity Server.

Delete Offline Computers – On the System Configuration/Management Configuration page, you can specify the period of time offline after which Parity automatically deletes a disconnected computer from its list of managed computers.

Control Access to Agent Commands – On the System Configuration/Management Configuration page, you can control access to special commands for agent management by specifying a user or group or creating a password usable on all agents connected to your Parity Server. This is in addition to the agent-specific password that each agent has.

Enhanced Agent-Server Communications Security

Parity uses SSL security to authenticate and encrypt all communications between its server and its agents. By default, this is based on a self-signed Bit9 security certificate generated when Parity Server is started for the first time.

On the System Configuration/Secure Communications page, you can make one or more of the following changes:

You can edit the details of a self-signed certificate.

You can import another certificate, either your own self-signed certificate or from a certificate authority.

You can increase security by enabling certificate validation so that computers running Parity Agent always verify that the correct certificate is present on the Parity Server.

Additional Feature Changes

You can annotate the listing of any publisher with your own description. Publishers are listed on the Publishers tab of the Software Rules page. You also can Acknowledge pending publishers to indicate that you have seen them but have not approved them.

You can now use multiple snapshots as a baseline for a Baseline Drift Report.

On the Edit Policy page, there are now three different Information Links that allow you to view all files on computers in the policy, view all pending files on computers in the policy, and view all policy-specific bans and approvals that apply to the policy.

Event types and subtypes have been changed and re-grouped for improved clarity.

New email templates on the Alert Details page allow you to more easily configure email to announce file prevalence or Parity Knowledge-related alerts.

For rules that can either block a file or prompt the user to choose to block or allow the action, you can create a different agent notifier message for each case.

Tamper protection is improved for Parity Agent v6.0.

What was called “Detailed Global State” for files is now "Global Flags". In addition, some of the states themselves have been eliminated or renamed.

In addition, some of the states themselves have been eliminated or renamed. Introduction to Bit9 Parity
In addition, some of the states themselves have been eliminated or renamed. Introduction to Bit9 Parity

Bit9 Support and the Upgrade Process

Bit9 Support and the Upgrade Process

Parity Server and Agent upgrade support is covered under the Customer Parity Maintenance Agreement. Bit9 recommends contacting Technical Support prior to performing the upgrade for further details on the upgrade process and the latest information that supplements the information contained in this document. Technical Support is available to assist with the upgrade process to ensure a smooth and efficient upgrade installation.

Bit9 Technical Support offers several channels for resolving support questions:

Technical Support Contact Options

Phone: 877.248.9098 (877.BIT9.098)

Fax: 617.393.7499

Hours: 9 a.m. to 6 p.m. EST

(877. BIT9 .098) Fax: 617.393.7499 Hours: 9 a.m. to 6 p.m. EST Introduction to Bit9 Parity
(877. BIT9 .098) Fax: 617.393.7499 Hours: 9 a.m. to 6 p.m. EST Introduction to Bit9 Parity