Check the logs for the healthwatch-api app. See the following table for possible response codes and their explanations.Īn error occurred while trying to update the record. $ uaac curl -X POST "" \Ĭhange deployment=cf to deployment=cf-GUID when installed together with PAS 2.4 with Use "cf" as deployment name unchecked or PAS 2.5. Ensure that your URL includes a protocol, such as https. To update the canary URL for a deployment, run the following command. The command returns a JSON object in the following format: Update Canary URL cf-GUID is shown on the healthwatch.SYSTEM-DOMAIN/diego/capacity page. For more information about the cf deployment metric change, see Changed “deployment” Field Value for PAS Metrics in the PAS v2.4 release notes. The endpoints only support deployment names beginning with cf. Note: The cf deployment is currently the only supported deployment for the canary url configuration. If you are using PAS v2.3 or earlier or if you are using PAS v2.4 with Use “cf” as deployment name checked. If you are using PAS v2.4 with Use “cf” as deployment name unchecked or if you are using PAS v2.5. To view the currently configured canary URL, run one of the following commands: To check the availability of the Healthwatch API, run the following command: $ curl Ī successful response is a 200/ OK with the message "HAPI is happy". For an example of generating and using a UAAC token for API calls, see Using the Ops Manager API. For more information on granting these scopes, see Allow Additional Users to Access the PCF Healthwatch UI. The steps in this document require that you generate bearer tokens for a UAA client with the healthwatch.read and healthwatch.admin scopes. See the Canary App Health section for more information about this metric. Update the canary app health URL for the PAS deployment.View the current canary app health URL for the Pivotal Application Service (PAS) deployment.This topic describes how to use the Pivotal Cloud Foundry (PCF) Healthwatch API to do the following: To stay up to date with the latest software and security updates, Has reached the End of General Support (EOGS) phase as defined by the In this case, the endpoint would still be monitored for threatening activity.V1.5 is no longer supported or available for download. If the sensor software is still installed and a decommissioned sensor comes back to life, it will resume sending telemetry to Red Canary. What if threatening activity is identified on a decommissioned endpoint? Once you are in the API documentation page, select the "Reinstate" tab on the left menu bar. To view the Red Canary "reinstate" API query documentation, click on your User icon on the top right of your Red Canary dashboard and select "API" from the menu. You can also use the Red Canary "Reinstate" API query to bulk reinstate your endpoints. You can reinstate any decommissioned endpoint by selecting reinstate it in the top banner while viewing the endpoint. What if I need to “recommission/reinstate” an endpoint? Using the state:decommissioned filter on the Endpoint page will display all decommissioned endpoints. What happens to the decommissioned endpoint in Red Canary?ĭecommissioning doesn't delete the endpoint from Red Canary even if the sensor is uninstalled, as the endpoint will still be accessible from the Endpoints page. Click the (□) icon on one or more endpoints that you want to decommission.From Red Canary click Endpoints in the site navigation.In nearly all circumstances, you should choose to trigger sensor uninstallation. For EPP/EDR platforms that support remote sensor uninstallation, choose whether you would like Red Canary to trigger uninstallation when the endpoint next checks in or to leave the sensor.View the endpoint using ⌘-K or by clicking Endpoints and filtering for the endpoint’s hostname.You can decommission endpoints and optionally choose to request uninstallation of the EDR/EPP sensor. When decommissioning, certain EPP/EDR platforms allow sensor uninstallation to be enqueued.Įndpoint decommissioning can only be performed by users with the Admin role. ( An active endpoint is an endpoint that is being monitored by Red Canary.) All data about the endpoint and the endpoint's threat history is retained. Once you decommission an endpoint, it will no longer appear in reports and lists of "active" endpoints in Red Canary. This is an important step in maintaining an accurate inventory of what endpoints should be monitored so Red Canary can alert you when a monitored system goes offline unexpectedly. You can decommission an endpoint that should no longer be monitored by Red Canary, such as a system that has been removed from duty.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |