Top 10 steps after installing Symantec Security Information Manager (SSIM) 4.x
|Article:TECH123072|||||Created: 2010-01-08|||||Updated: 2011-05-04|||||Article URL http://www.symantec.com/docs/TECH123072|
After installing Symantec Security Informtation Manager (SSIM) appliance what to do first ?
- Network card settings:
- Always double check that your SSIM appliance eth0 is running in Full Duplex mode. (ideally on a 1000MB speed)
- run "ethtool eth0" and look at output
- If output not correct go to web UI and force the appliance to run in Full Duplex mode.
- If you have more than one NIC make sure the main IP is on eth0.
- Date and Time
- NTP protocol is crucial to SSIM, NTP should be enabled from WEB UI
- run "ntpdate -u ntp_server_ip" to force sync with server.
- By default DB2 scheduled backup is not enabled
- Go to WEB UI and made sure the schedule backup is enabled. Change the default time of 1AM to another time if required.
- Make sure regular ldap backup are made from web UI before changing anything
- Make sure customer knows that they can't schedule ldap backup (from web UI)
- After installing SSIM, if might be needed to configure Java LiveUpdate to connect to either Internal LU server or Internet via proxy
- Create a java LiveUpdate config and assign it to all the SSIM appliances and Agents (depending of location).
- Go to web UI and run a full LiveUpdate.
- Depending of the version of SSIM you are installing you might need to install some Maintenance Patch/Hotfix.
- Review on FileConnect what is needed and apply in right order
- If needed review this KB : http://www.symantec.com/docs/TECH95257
- Everytime you patch you should run again a full LiveUpdate.
- Statistic Events
- Follow this KB http://www.symantec.com/docs/TECH92794
- Set the proper values according to the need of the environment.
- Multiple configuration can be done for different location
- Configure Agent for optimum settings
- Go to this KB : http://www.symantec.com/docs/TECH123075
- You might need to adjust the values to different number for remote site accordingly with network architecture.
- Networks List
- Entering all the subnet helps improve performances on correlation as a lot of default filter like ICMP traffic will be excluded.
- Make sure that all the Network IP ranges are entered
- Only list the Networks that are "Internal"
- GIN/DIM Configuration
- Enter the GIN slf license
- Make sure that the appliance is set to download GIN Content from the internet
- By default this is set to Static.
- All required assets needs to be entered
- Make sure that policies are assigned to asset like Port/Vulnerability Scanner
Article URL http://www.symantec.com/docs/TECH123072