Xprotect instance level settings

All instance-level settings for an Xprotect instance are listed in the Settings menu. Use these settings to enable and fine-tune some important Xprotect features.

Configurations page

The following are settings available on the Settings > Configurations page. These settings apply to all the hosts and objects you create as part of using Xprotect features.

Setting

Description

Custom Connectivity status thresholds

Use custom Connectivity status thresholds to deem hosts Offline or Unreachable. By design, the Xprotect agents send heartbeats to the Xprotect tenant once every Five minutes. If Xprotect does not receive Six consecutive heartbeats (that is, no heartbeat for the last 30 minutes), it considers that the host is Offline. If Xprotect does not receive heartbeats for 14 consecutive days, Xprotect considers that the host is Unreachable.

  • Set values for Hosts Status: Offline and Hosts Status: Unreachable timers.

If you set custom thresholds, the data on the Dashboard widgets, the Hosts page (Status column), and filters and Bookmarks that use Connectivity status as a criterion, automatically start to use the custom thresholds.

Auto Delete Unreachable Hosts

Reduce the operational overhead to manually delete the entries of hosts that are not part of the instance anymore. Use the Auto-delete feature in Xprotect to schedule auto-deletion of unessential Unreachable hosts. The Auto-delete feature runs background jobs to identify unessential hosts by tags assigned to them after finding them Unreachable for a specific time duration. You can configure the frequency at which these jobs must run.

This setting is useful for instances that have cloud-based hosts added as part of Adaptive Scaling features on third-party clouds such as AWS and Azure.

Data Archival policy

Some selected data such as Alerts, Policies, and Audit Logs for the instance is archived periodically. You can see the current Data archival settings and storage consumption for archived data in the Data Archival tile on the Settings > Configurations page

Contact your ColorTokens Account Manager to change the Data Archival policy for your instance.

Enable User Based Policies

Use this setting to enable User policies for the instance. User policies are Xprotect policies that provide user identity-based access to the applications and files on Xprotect-managed hosts.

  • Set the Enable User Based Policies toggle switch to enable User policies features for the instance. 

After you enable this setting, click the Configure LDAP button to set up LDAP integration for the instance to fetch user identities. You must also select Host groups that are allowed for User policies and enable User policies on the hosts in the Host groups. 

  • For instances that are upgraded to Xprotect version 8.18.0, this option is enabled by default.

  • For instances that created after version 8.18.0, this option is disabled by default.

    • Once enabled, you cannot revert this setting.

Agents and Audit Logs pages

The other Xprotect features/options available in the Settings menu are:

  • Agents - the options to download Xprotect agents for various supported OSes and the CLI commands to install the agents are available on the Settings > Agents page

  • Audit logs - all the options to filter Audit logs and download individual logs are available on the Settings > Audit Logs page.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.