- Go to Posture Anomaly dashboard and click on Configure.
2. In here, you can perform checks to detect unwanted services, ports, processes, start-up applications, devices, and environment variables.
3. PA Tool provides a total of 6 configurable PA ID’s that can be used for custom detection.
- PA 2022-1068 – Unwanted Ports
- PA 2022 -1069 – Unwanted Services
- PA 2022- 1070 – Unwanted Processes
- PA 2022 1071 – Unwanted Startup Applications
- PA 2022-1072 – Unwanted Devices
- PA 2022-1073 – Unwanted Environment variables
Each of these PA IDs allow you to provide inputs that are OS specific – Windows, Linux, MacOS. Also, you can provide inputs for Network Devices under ‘Others’ tab.
4. Provide values for any of these configurable PA ID’s, the PA tool will initiate a scan and the values provided by you will be whitelisted within the account.
Note: Users need to mandatorily configure each of these six configurable PA ID’s. This means that the user needs to explicitly tell which ports, services, processes, startup applications, devices, and environment variables are allowed within the account.
Now you know how to configure PA tool for custom detection.