Top 10 steps after installing Symantec Security Information Manager (SSIM) 4.x

Article:TECH123072  |  Created: 2010-01-08  |  Updated: 2011-05-04  |  Article URL http://www.symantec.com/docs/TECH123072
Article Type
Technical Solution


Issue



After installing Symantec Security Informtation Manager (SSIM) appliance what to do first ?

 


Solution



  1. Network card settings:
    1. Always double check that your SSIM appliance eth0 is running in Full Duplex mode. (ideally on a 1000MB speed)
    2. run "ethtool eth0" and look at output
    3. If output not correct go to web UI and force the appliance to run in Full Duplex mode.
    4. If you have more than one NIC make sure the main IP is on eth0.
  2. Date and Time
    1. NTP protocol is crucial to SSIM, NTP should be enabled from WEB UI
    2. run "ntpdate -u ntp_server_ip" to force sync with server.
  3. Backup
    1. By default DB2 scheduled backup is not enabled
    2. Go to WEB UI and made sure the schedule backup is enabled. Change the default time of 1AM to another time if required.
    3. Make sure regular ldap backup are made from web UI before changing anything
    4. Make sure customer knows that they can't schedule ldap backup (from web UI)
  4. LiveUpdate
    1. After installing SSIM, if might be needed to configure Java LiveUpdate to connect to either Internal LU server or Internet via proxy
    2. Create a java LiveUpdate config and assign it to all the SSIM appliances and Agents (depending of location).
    3. Go to web UI and run a full LiveUpdate.
  5. Patch/Update
    1. Depending of the version of SSIM you are installing you might need to install some Maintenance Patch/Hotfix.
    2. Review on FileConnect what is needed and apply in right order
    3. If needed review this KB : http://www.symantec.com/docs/TECH95257
    4. Everytime you patch you should run again a full LiveUpdate.
  6. Statistic Events
    1. Follow this KB http://www.symantec.com/docs/TECH92794
    2. Set the proper values according to the need of the environment.
    3. Multiple configuration can be done for different location
  7. Configure Agent for optimum settings
    1. Go to this KB : http://www.symantec.com/docs/TECH123075
    2. You might need to adjust the values to different number for remote site accordingly with network architecture.
  8. Networks List
    1. Entering all the subnet helps improve performances on correlation as a lot of default filter like ICMP traffic will be excluded.
    2. Make sure that all the Network IP ranges are entered
    3. Only list the Networks that are "Internal"
  9. GIN/DIM Configuration
    1. Enter the GIN slf license
    2. Make sure that the appliance is set to download GIN Content from the internet
    3. By default this is set to Static.
  10. Assets
    1. All required assets needs to be entered
    2. Make sure that policies are assigned to asset like Port/Vulnerability Scanner




 




Legacy ID



2010020814003854


Article URL http://www.symantec.com/docs/TECH123072


Terms of use for this information are found in Legal Notices