Chapter 1: Introduction

Indeni offers the first proactive root cause analysis solution for network devices, designed to cut setup and administration time, lower costs, and ensure a stable, secure network. It is the first truly proactive system that:

  • Automatically identifies known devices.
  • Correctly identifies proper settings for known devices, cutting deployment time to five minutes or less.
  • Understands and analyzes thousands of parameters and compares settings in relation to each other.
  • Measures traffic throughput and flags approaching maximums.
  • Determines whether devices are partly or wholly functional or dead and, if non-functioning, identifies the cause and suggests remedial actions.
  • Flags the administrator when an error is seen, via alerts which can be forwarded by SNMP, email or pager.
  • Allows priority analysis of chosen critical parameters so that potentially severe problems can be flagged and dealt with first.

This user guide provides detailed instructions for installing and using Indeni. Additional support is available at www.indeni.com/support

Requirements

This guide is for technical users with a strong working knowledge of networking and network security administration. Users should be able to set up network devices on their own (Cisco routers, Check Point firewalls, etc., as the case may be) and be familiar with how to use the command line interface (CLI) for the chosen software.

Server Requirements

Indeni 5.5 supports both physical and virtual servers. The following hardware requirement rely on a parameter N which represents the number of network devices you plan to analyze with Indeni.

  • CPU: 64-bit capable CPU (minimum of 2 cores, with additional one core per every 20 devices in N)
  • Hard drive: 40GB + (2GB * N). For example, for 10 devices, a total of 60GB is required.
  • RAM: The formula is 50MB times N + 2GB, with the minimum being 4GB. For example, for 50 devices a total of 4.5GB is required. For a production setup, Indeni requires the use of at least 4GB.
  • Connectivity: the server should be able to access all of the required devices via TCP/IP. The server will also need Internet access to retrieve software updates. These can be done via an HTTPS proxy as well.

The installation disc includes CentOS 6.x with the required packages, so there is no need to pre-install anything on the designated physical or virtual server.

NOTE: The server must be connected to the network during the ISO installation. This should not be a problem on VMs but hardware servers are more prone to being disconnected from the network. If it’s not possible to connect to the network then please contact support@indeni.com

Web User Interface Access Requirements

The Indeni GUI is accessible via Web UI. Supported Internet browsers include: Microsoft Internet Explorer 8 or later, Mozilla Firefox 3 or later and Google Chrome. The browser’s pop-up blocker needs to be disabled.

Indeni can analyze both local and remote network devices over VPN or directly, providing you with a complete and comprehensive view of your network deployment at a global level.

NOTE: Experience shows that Google Chrome has the best performance of the above listed browsers and should be preferred.
Indeni can analyze both local and remote network devices over VPN or directly, providing you with a complete and comprehensive view of your network deployment at a global level.

Analyzed Device Requirements

If communications between the user workstations and Indeni and/or the communications between Indeni and the analyzed devices pass through a firewall, please allow the following:

Traffic from the user workstations to Indeni on the following ports:

  • SSH (TCP 22) – Allows SSH access to the Indeni device’s operating system.
  • HTTPS over TCP 8181 – Nonstandard port used for accessing the Indeni Web UI from users’ workstations.

Traffic from Indeni to the analyzed devices:

  • SSH (TCP 22) – Used for collecting information from the analyzed devices.
  • HTTPS (TCP 443)
  • Ping (ICMP Echo) – Devices are pinged regularly by Indeni to ensure they are responding. Note: the ping test can be deactivated in the individual device’s configuration at the Monitored Devices sub-tab under Settings.
Chapter 2: Installation

As stated in the previous section, Indeni runs on a virtual server or on a physical server.
Users will need to download the latest version of Indeni from www.indeni.com.

Installations on Virtual and Physical Servers

The Indeni ISO is used for deploying the system in virtualization environments or on a physical server.

  1. Access the download page. If you do not have this link contact your Account Manager to provide the Indeni ISO.
  2. Copy the downloaded ISO to a CD and boot the system from the CD. Installation will begin immediately (more on the installation screens below). Upon completion, the server will shut down.
    NOTE: Before using VMware for a virtual machine installation, please see “Setting Up Indeni on VMware ESX”.
  3. Remove the CD from the drive before restarting the server to avoid re-installing the software.

In either physical or virtual installations, the system is now ready to be configured, using the same procedures in either installation.

Configuring and Installing Indeni

Use the tab, arrow, and Enter keys to navigate within the installation screens.

  1. If you select No from the Driver Disk screen, go immediately to Step 4 to continue configuration of the network interface.
  2. If you select Yes from the Driver Disk screen, Figure 2 appears. Click OK.
  3. In the Driver Disk Source screen, select the device you want to use as the source for the driver disk. Click OK.
  4. Select Enable IPv4 support as shown in the figure to the right. Select Manual configuration and click OK.
  5. Enter the IP address, Netmask Prefix, Gateway and DNS server IP. Click OK.
  6. The Package Installation will run as shown to the right.
  7. When the setup is complete, the system will notify you and ask for a reboot. Click on the Reboot button.
  8. Once the system reboots, the next two screens shown below automatically appear. Specify the host and domain name. Click OK.
  9. After completing the configuration, click the Reboot button to reboot the system for the second time. NOTE: You can always return to the set up screens by running sudo isetup via the console or an SSH connection.

Logging in to the System – Console

You can log in to the system after reboot, as shown in the previous section:

  • Username: XXXX
  • Password: XXXX

In production environments, it is highly recommended that users change the default password, using the passwd command.

Logging in to the System – Web Interface

  1. Open a browser window
  2. Access Indeni’s web dashboard at: https://:8181/
  3. Substitute your server’s IP address for (example: https://10.3.1.87:8181/).
  4. Log in to the Indeni web dashboard:
    Username: XXXX
    Password: XXXX

Indeni Login Screen

Compliant vs. Non Compliant Mode

Indeni users have full control over which devices to add to the system and analyze. This process is described in Section 4: Getting Started.

The system offers two modes: compliant and non-compliant. Upon installation, indeni will ask whether the user wishes to operate in compliant or non-compliant mode. If “non-compliant” is chosen, devices can be deleted at will. Any or all devices may be removed from analysis if the user so desires, and thus will not show up on the overview screen that is shown in the next chapter.
IMAGE

See Section 5: Analysis and Alert Management, for full instructions on analyzing devices.

Chapter 3: Technical Overview

All major functions within Indeni are accessed from the tabs at the top of the dashboard. They include:

  • Operations Management
  • Compliance Management
  • Tools
  • Reporting
  • Settings

These tabs are available from all main screens within Indeni. The functionality of each one is described in this chapter.

Operate and Help Menus

These two menus are shown at the top left of the web dashboard:

  • Use the Operate menu to log out of Indeni. This menu also allows you to update the system.
  • Use the Help menu to link directly to this user guide online. The Help menu also provides Indeni support tools that allow you to create a debug report or to run a live debug of the Indeni application.

Operations Management

The Operations Management tab allows users to quickly add and configure new devices as well as view all current and archived alerts. Once devices have been added to the system, the screen for this tab provides at-a-glance information regarding alerts relating to each device, with rollover access to detailed information for each alert. Use the sub-tabs within this window (Alerts, Analysis, Knowledge Management, and Alert Archive) to access further functionality as described below.

NEW IMAGE

The Add Device button shown in the Monitored Devices panel on the left side of the screen is accessible only from this window.

Use the black arrow beside each device group in the Monitored Devices panel to expand or collapse the display for more alert information related to individual devices.

The sub-tabs in the Operations Management tab provide full access to all information and configuration settings related to alerts generated by Indeni:

Alerts

This tab displays all current alerts as well as the complete list of all analyzed devices and their associated alerts. Users can add devices, filter and search for alerts, and export alert data in several formats (pdf, csv, and xml).

Network Health

The Network Health tab presents a dashboard that provides an at-a-glance view of network health in real time.

Analysis

The Analysis tab provides the ability to visually track critical metrics over time. These metrics are correlated with the alerts that were issued at the relevant time.

Knowledge Management

Users have full control over how indeni handles alerts for each device. This screen provides a full list of alert categories and access to configuration settings by alert and by device. 

Alert Archive

Acknowledging alerts moves them from the Alerts list to the Alert Archive list. This screen allows quick access and filtering tools to search for specific archived alerts by date, device, or alert type. 

Complete functionality for the Operations Management tab is described in Section 5: Operations Management.

Compliance Management

The Compliance Management tab allows users to schedule daily backups for specified devices and directories, set up and edit configuration checks, conduct searches of analyzed devices and track changes made to devices (configuration journal).

Configuration Checks

Use this feature to define a profile that states what the baseline settings/configurations should be for a device or a group of devices, and then which devices should have that profile applied. For instance, users can set up a company-wide base profile designating the severity level for generating alerts, or create a profile for a specific type of device (e.g., Cisco Routers).

Backup

Indeni automatically collects backups for the chosen devices and backs up the device’s configuration in a separate file with a time stamp. The backup includes the files and data recommended by the vendor and system users for backing up a specific device.

Configuration Journal

This feature aggregates and tracks all changes made by any user to any device and time stamps them by the most recent change, for a convenient at-a-glance listing.

Configuration Check Reports

This sub-tab allows for the scheduling of a report that displays a summary of all the devices/groups that have not maintained compliance with the configuration checks that were set for those devices in the system.

Tools

The Tools tab allows users to Search for information in Indeni’s internal database, explore the device’s Live Configuration and export data from devices for further Troubleshooting.

Indeni Tools Tab

Search

This sub-tab allows users to search using free text through their network estate (all the analyzed devices). The search includes things like NIC configurations, SW versions, licenses, general settings, and configurations. Once the search is completed, the user also has the ability to compare findings between the devices and to print the outcome.

Live Configuration

Users may instantly view the actual configurations on the analyzed devices using the Live Configuration sub-tab. The information presented by Indeni contains both software and hardware data and is clearly presented in a table format.

Troubleshooting

The Troubleshooting sub-tab displays the list of analyzed devices. Choosing a device displays a list of commands and variables commonly used or required by the vendor when creating a debug report. This tool automatically generates a report that may be used with the devices’ vendor for debugging or bug reporting.

Users may instantly view the actual configurations on the analyzed devices using the Live Configuration sub-tab. The information presented by Indeni contains both software and hardware data and is clearly presented in a table format.

Reporting

You can quickly add, delete, or edit Indeni reports using the Reporting tab and its sub-tabs.

Device Configuration

 Device Configuration reports are sent at a set schedule and contain a set of archives using this sub-tab. Each archive represents the current configuration of a analyzed device.

Alert Summary

 Alert Summary reports are sent at a set schedule and contain information on the new alerts that were issued since the previous report, updates that have occurred to the existing alerts, and more

Procurement

 The Procurement sub-tab reports list all the analyzed devices that may require changes or upgrades. They also display information such as expired licenses and EOL devices.

Inventory Report

 This exportable Excel spreadsheet report provides both an overview of your entire network inventory and insight at a granular level, including model names and numbers, interface vendors, firmware versions, licenses, disk manufacturers, routes, VPNs, and much more.

Settings

The Settings tab includes a wide range of functions using the sub-tabs.

Indeni Settings Tab

Monitored Devices

Add and configure devices from this sub-tab, which functions identically to the Add Device button under Operations Management. Clicking on any device listed provides full access to its settings.

Groups

 Setting up device groups as shown above is a quick way to keep track of many different types of devices on the network. This sub-tab allows users to quickly add or delete devices from existing groups and set up new groups which can include individual devices and other device groups.

Integration

From this sub-tab, users can add SNMP masters for sending indeni alerts directly to existing systems (such as NMSs) as well as add Syslog and SMTP servers.

Users

Add or delete users, set passwords, designate permissions, and allocate specific groups of devices to specific users from this sub-tab.

Licenses

On this sub-tab, Indeni displays the current state of user licenses, whether valid or expired. Users can also use this sub-tab to upload new licenses or download license details.

Back up

This functionality backs up the Indeni system. Note: In Indeni 5.9 this is done automatically.

Audit Log

The Audit Log sub-tab provides a list of changes and activities that have occurred on the Indeni application.

Chapter 4: Getting Started

To begin using Indeni, users must first add at least one device for the system to analyze. By default at installation, the system has one user with a default login and password.

Managing Users

Indeni assigns administrator privileges by default to all users logged into the system. To add new users, set passwords, assign email contact information, and modify permissions for each person to be allowed access to the system, select the Settings tab, and then the sub-tab Users.

NOTE: If more than one user is to access the Indeni Web UI at one time, then additional users must be created. Indeni will not allow concurrent users to have the same login.

Adding a User

  1. Click the Add User button under Defined Users on the left side of the screen.
  2. In the dialog box, type a user name and select OK.

Indeni displays the Selected User’s Details screen with additional fields as shown. Indeni does not allow renaming the individual user. If a mistake was made when entering the username, the administrator must use the Delete User button at the top of the screen to delete the user. Re-add the user with the correct name. Usernames are case sensitive.

  1. Set the user’s password. Indeni requires the use of strong passwords. Passwords must be at least eight characters long and use both alphabetic and numeric characters.
  2. Passwords are case sensitive.
  3. Enter the individual’s email settings and the SMTP server.
  4. Assign permissions appropriate to this user.
  5. Choose the Groups this user will be allowed to view/manage.
  6. Scroll down to the bottom of the screen and select Save. The Defined Users list on the left now displays the new users added to the system.

Adding Devices to the System

To begin using Indeni to manage and analyze network devices, recognized users must add devices to the system. This is a fast and easy process.

Check Point

Secure Platform

  1. Log in to the device to be added using SSH or the console.
  2. Add a new user to be designated for indeni’s use:
    1. Use the bash shell instead of the default cpshell shell (also known as “expert mode”).
    2. First, run adduser <username>.
    3. Provide a strong password for the new user.
    4. Run chsh –s /bin/bash <username>.

IPSO

  1. Log in to the device to be added, using Voyager.
  2. Add a new user to be designated for Indeni’s use.
    1. The user should have the same permissions as the default admin user, and specifically, uid should be set to 0 (zero).
    2. The user should be in csh shell.
    3. The user should be part of the “wheel“ operating-system-level group.

GAiA
Adding a User to GAiA via the Portal

  1. Log in to the Web UI.
  2. Navigate to User Management -> Users
  3. Select the ADD button in the viewing pane.
  4. Add a user and select OK. Be sure to select the /bin/bash shell and the adminRole.

Check Point GAiA Indeni

Adding a User to GAiA Through CLI

To add a new user to indeni via CLI, use the following commands:
clish
add user indeni uid 0 homedir /home/indeni
set user indeni gid 100 shell /bin/bash
add rba user indeni roles adminRole
set user indeni password
save config
Exit

61000/41000 Security System

Please follow the “Adding a User to GAiA Through CLI” instructions above.

Provider-1/MDM on SPLAT, IPSO, GAiA

  1. Add the user as described above for the relevant OS.
  2. In the Indeni UI, add the MDS first.
  3. After the MDS is successfully added, add the CMAs/domains you would like to analyze. Ideally, these would be the CMAs/domains that manage the firewalls you have set Indeni to analyze.

Crossbeam (Blue Coat) running Check Point

  1. Add a user with the Unix su privileges.
  2. Please provide the Unix root password in the Add Device dialog

Cisco

ASA’s, Routers, Switches

Add a user who can enter Privileged Mode (level 15). If the user is not set to level 15, you will be required to enter the Privileged Mode Password in the Add Devices dialog.

F5 BIG-IPs

In the Web UI, navigate to System -> User

NOTE: For more information about why administrative privileges are needed, please refer to this article: http://indeni.com/how-to-select-script-monitoring-authentication-types/

Please note that when using the local admin account it is required to configure SSH access manually as this is not enabled by default.

Palo Alto Networks – Up to PAN OS 7.x – Panorama and Firewall

Add a user with Role “Superuser” (can be “read-only”)

Palo Alto Super User Indeni

Adding a Device in the Web UI

Once a user has been designated, click on Add Device at one of these locations:

  • Operations Management tab
  • Monitored Devices sub-tab in the Settings tab.

Add any device Indeni

Indeni supports adding multiple devices at once. If two or more devices are to be added at once, add additional device lines as needed by clicking the “ADD DEVICE” button in the dialog box. Delete unneeded blank boxes by clicking “X” on the symbol.

Supply the device name and IP address for each device to be added. For example:
Device Name: Cluster_Member1
IP: 10.3.1.88

You can choose from three options: Add New Device, Add Known Device, and Upload List of Devices. Users should add all devices that are not known first, and then known devices (see next section), to build a complete list before setting credentials.

Add multiple devices Indeni

When indeni is first installed it will ask whether the user wishes to operate in compliant or non-compliant mode. If “non-compliant” is chosen, devices can be deleted at will. Any or all devices may be removed from analysis if the user so desires, and thus will not show up on the overview screen. See Disable Monitoring.

Adding Known Devices

When adding devices, Indeni allows users to choose from a list of devices known to Indeni, based on Indeni’s analysis of management servers’ databases (where applicable). Known devices are those which meet the following conditions:

  • They appear in the database of at least one of the management servers currently being analyzed by indeni.
  • The associated management server considers the device to be one it manages (as opposed to an externally managed device).
  • The device has not previously been added to the list of analyzed devices in Indeni.

Use the Add Known Device button to access the Select Known Device field. Choose the appropriate device IP address from the dropdown lists.

Upload List of Devices

Using the third option, Upload List of Devices, allows users to quickly upload a CSV file listing all known user devices to be added. indeni will analyze the file and allow the user to review the results and decide whether to proceed or not. The format of the CSV file is simple, it should only contain lines of the following format: DEVICE NAME, DEVICE IP.

Upload list of devices Indeni

Choosing Credentials

Once all devices have been added, use the appropriate radio button to supply the proper credentials for these devices. indeni supports two methods of doing so under Credentials to Use: SSH (Advanced Monitoring) and SNMP (Standard Monitoring).

Choose Credentials Indeni

SSH (Advanced Monitoring):

Supply the SSH login details for the user added previously. For example:

SSH Username: XXX

SSH Password: XXXX

You may use an SSH Key, which replaces the need for a password. Clicking on this activates a text box that you can paste the SSH key into. If the key file is encrypted, an SSH Passphrase is also required. The password requirement depends upon the type of key file used.

NOTE: When using SSH RSA keys for authentication, you must make sure that on the device indeni is connecting to the authorized_keys file is only writeable by the user (mode 755 for ~/.ssh and mode 600 for ~/.ssh/authorized_keys).

Click Add, which simultaneously adds the defined devices and stores the chosen analysis method and credentials. The system will attempt to connect to the new devices using the credentials provided. indeni will gather as much information as it can to determine what the new devices are and what analysis should be conducted.

This includes:

  • Operating System (Nexus, GAiA, BIG-IP, Secure Platform, etc.)
  • Products (Routing, Switching, Load Balancing, Firewall, VPN, IPS, Management, etc.)
  • Version
  • Relationships between devices (such as relationships between cluster or device group members)

Indeni re-validates its conclusion every few minutes. If there is a change in the device (for example, products added/removed, change of version) the system will automatically adapt.

SNMP (Standard Analysis)

Standard analysis allows for the SNMP-based analysis of any device not listed in the advanced analysis devices. Via SNMP, indeni will pull information regarding CPU and memory usage, NIC statistics, storage information, and the defined routing table. The information is retrieved based on RFC1213 (http://www.ietf.org/rfc/rfc1213.txt), so the analyzed device is required to implement that RFC. To add a device under Standard Analysis:

  1. Go to the Settings tab and select the Monitored Devices sub-tab.
  2. Click the Add Device button.
  3. In the Add Device dialog box, choose the Standard Monitoring radio button.
  4. Fill in the Read Community string for accessing the device(s) via SNMP.
  5. Click Add to add the new device(s) to Indeni.

Devices that have been added appear in the list of analyzed devices on the left panel of the Operations Management tab. Users should review the alerts for any devices which were not added successfully to understand why and take corrective action.
NOTE: Devices for which advanced monitoring and analysis is supported MUST NOT be added through SNMP monitoring and analysis. This mode of operation is not supported.

Vendor Specific

Some vendors that Indeni supports require additional credentials or specific settings in order to allow indeni to access certain information. This is provided using the Vendor Specific section of the Add Device box.

Cisco Indeni credentials

Editing Devices

Administrators can also adjust settings for devices which have been added to the system using the Settings tab at the top of the screen and then the Monitored Devices sub-tab. Configuration settings for all other objects which are not the analyzed devices (such as SNMP, SMTP, and Syslog servers) can be accessed from the Integration sub-tab under Settings.

Live Configuration

The Live Configuration option under the Tools tab displays the entire actual configuration of the device, including resource utilization, device model, routing, etc.

Chapter 5: Operations Management

The Alerts Sub-Tab

Indeni was designed to simplify management of networks and to free an administrator’s time for business initiatives rather than endlessly chasing network issues. Using the power of Indeni to analyze devices and resolve alerts lies at the heart of the system’s usefulness.

The Alerts tab displays all alerts noted by the system under the Current Alerts pane.

Even when the issue has been successfully resolved, the alert will remain on the display until the user acknowledges and archives the resolved alert, or chooses to show only unresolved alerts. Resolved alerts are marked as “RESOLVED:”.

Monitored Devices

Indeni displays all devices by name under Monitored Devices.

Indeni Monitored Devices Tab

As noted in Section 4, the left panel of the Monitoring tab displays all devices currently being analyzed by Indeni. Use the View button on the left to toggle between displaying devices by cluster, type, or management hierarchy. Use the orange arrow to edit or filter alerts for individual devices or groups of devices. The Search field allows users to search for devices by any portion of a device name.

Current Alerts

The checkboxes in the left column of this portion of the screen allow users to manage multiple alerts.

  • Use the topmost checkbox (in the header row) to check or uncheck all boxes at once or to select those for the current page only.
  • Use the small, black down arrow beside the box to adjust selections as shown below.
  • Click “None” or click the box again to uncheck all selections.

The View button and the Search box above the list of alerts can be used to filter the alert list or to search for a particular alert ID. The Freeze toggle button halts the automatic update of the list of alerts.

Indeni Current Alerts Tab

Searching Alerts

The Search box in the Current Alerts pane supports searching for alerts associated with certain devices using the device name or IP address, searching for an alert ID, or searching for text within alert headlines and descriptions.

  • To display alerts for a particular device, type the device name in the Search field. (You can also click on the orange circle to the right of the device name in the Monitored Devices section to display alerts for that device only.)
  • To display a particular kind of alert, type the desired parameter in the Search field.
  • To search for text, type a text string. For example, typing “R60SMC” in the Search field will display alerts for all R60SMC members. Clearing the field restores the entire list.

Filtering Alerts

To filter alerts, use the orange arrow next to its name in the Monitored Devices display and choose Filter Current Alerts from the pop-up menu.

Note that the screen view on the next page displays alerts only for IPSO, IP address 10.3.3.56.

Indeni Filtering Alerts

Use the checkbox to the left of the ID field to check or uncheck all filtered alerts at once.

Columns and Functionality

To adjust the width of individual columns on the screen, select the Columns… option on the View flyout:

Filter Indeni Alerts

Use the checkboxes to select which columns to display. Alternatively, right-click on any column header to access this menu.

Severity

This column displays a colored flag for each alert. Colors range from red to blue to distinguish critical warnings from less severe alerts. This allows users to find and resolve alerts most likely to cause imminent downtime and to visually assess the type of alert and remedial action required.

The Monitored Devices list also displays the current state of the device itself using the icons shown here. If a device has other alerts, it will indicate the number and type using text colors corresponding to the flags (blue for Info, etc.).

Monitor Device Alerts Indeni

By default, Indeni displays alerts as they occur.

  1. To quickly sort by severity, click the View button above the Device column.
  2. Click on or off any of the alert categories in the flyout box shown on the next page (only one option can be selected at a time) and Indeni will display only that information. For example, if you do not wish to see resolved alerts, click Unresolved Only. Indeni will only display alerts the system has not yet resolved or could not automatically resolve.

Indeni alert unresolved

Indeni also provides a fast and convenient listing of each device’s individual alerts under its name in the list of Monitored Devices on the left. This provides at-a-glance status for each device. Critical status only appears if the device is truly unresponsive or Indeni is having trouble analyzing it; otherwise the Okay symbol will be shown even if there are alerts for this device. The user can see that the device, while still functional, has errors and can investigate and correct them as required.

ID: Indeni assigns a unique number to each alert as it occurs. By default, alerts display in descending order of severity and by date modified.

Device: This column displays the device name assigned to each device for which an alert has been flagged.

Headline: This column displays the actual alert information: a brief description of the condition indeni has observed as well as its status. In this column by default, each alert in the list displays in the “collapsed“ or at-a-glance mode, showing just the summary headline for the alert.

Last Update: This column allows users to further refine the displayed list of alerts by date range.

  1. Click the Filter icon in the column header.
  2. Click inside each blank field box to display a calendar.
  3. Choose the date range for the alerts you want to display and then click Apply
  4. To filter within a particular day, change the hour settings after the date in both the From and To fields to display alerts within a specified time range.
  5. Click Clear to clear the previous criteria. This will restore the entire list of alerts.
  6. To quickly sort alerts in ascending or descending order by date, click on the column name. A yellow arrow will appear. Click on it to sort the alerts.

Indeni filter by date

Reviewing Alert Details

To expand an alert to show its details, click on any headline. In the expanded detail, information is categorized in several ways:

  • Description: A general overview and explanation of the problem.
  • Custom Notes: Gives users the option to add their own notes to a specific signature or to a specific group.
  • Manual Remediation Steps: indeni’s recommendation for how to manually correct the problem.
  • Notes and History: A summary of when the alert has been created, resolved, or remains unresolved, along with any notes which were added to the alert by using the blue “Append note” link.

Indeni Remediation Steps

Indeni constantly updates unresolved alerts. You can freeze the display to stop the system from updating content for the current alerts by toggling the Freeze button (Click the button again to resume updates.)

Resolving Alerts

Indeni can flag certain errors and offer suggestions on how to resolve issues manually.

Each Headline message, when expanded, tells the user if an error can be resolved or not, and what the recommended manual action should be.

Click on the alert to expand it and read the details provided by Indeni for resolution. If hyperlinks are included, clicking on those will provide more information on the alert and the process for remediating the issue.

Resolve Alerts Indeni

Using the Resolve Button

Indeni provides a Resolve button above the Headline column to assist users in resolving alerts. It is enabled when at least one visible alert is checked. Clicking on the Resolve button gives the user several options, from acknowledging and archiving an alert to manually changing configuration settings for the device in question. Note that the Resolve button will not activate unless an alert is checked, not just highlighted.

Clicking on the Resolve button produces a flyout menu with the options shown on the next page:

Acknowledge Alerts Indeni

NOTE: Functions on the Resolve menu vary by the type of alert, as well as whether or not multiple alerts were selected or not. For instance, “Stop Alerting for this Device” may not be an option for all alerts.

  • Acknowledge Selected Alerts: Selecting this option archives the alert in the Alert Archive and removes it from the list. Resolved alerts which have been reviewed by an administrator should be acknowledged in order leave only the active alerts present in the current alert list. To do so, click on the Resolve button and then select Acknowledge Selected Alerts.
  • Stop Alerting for this Device: Selecting this option will prevent indeni from flagging this particular error on this device. It does not block flagging of other errors for this device.
  • Check Alert Configuration for this Device: This option allows users to quickly review and edit alert settings for a particular device.
  • Review Device Configuration: This option quickly takes the user to the configuration screen for this device to check and/or change settings that might be causing the error.
  • Advanced: This option provides several choices, from configuring default parameters to halting alerts on selected devices. It allows the user to either stop alerting for a particular error on one device only, or to prevent indeni from flagging this error on all analyzed objects.

Advanced Alerting Indeni

Resolving Multiple Alerts

Use the checkboxes in the far left column of the Monitoring tab to archive multiple Resolved alerts at once.

  • Check the box for each alert you want to archive.
  • Click the Resolve button and select Acknowledge Selected Alerts to archive these alerts.

Annotating Alerts

Each individual alert issued by Indeni can be manually annotated by users, allowing them to communicate among themselves regarding specific alerts, as well as noting down observations and actions to be taken. Indeni automatically populates the notes with major status changes of the alert such as when it was created, when it was deemed resolved, and when it was acknowledged.

Appended notes pertain solely to the alert they were added to, and not to future or other instances of the same issue in other devices. If you would like to add notes to all future alerts issued for a certain issue, add Custom Notes to the configuration of the alert.

To append a note to an alert:

  1. Click on the alert to expand it.
  2. Scroll to the bottom of the expanded details to Notes and History.
  3. Click Append note. Indeni will display a dialog box.
  4. Type your note text in the box and click Append to save it permanently to the alert’s details.

Notes pertain to the alert for an individual device; they do not appear in an identical alert for a different device.

Append Note Indeni

Temporarily Disabling Analysis

If alerting is to be suspended for a period of time on a particular device, its configuration can be set so that Indeni will not analyze it.

  1. At the Monitoring tab, choose the device from the list of Monitored Devices on the left.
  2. Click the symbol to access the Edit Device Configuration menu.
  3. Choose Stop or Suspend Monitoring Device from the flyout menu. The dialog box will appear.

When analysis is suspended for a particular device, its status icon will change to “pause.” Users can choose to stop analysis permanently, or suspend it for a specified period of time.

To resume analysis that has been disabled, use the Settings tab to adjust the device configuration in the Monitoring Method field. You may also use this field to set the device to Do Not Analyze. Save your changes. Indeni will no longer analyze this device or display alerts for it.

The Analysis Tab

The Analysis tab allows users to graph certain metrics over time, view historical values and correlate the data with alerts issued by Indeni.

Indeni Reporting Analysis

The analysis tab allows for easy control of the data that is presented:

  • At the top left, you can select the timeframe the data should be presented for.
  • At the bottom left, under Choose Parameters, you can choose one or more parameters to display on the graph.
  • At the bottom right, you may choose whether or not to show alert flags on the graph. These appear as “lollipops” at the bottom of the graph.

To export the data, use the buttons at the top right of the view.

Network Health Tab

The Network Health tab presents a dashboard that provides an at-a-glance view of network health in real time. All data is updated continuously.

The left-hand panel of the screen for the Network Health tab displays information related to the entire system being analyzed: number of devices, number and type of alerts, system uptime, etc. Users can add new devices to analyze directly from this panel using the blue Add Device link shown. (See Chapter 4 for detailed information on adding devices.)

The top central section of this screen displays a series of gauges which show the general health of an individual device or a group of devices. Using the Gauges values dropdown box, users can choose whether to display the Health status, CPU type, or Memory status of the individual devices or groups.

The user may also choose to customize the groups and devices shown by default on the central section. This is done by clicking on the plus sign to add an additional group or device, or by clicking on the negative sign and then the symbol beside each gauge to remove it from the list.

The “Others” group is a system group (automatically created) which appears only when Indeni finds analyzed devices which are not included in other groups on the dashboard. This group disappears if the user displays devices by All Objects or By Type or if all groups and devices are accessible from other groups in the dashboard.

IMAGE

By Type groups all devices of a particular type (Check Point firewalls or Cisco Routers, for instance). Individual devices or device groups created by the user are labeled by name.

When hovering over a device or a group with a single device in it, the system displays device parameters such as: its name, CPU, memory, the number of connections, and active alerts. Below each gauge is a summary of alerts and the uptime of the device.

Clicking on any gauge changes the displayed data in the right-hand panel of the Network Health tab. The panel shows the top alerts associated with the selected gauge. Double-click the gauge or the status line below it to drill down into the groups/devices which are included in that group.

For example, the following screen shows the individual devices within the R60SMC’s firewall group.

IMAGE

  • Clicking on a specific device, “R60SMC,” displays its detailed status information on the right.
  • Clicking “Home” returns the user to the main screen. The gauges for all selected device groups will reappear.

Note that there is a “bread crumbs” type navigation bar (highlighted) which is found above the gauges to facilitate navigation between the group levels.

Below the gauges is a real-time list of alerts flagged by Indeni. By default, the system displays the most critical (red) first. There are two layers for sorting: the first alerts are sorted by severity, and then within the severity groups, they are sorted by date.

IMAGE

This list of alerts is also found in the Operations Management tab.

Using Signatures in Alerts

To set how a particular alert should be managed, use the Knowledge Management sub-tab under Operations Management. The screen below lists every type of alert Indeni can identify. This list is updated and expanded regularly.

Indeni Communication Preferences

Managing the Signatures

The Alerts Within Category section of the Knowledge Management sub-tab allows users to quickly adjust settings for each type of alert.

  • Name: Individual alert descriptions are provided in the first column, identifying what indeni can observe. This column is informational only.
  • Default Settings for Alert: This allows users to choose how alerts will be flagged. Some alerts you may want to simply log; others are important enough to forward immediately to a user’s attention. By default, alerts with a severity of Critical or Error are set to SNMP+Log; the rest are set to Alert Only.

Indeni Preferences Alerts

Indeni will log or flag specific alerts in accordance with user preferences.

Configure

Clicking this button on the far right column opens a window where the user can individually configure alert settings for every currently analyzed device on the network. This includes setting a default configuration for this particular alert that will apply to every new object added to the network.

Configure ARP issues Indeni

  • Configure: The Default Settings are shown for all new objects. However, you can also individually configure each device by clicking its Configure button to open the Edit Alert for Specific Device window.

Edit alert default indeni

  • All devices have the same configuration options per alert; however, the various alerts have different parameters to be configured for this window.
  • Note that Indeni allows users to add customized notes here for all alerts. These can include additional information which system architects and administrators would like to present as part of Indeni’s alerting.

Select OK or Apply to save your changes, or Cancel to return to the Configuration screen.

Alert Archive

Indeni stores all resolved alerts. These are placed under Current Alerts until they are acknowledged. To review alerts acknowledged in the Alerts sub tab, use the Alert Archive sub-tab under Operations Management.

Sort or filter alerts by using the arrow or filter icons in the Last Update column header.

  1. Click the Filter icon in the column header.
  2. Click inside each blank field box to display a calendar.
  3. Choose the date range for the alerts you want to display and then click on Apply. To filter within a particular day, change the hour settings after the date in both the From and Till fields to display alerts within a specified time range. (See Last Update under Columns and Functionality in this chapter for more detail.)

Alert Archive Indeni

Chapter 6: Compliance Management

Configuration Checks

Indeni allows users to create baseline settings. Configurations are validated through the use of device profiles. Use this feature to define a profile that states what configurations should be set on a device, and then on which devices to apply the profile.

The system will constantly verify that each device in the profile complies with the profile or profiles assigned to it. Individual devices can have multiple profiles assigned to them.

If Indeni finds that a device is not in compliance with a profile, the system will issue an alert for each violation. This alert will appear in the Current Alerts list on the Alerts tab and also in the Configuration Check Report in the Compliance Management tab.

To access the Device Profiles settings:

  1. Click on the Compliance Management tab.
  2. Select the Configuration Checks sub-tab

Adding a Profile

  1. Add profiles using the Add Profile button on the left. You can add as many profiles as you wish.
  2. For each profile, choose the devices you want to manage from the Devices Not Yet Included list on the right side of the screen under Profile Configuration.
  3. Click the double right arrow to include the chosen device(s) for this profile.
  4. Give the device profile an appropriate name in the Profile Name field.

IMAGE

To add an item to the devices to be included in the profile:

  1. Click the Add Item button in the bottom right corner of the Device Profiles sub-tab screen. indeni will display the Profile Items dialog box, that allows users to choose which configurations to have validated, checked, and alerted in this profile.
  2. Choose the item type. See the next section, Using Item Types, for specific information on each selection.
  3. Click OK.
  4. You may add as many items as you want. For each item, configure the settings in the Profile Items dialog box.
  5. Once you are done configuring the profile, click Save.

Using Item Types

By assigning any or all of the item types in Device Profile, you give indeni the necessary information to validate, check, and alert if the status of a device is not according to the profile. indeni continuously analyzes the configuration profile on those devices and reports violations as an alert to system administrators.

Below you will find a few examples of items that can be enforced via a profile. For each example, we show a Profile Item configuration and then the resulting message that appears in alerts for affected devices under the Alerts tab. Note that in each alert a reference is made to the device profile by name.

Hotfix(es) Installed

Specific issues addressed by hotfixes are available. indeni alerts if the required hotfix has not been installed.

NTP Servers In Use

The Device Profile will check that the specific NTP servers which are listed are the ones being used by the devices in the profile.

Users Defined

If you want to ensure there are no unexpected users defined on your devices, this item type will enable that.

Syslog Servers In Use

Indeni will check that a specific Syslog server is being used by the devices in the profile.

RADIUS Servers In Use

Indeni will check that a specific RADIUS server is being used by the devices in the profile.

Ensure a Minimal Number of Connections or Sessions are Open

The profile can flag a device that suddenly reports less than a set number of connections or sessions, which can occur when the device has been circumvented by other network equipment. This item will alert when this happens.

DNS Servers In Use

Indeni will check that the DNS server is being used by the devices in the profile.

Core dumping Enabled/Disabled

When core dump files are created on the device, it may hint that certain processes have failed recently. If this item type is enabled, indeni will validate that core dumping is actually enabled on the analyzed device in the profile.

Deleting an Item from the Profile

Click the Remove button at the bottom of the item’s configuration section. You may have to scroll down to see the button.

Deleting a Profile

Click the Delete button at the bottom of the Profile Configuration screen.

Backup Schedules

Indeni can be set to automatically collect backup data for specified devices or groups of devices. Each device’s configuration will be backed up in a separate file that includes the files and data that should be included in the backup, as recommended by the vendor and according to best practices.

Scheduling Backups

Backups can be scheduled for individual devices. You can also add a Group to the backup schedule.

  1. From the Compliance Management tab, select the Backups sub-tab.
  2. Click on the New Backup icon in the left panel. Use the backup settings under Edit Backup Schedules on the right to provide a Schedule Name.
  3. In the Backup Storage Path field, provide the path where these backup files will be stored (this may be either on the Indeni machine or on a remote location).
  4. Choose the devices or groups you wish to back up from the Excluded Devices/Groups list. Use the double arrow buttons to add or remove devices in the Included Devices/Groups list.
  5. In the Schedules and Receivers portion of the screen, set the time of day you want the backups to run. By default, the backups will be saved daily.
  6. Choose the users who will receive notification of backups and their success or failure.
  7. If desired, use the Backup Details field to add further instructions for use of this backup file. It will be saved as a README text file in the backup archive. Additional Files or Directories can be backed up by providing their paths – one path in each line.
  8. Click Save to save the new backup schedule, or Delete to remove it from the list.

Adding Additional Backup Schedules

  1. Click the Add button in the left panel. A New Schedule will appear in the Backup Schedules list on the left.
  2. Click on the New Schedule icon.
  3. Follow steps 2-8 as shown in the previous section.

Configuration Journal (change tracking)

In the Compliance Management tab select the Configuration Journal sub-tab. This functionality aggregates and displays all of the changes users have made to analyzed devices, time stamped and listed by the most recent, to enable a single at-a-glance listing.

The columns include the following data:

  • ID: Device ID
  • Device: Device name and IP number
  • Change Summary: All changes made to analyzed devices are displayed here. To access details for each change, click on each individual line to expand it. Click again to collapse it. The summary includes the exact details of the changes that were made.
  • User: Displays the user who made the change.
  • From: Displays the IP of the user who made the change.
  • Timestamp: The most recent changes are displayed first

IMAGE

Configuration Check Reports

This report provides a detailed report of all devices that do not comply with the device profile set for that device.

  1. Select the Configuration Check Reports sub-tab at the top of the screen.
  2. Click the Add Schedule button in the Defined Schedules list.
  3. A New Report icon will appear under Defined Schedules. Edit the details under Scheduled Report Configuration on the right
  4. Give the report a new name in the Report Name field.
  5. Choose the devices to be included in the report from the Excluded Devices list and click the double arrow to add them to the Included Devices list.
  6. You can generate the report right away by clicking on the Create Immediately button; otherwise, go to step 7.
  7. Set the time Indeni will generate and deliver the report in Schedule and Receivers. All alerts generated since the previous report will be included, as well as any updates to previously reported alerts.
  8. Select the users to receive the report. Indeni provides a list of all system users. These users will receive reports only for those devices they are allowed to see, even if the original report was set to include all devices being analyzed.
  9. Save your changes.

 

Chapter 7: Tools

The Tools tab allows quick access to Indeni’s debugging tools and a debug report generator to pinpoint errors and obtain details for the analyzed devices listed in the left panel under Debuggable Objects. (Debug the indeni software from the Help menu.)

The Object Debug Panel on the right changes according to the type of device selected for debugging.

Search

With the Search pane, Indeni users are now able to search for configurations, settings and other parameters on all analyzed devices. This tool allows free text search for things like NIC settings, patches and hotfixes, software versions, licenses, users, etc. The outcome of the search provides all the relevant results structured in a table, which can be printed.

  1. Click on the Tools tab.
  2. Select the Search sub-tab. Enter the relevant text in the search field and press the Explore! button on the right.
  3. Indeni will then automatically search for any parameters that meet the search criteria. Once this ends, the results will be displayed in a table.
  4. Click the printer icon to the top right of the table to print results.

IMAGE

Live Configuration

Live Configuration allows Indeni users to quickly and simply access all the configurations and settings on their analyzed devices.

  1. Click on the Tools tab.
  2. Select the Live Configuration sub-tab.
  3. Choose a specific device from the list on the left side of the screen.

Indeni will display in a table format all the configuration details of the particular device, once this device has been chosen from the list.

You can use the search field in the left panel to find specific devices either by IP or by device name.

Troubleshooting

  1. Select the Troubleshooting sub-tab to generate debug reports. The Debug Report Generation in the Object Debug Panel compiles reports by individual device. By default, all commands and variables are chosen based on vendor-specific requirements and best practices. Users may choose to remove some commands from the debug report based on specific requirements.
  2. Choose the device you want to report on from the list of analyzed devices in the left panel. This will display a list of reportable items that indeni will check and report on.
  3. Click on the Generate button to obtain the report (scroll down to access this button).

To view details of the report:

  1. Click the Download Last Generated Report button. indeni will compile a .zip file of text documents which users can download. The report includes text files of the output of all the commands which Indeni ran in the debug report.
  2. Double-click on any of the files to review the individual report.
    1. After viewing the debug report, users can change the device’s internal configuration using the vendor-specification interface
    2. Run the Device Debug report often to check for continuing errors.
Chapter 8: Reporting

Indeni’s reporting function provides users with emailed reports on a user-set schedule. The Reporting tab lists the type of reports available in sub-tabs at the top of the screen. Currently Indeni allows scheduling for four reports. Click on the appropriate sub-tab to choose the desired report to schedule.

Device Configuration Report

This consolidated report provides a separate report for each device included in the report parameters. Device Configuration reports are sent on a set schedule and contain a set of archives. Each archive represents the current configuration of a analyzed device

  1. Click on Reporting, and then the Device Configuration sub-tab.
  2. Under Defined Schedules on the left, click the Add Schedule button.
  3. An icon will appear under Defined Schedules. Edit the details for the schedule under Scheduled Report Configuration on the right:
  4. Give the report a new name in the Report Name field.
  5. Choose the devices to be included in the report from the Excluded Devices list and click the double arrow to add them to Included Devices.
  6. Set the time that Indeni will generate and deliver the report in Schedule and Receivers. Currently Indeni provides reports daily. Schedules are based on Indeni server time.
  7. Select the users to receive the report. Indeni provides a list of system users. These users will receive reports only for those devices they are allowed to see, even if the original report was set to include all devices being analyzed.
  8. Save your changes.

Alert Summary Report

The Alert Summary report lists all new and updated alerts that were added or modified since the previous report as well as updates to current alerts, etc.

  1. Click on the Alert Summary sub-tab option at the top of the screen.
  2. Click the Add Schedule button in the Defined Schedules list.
  3. A New Report icon will appear under Defined Schedules. Edit the details under Scheduled Report Configuration on the right.
  4. Give the report a new name in the Report Name field.
  5. Choose the devices to be included in the report from the Excluded Devices list and click the double arrow to add them to the Included Devices list.
  6. Set the time Indeni will generate and deliver the report in Schedule and Receivers. All alerts generated since the previous report will be included, as well as any updates to previously reported alerts.
  7. Select the users to receive the report. Indeni provides a list of all system users. These users will receive reports only for those devices they are allowed to see, even if the original report was set to include all devices being analyzed.
  8. Save your changes.

Note that the reports list in the left panel displays only those reports created for the individual sub-tab you have selected (Device Configuration or Alerts Summary). If multiple reports have been created under either sub-tab, select the report you want to configure from the list.

Procurement Report

Device Performance and End of Life reports are sent on a set schedule and contain all the information needed to assess whether a device requires upgrade or replacement. The ranking is comprised of several parameters such as CPU and memory utilization and end of supports.

  1. Select the Procurement sub-tab at the top of the screen.
  2. Click the Add Schedule button in the Defined Schedules list.
  3. Give the report a new name in the Report Name field.
  4. Choose the devices to be included in the report from the Excluded Devices list and click the double arrow to add them to the Included Devices list.
  5. Set the time Indeni will generate and deliver the report in Schedule and Receivers. All alerts generated since the previous report will be included, as well as any updates to previously reported alerts.
  6. Select the users to receive the report. Indeni provides a list of all system users. These users will receive reports only for those devices they are allowed to see, even if the original report was set to include all devices being analyzed.
  7. Save your changes.

Inventory Report

This report exports as an Excel spreadsheet with multiple tabs presenting details regarding your analyzed devices.

To access the report from the Reporting tab:

  1. Click on the Inventory Report sub-tab.
  2. Choose from the list of Excluded Devices which analyzed devices you do not wish to include in the report.
  3. Choose from the list of Included Devices to include which analyzed devices you want to report on.
  4. Click the Generate button in the lower right corner of the screen. This generates a report entitled “inventory.xls”.
  5. Choose whether to save or open the file.
  6. Click OK when the Report Generation Complete dialog box appears.

This report generates multiple tabs. Navigate through them for detailed information on each device included in the report.

Chapter 9: Settings

The Settings tab provides access to a variety of functions within Indeni through its sub-tabs.

Indeni Settings

Monitored Devices

This tab provides the same functionality for adding, deleting, and configuring devices as described in Chapter 4: Getting Started.

Here users can change the parameters which define how indeni analyzes a device.

Connectivity

This option allows users to set and troubleshoot connection issues, change the device password, view the security key, and adjust other connection settings that may be causing network issues.

Connectivity parameters need to be set for each device. Hover over the icon for more details about each parameter, which vary by vendor, model, and device:

  • SSH Connection Timeout: The maximum wait time when connecting via SSH before deciding the device is not responding. Choose a value (days, hours, minutes, seconds).
  • SSH Username: Provide the SSH name to be used to log in to the device.
  • SSH Password: Provide the SSH password to be used to log in to the device.
  • SSH Private Key: Provide a private key to be used, if any.
  • SSH Private Key Passphrase: This field is required only if the private key is encrypted.
  • Max Aggregated Connection Bandwidth (in bytes): Maximum number of bytes per second that can be sent in each direction to avoid overload. Enter the maximum bandwidth value you want the connection to allow.
  • SSH Port: The port on which the SSH server is running. Set a port number.
  • Approved Host Key: Allows the client to determine if the SSH server being connected to is the correct one. Only one host key is approved for use at a time. Enter the approved key.
  • SSH Connection Reestablishment Timeout: The time to wait before attempting to reconnect. This value gives administrators time to resolve issues and ensures the device will not be overloaded with reconnection attempts. Choose a value (days, hours, minutes, seconds).
  • Require Ping Response for Alive Checks: Forces the device to respond to ICMP ECHO and TCP Port 7 to be considered alive. Toggle On or Off.
  • Max SSH Session Count: The maximum number of SSH alerts allowed for this device. The lower the number, the longer it will take for a particular issue to be identified and alerted upon. Choose a maximum number from the dropdown box.

Paths

During certain processes such as creating backups, Indeni stores information locally on the device and then fetches it to the Indeni server. Temporary files are deleted from the server when the operation is complete. Set the Location for Temporary Paths on Device.

Indeni paths

Troubleshooting parameters

Users can set a variety of parameters for troubleshooting the individual device. Hover over the icon for more information, as parameters change by vendor, model, and device.

Indeni Troubleshooting Parameters

  • Resource Test Critical CPU Usage Threshold: Defines the critical resource usage value that triggers a slowdown in analysis operations. Enter a value.
    Alternate SSH Port: When communicating with a Linux or FreeBSD-based device, Indeni may use an alternate SSH communications port in order to separate between Indeni’s actions and user-driven activities.
  • Resource Test Critical Memory Usage Threshold: Defines the critical resource usage value that triggers a slowdown in analysis operations. Enter a value. (In the example, if memory usage is above 90%, Indeni will stop analyzing the device.)
  • Override Resource Test: Indeni monitors resource usage for each device under normal analysis conditions and slows down analysis if critical levels are reached. Check the box to override this mechanism. Indeni will no longer monitor resource usage as a safety mechanism for this device. This is not recommended.

Groups

Indeni allows users to group analyzed devices in order to quickly find objects of a particular type, such as all Juniper devices, or custom groups based on geographical location or organizational/network infrastructure.

To add a new group:

  1. Choose the Settings tab, and then the Groups sub-tab.
  2. Click the Add Group button on the left panel.
  3. Provide a Group Name.
  4. Choose devices to add to the new group from the Devices Not Yet Included list and use the double arrow icon to move them into the Devices to Include box.
  5. Add an existing group to the new group as desired by choosing it from the Groups Not Yet Included box and adding it to the Groups to Include box.
  6. Click Save. The new group will appear in the list of Defined Groups on the left.

To edit an existing group:

  1. Click on its name in the Defined Groups list on the left side of the screen to display its current settings.
  2. Make the desired changes.
  3. Click Save.

Customized Notes: A user may choose to add custom notes that will be displayed along with other information on the alerts on specific groups and subgroups.

Scheduled Maintenance Window

To set up a maintenance schedule for a device:

  1. Click on the Add Window button: Enter the preferred time frames.
  2. To remove a schedule that has already been set up: Click on the Remove button.

Schedule Maintenance Indeni

Settings change by type of device, so not all devices will include all of the parameters listed above.

Integration

This tab manages a variety of objects used to notify users of alerts. Indeni can be configured to send alerts via SNMP trapping, SMTP email, or by using the UDP syslog protocol. Users must add the type of server desired to Indeni and configure the system to forward alerts to the desired users.

Indeni Integration SNMP

Adding an SNMP Master

SNMP trapping captures alerts, which can then be forwarded to a user’s mobile phone or pager for further action. Indeni supports any SNMP master.

IBM Tivoli

Indeni has been verified to be compatible with IBM Tivoli and has achieved the IBM Ready for Tivoli status. To request the files required to use IBM Tivoli please contact support at: http://indeni.com/support

CA Technologies

Indeni is also a Technology Alliance Partner of CA Technologies, providing security assurance solutions through their Technology Partner Program. Our solution helps ensure continuity of services and provides deep insight into real-time performance as well as impending issues that could impact service delivery. For more information on how to configure the integration between Indeni and CA Spectrum Infrastructure Manager, please download Integrating Indeni with CA Spectrum Infrastructure Manager at http://indeni.com/support

HP

Indeni participates in HP’s Enterprise Management Alliance Program. The software has been validated to integrate easily with HP Operations Manager (HP OM). HP OM contains a tool to convert the Indeni Management Information Base (MIB) file to a HP OM policy. The tool is not an integral part of HP OM but rather a contributed addition. The MIB file and more information on configuring Indeni with HP OM can be downloaded from http://www.indeni.com/support.

To set up SNMP trapping for Indeni you must set up a server capable of receiving SNMP traps and configure it to accept traps from Indeni. An SNMPv2 community or SNMPv3 USM setting is required for SNMP to operate correctly.
Once the SNMP Master is set up on the server, at the Settings tab:

  1. Select the Integration sub-tab.
  2. Click the Add Device button under Defined Objects.
  3. Select SNMP Master.

Use the setup screen shown on the next page to configure SNMP trapping for this master. Assign appropriate names and passwords to individual masters, and choose the security algorithm in use on your system from the drop down lists provided. The user can do any of the following and then Save the changes:

  • Assign only a host address IP, hostname and community (that is, no SNMPV3 settings).
  • Set all fields EXCEPT for community (no SNMPv2 settings).
  • Set all fields.

Note: Hover over the icon for more details about each parameter.

When finished, by default, all alerts having an Error or Critical severity will be sent via SNMP traps to this master. Users can change what alerts are trapped, logged, or sent via the Signatures sub-tab on the Monitoring tab.

  • Use the Send Test SNMP Trap button to test the new configuration.

Configuring Indeni as an SNMP Device in the SNMP Master

When configuring the SNMP Master, users should:

  • Download the MIB file accessible at http://www.indeni.com/support.
  • Configure the SNMP Master to use the MIB to fetch data from indeni as well as receive the SNMP traps. indeni currently supports two trap formats:

indeniNewAlertTrap: This is issued when an alert is created. The trap contains all of the information pertaining to the alert, including its ID, in a trap field called indeniAlertEntryIndex. The trap fields are:

  • indeniAlertEntryIndex: The ID of the specific alert that was generated
  • indeniAlertSeverity: The alert’s severity
  • indeniAlertHeadLine: The alert’s headline
  • indeniAlertDescription: The alert’s description
  • indeniDeviceName: The name of the device the alert pertains to
  • indeniDeviceIp: The IP of the device
  • indeniAlertCategory: The category the alert belongs to
  • indeniAlertBaseIdentifier: The type of alert
  • indeniAlertStatus: The alert status
  • UNRESOLVED: Normally the status when an alert is first generated
  • RESOLVED: Normally issued as part of trap type 2 below
    indeniAlertStatusUpdateTrap: This is issued when an alert’s resolved status changes. When an alert has been remediated, indeni automatically changes the status to Resolved; however, if indeni later re-verifies and identifies it as unresolved it will remove the Resolved designation. Whenever the status changes, either from Unresolved to Resolved or vice versa, this trap will be issued with the ID of the original alert in the indeniAlertEntryIndex field. New values will appear in the indeniAlertSeverity and indeniAlertStatus fields.

Adding an SMTP Server

Indeni provides the means to add an SMTP server to the list of managed devices to facilitate alert emailing. Once configured, Critical and Error alerts are sent through this server by default.

To add a new SMTP server:

  1. Go to the Settings tab and select the Integration sub-tab.
  2. Click the Add Device button and select SMTP Server.
  3. Configure the new server.
  4. Use the Send Test Email button to test that the configuration is correct.
  5. Save the configuration. Indeni will add the new SMTP server to the list of Defined Objects.

 

Indeni SNMP Trap integration

Adding a Syslog Server

Indeni is also capable of sending alert information to syslog servers using the UDP syslog protocol. In order to conform to compliance requirements, administrators can also choose to have Indeni send a syslog message whenever a user attempts to access the system via the web dashboard, including whether or not such access was granted.
To add a syslog server:

  1. Go to the Settings tab and select the Integration sub-tab.
  2. Click the Add Device button under Defined Objects on the left side of the screen.
  3. Select Syslog Server.
  4. Configure the new syslog server.
  5. Send a test message to determine if the configuration is working.
  6. Save the configuration. Indeni will add the new syslog server to the list of Defined Objects

Indeni Syslog Integration

Users

Use this subtab to add, delete, and edit users, passwords, email settings, permissions for setting up and remediating individual devices, and permissions for group objects, as described in Chapter 4: Getting Started.

Licenses

Indeni’s license expiration date and limitations depend on what was purchased. To determine the status of your current Indeni licenses or to upload a new license, Select the Settings tab and then the Licenses sub-tab.

Licenses are obtained from an Indeni reseller as a file with a “.lic” extension. Users must download the .lic file to their own hard drive and then upload to Indeni. The file can then be removed from the local hard drive.

Indeni License

This screen displays the current status of the Indeni license as well as the exact terms of the license, such as the number of devices allowed, the expiration date, etc.
The system will notify users via an alert in the Operations Management tab when one of the following conditions is observed:

  • If 90 days remain before the license expires.
  • If the license has already expired.
  • If the user is approaching the limit of allowed analyzed devices.

Indeni Backup

Indeni will automatically collect backups for Indeni’s configurations and settings. These may be used in future to restore the configuration, settings, device info, alerts and all other content from Indeni. The backups will be stored in a separate file with a timestamp in the backup storage path shown on the next page.

A default backup schedule has also been setup by Indeni.

To schedule backups for Indeni in addition to the default backup:

  1. From the Settings tab, select the indeni Backup sub-tab. Note that the default indeni backup shows up predefined (out of the box).
  2. Click the Add button. New indeni backup will appear in the indeni Backup Schedules list on the left.
  3. Use the backup settings under Edit indeni Backup Schedule on the right to provide a Schedule Name.
  4. In the Backup Storage Path field, provide the path where these backup files will be stored.
  5. Check the box if desired to Include confidential data, such as SSH passwords
  6. In the Schedules and Receivers portion of the screen, set the time of day you want the backups to run and how often. By default, the backups will be saved daily.
  7. Choose the users who will receive notification of backups and their success or failure.
  8. Under the heading Backup Details, you can include instructions on how to utilize a backup that has been created by this backup schedule. These instructions will be saved as a README file in the resulting backup archive.
  9. In the field for Additional Files or Directories to Include, you can add directories and files to include in the backup file. Each path should be on a separate line and its format should be compliant with the operating system installed on the devices you’ve chosen to back up.
  10. Save your changes.

Indeni Insight

Indeni Insight is designed to help CIOs and network architects gain more control and visibility over their networks. It works by supplying valuable insights and hard-to-access data about your network and other organizations’ networks from around the globe – enabling you to make smarter decisions.
For more information on what Indeni Insight includes and how it works, visit this page: http://indeni.com/indeni-insight/

Enable Indeni Insight

Audit Log

The Audit Log sub-tab shows a list of changes and activities that took place in the indeni application. Its information does not apply to analyzed devices.

  • ID – Indeni assigns a unique number to each entry as it is added to the log. By default, items in the Audit Log display in descending order of occurrence.
  • Type – This column displays the type of action that took place. You can set these by clicking on the filter icon, which brings up the available choices. All of the action types can be selected for viewing in the report:
  • User – This column displays the name of the user who performed the action. You can set this for one or more users by clicking on the filter icon and making your selections.
  • Summary – This column displays the actual outcome of the action, such as “User’s permissions updated.”
  • Affected Objects – This column displays the number of objects that have been affected by the action.
  • Timestamp – This column allows users to display individual items in the Audit Log by date range. (See Last Update under Columns and Functionality in Chapter 5 for more detail.)
Chapter 10: Upgrades, Support

Upgrades

Products offered by Indeni, like networking itself, are constantly evolving. New capabilities and functionality, including Indeni’s ability to recognize and configure new devices and identify and resolve additional errors, are being added on a regular basis.

Updates are performed by running the “apt-get” Linux from Indeni’s server CLI.

Note: Updates require access to Indeni’s repositories residing on Amazon’s Web Services at s3.amazonaws.com

  1. Log into Indeni’s server using an SSH console
  2. Run the following commands:
    sudo apt-get update
    sudo apt-get upgrade

Support

The Support section of www.indeni.com is available 24/7. Documentation, including updated editions of this user manual, is available via .pdf download.
Additional support is also available via:
Toll-free: +1-877-778-8991
Online support: http://www.indeni.com/support
Email: support@indeni.com

Chapter 11: Terminology

Cluster Member
A network device which takes part in a cluster using one of the known clustering protocols (VRRP, ClusterXL, NSRP, JSRP, HSRP, etc.).

Analyzed Device
A device the Indeni application connects to and analyzes. indeni may possibly use its data to assist with the analysis of other devices. Check Point Security Gateway, Cisco Router, Juniper Firewall and F5 LTM are examples of such devices.

Chapter 12: System Security and Safeguards

Database Structure

Indeni stores its information locally on the hard drive on which it is installed. The database contains different types of information with two general classifications: highly confidential and confidential. The highly confidential information is stored within an encrypted file (using two types of encryption employing industry standards and best practices). The confidential information is sorted in non-encrypted files.

The database files are not accessible via the web interface and can only be retrieved by logging into the system via SSH and downloading them using standard protocols (SCP, SFTP, etc.). The SSH service is the standard sshd application, which has a long track record of being safe so long as the passwords selected by the user are strong ones. Refer to your organization’s password policies for more information on choosing a strong password.

Underlying Operating System

The operating system supplied with the system is CentOS 6.x 64-bit, with most packages removed. By default, the set of services accessible via the network has been reduced to the absolute minimum required, further hardening the operating system. These services are:

  • SSH (OpenSSH_4.3p2)
  • HTTP and HTTPS (Jetty)

Device Access Credentials Storage

The credentials used to access devices, such as the SSH Username and Password, are stored within the database described above. The username is stored in the confidential store, while the password is stored in the highly confidential store (and is encrypted). By protecting the database files, an organization is protecting this information from being compromised.

Password Security of Users Defined in the System

All users defined in the system (allowed to access the system itself via the web interface) are required to use strong passwords as defined by PCI DSS requirements 8.5.10, 8.5.12, 8.5.13, and 8.5.14. Passwords are stored as salted hashes within the encrypted database. This protects the original passwords from being recovered.

Protecting Analyzed Devices

The commands executed on analyzed devices (routers, firewalls, load balancers, management servers, etc.) are defined by the internal logic of the product and cannot be modified by a user. This is to limit the commands that can be executed by Indeni on analyzed devices to those which have been tested and approved by Indeni.

Indeni also monitors the resource usage (CPU, RAM, etc.) on each analyzed device and reduces the analysis work to an absolute minimum if it notes that the resource usage has crossed certain thresholds. This is in order to avoid placing an extra load on an unstable device that may result in its failure. Once the resource usage returns to normal levels, full analysis operations are resumed.

No Change Policy

Indeni has a very strict no change policy, meaning no changes will be made on the devices Indeni analyzes. The only writing actions Indeni executes is to write temporary files to /tmp and to initiate an additional instance of SSHD when needed.

Chapter 12: Basic Troubleshooting

Below are some basic troubleshooting procedures which may be used to verify and initial setup or any communication errors between Indeni and the analyzed devices:

Accessing Web UI

When accessing the web UI, please verify that the URL format is https://<indeni_ip>:8181/ (example: https://10.3.1.87:8181/) and that port 8181 is open and not restricted by any firewall rules.

Adding Devices to Indeni

The following pages address common scenarios of problems users encounter when adding a device to Indeni. Note in the following examples that there is a further explanation of the problem within each alert shown, which can assist you in finding the solution. In most cases, the content of the alert will provide the user with all the required details. Please make sure to expand the alert so that the alert’s content becomes available.

Verify SSH connectivity between Indeni and the analyzed device by connecting to indeni over SSH and initiating an SSH session into the analyzed device using indeni’s designated username and password.

In some cases, as indicated in the alert’s details, management servers require their superior management server to be analyzed before they can be analyzed (for example, MDS needs to be analyzed before a CMA can be, in the case of Check Point). If indicated, please make sure to analyze the superior management servers.

Failed to communicate – No response on port 22
This is how the alert would appear:

Port 22 Indeni

As a first step to assess where the issue lies, try to SSH from the indeni server to the analyzed device. If this fails, try to understand why this happens and this will lead to solving this issue. Make sure that port 22 is opened in your firewall. Please check the rule base of any firewalls involved in the path between indeni and this device to ensure this port is allowed.

Failed to communicate – SSH Credentials
This is how the alert would appear:

SSH Credentials Indeni

Authentication failed. Please update the SSH credentials as follows.
Find the device ID in the list on the left panel of the Monitoring/Current Alerts screen. Click on the orange circle beside the device to change its settings. From the pop-up, select Device Configuration/Monitoring Parameters.

Device configuration Indeni

The Edit Device window opens. Scroll down the Edit Device screen and update “SSH Password” or “SSH username” field. Click on Save.

Edit Device Indeni

Setting Up Indeni on VMware ESX

Indeni can run on a number of virtual environments. This appendix takes you through the Create New Virtual Machine wizard, providing the steps necessary to set up an indeni server on VMware ESX.

IMPORTANT NOTE: When defining the network interfaces of a VM in a VMware environment, please choose E1000 as the adapter type and not vmxnet.

Creating a New Virtual Machine

  1. Open the VMware ESX configuration wizard. Choose the Custom radio button to create the virtual machine and click Next
  2. Enter a Name for the server and click Next
  3. Select a specific host for your virtual machine from the list under Host Name
  4. Select a Datastore from the list provided and click Next
  5. Specify which Virtual Machine Version to use if the host or cluster supports multiple versions
  6. Choose which Guest Operating System to use with the virtual machine. For Version be sure to select Red Hat Enterprise Linux 6 (64-bit) from the drop-down menu. Click Next.
  7. Select the Number of virtual processors to create for the VM. Use the Help button for additional information. Click on Next. Memory Size must be 2 GB or greater to ensure there is enough memory to run Indeni. See also Indeni Hardware Requirements in Section 1 of this user guide for a description of how to calculate the needed memory for your Indeni implementation
  8. To Create Network Connections, select how many NICs you want to connect from the drop-down menu. Select the VM Network for NIC 1. From the Adapter drop-down list select the adapter type E1000. Check the box for Connect at Power On. Click Next.
  9. Choose VMware Paravirtual as the SCSI controller. Click Next.
  10. Create a disk by setting Capacity, Disk Provisioning, and Location. Click Next.
  11. Advanced Options are available but are not usually required. Click Next.
  12. Power on the virtual machine using the Power button.
  13. Click on CD/DVD Drive 1 -> Connect to ISO image on local disk. Locate the ISO file downloaded from Indeni website.
  14. The Indeni setup for VMware ESX is complete. See Chapter 2 in this user guide for the installation and configuration of Indeni.