Enginsight, with its very comprehensive feature set, allows you to monitor your entire IT infrastructure. We have managed to keep it intuitive to use. The Start Guide introduces you to the structure of our platform and makes five suggestions for your first steps with Enginsight.

Tour

Enginsight is divided into eight modules, accessible from the left side menu: Dashboard, Issues, Hosts, Endpoints, Observations, Shield, Penetration Tests, Discoveries and Alerts.

In the following, you will learn which tasks are assigned to the modules in each case. For detailed information on the entire range of functions and operation, see Platform.

Dashboard

Here you get an initial overview of your monitored systems and their security status.

From the dashboard, you can access the Asset Operation Center. It provides you with a live overview of all assets monitored with Enginsight and information on whether everything is in working order. The Partner Operation Center lets you keep an eye on different organizations.

Issues

Under Issues you get a list of all triggered alerts. The list can be filtered, searched and individual issues can be marked as completed. Under 'Maintenance periods' you can define the periods in which no alert is triggered.

Hosts

The Hosts section revolves around your servers and clients on which you have installed the Enginsight Pulsar agent. This allows you to permanently monitor your servers and clients from the inside.

On the one hand, perform classic monitoring with Enginsight. For example, monitor metrics, your software, processes and ports. In addition, the Pulsar agent performs security analyses.

As a CVE scanner, it examines your system for known security vulnerabilities. By analyzing network traffic, you also establish a host-based intrusion detection system with the Pulsar agent. To detect anomalies in your monitored metrics in a completely automated way, you can use the Machine Learning feature. Plugins allow you to run custom scripts on your hosts to automate administration.

Endpoints

You can monitor your websites, web portals or domains in the Endpoints module. For this purpose, you use an Observer, which is placed either in the Intra- or Internet. The Observer provides you with monitoring of availability and forwarding as well as comprehensive security assessments: for example, of your DNS and SSL/TLS configuration. It also footprints the endpoint and analyzes all deployed technologies for known vulnerabilities. You can also find out which standard ports are accessible to the Observer.

Observations

In the Observations module, you can monitor your assets network-based and without an agent. Simply install a watchdog in the network. Ping monitoring, port monitoring and monitoring via SNMP are available.

Shield

An installed Pulsar agent on your servers and clients allows you to establish a host-based intrusion prevention system (IPS) in the Shield module with dynamic rule sets. Manual rule sets can be used to define specific rules for network traffic.

Penetration testing

With the Penetration Testing module, you can put yourself in the role of a hacker and subject your systems to a one-time or regular security audit. To do this, install the Hacktor software component, which executes the attack. Define the target systems, create a template and start your automated pentest. You will receive the results in a clear audit report with an unambiguous threat assessment.

Discoveries

To inventory all assets in the company network, you can use the Discoveries module. Install a watchdog in the network and start permanent monitoring. You will receive the results either in list form or in an interactive asset map. You can also use the results of Asset Discovery as a basis for defining the target systems for an automated pentest. This way, you can start a pentest on your entire IT with just one click.

SIEM

The Enginsight-SIEM provides a central platform for integrating your IT security solutions to give you a comprehensive overview of your IT security status. The data lake allows you to keep an eye on your logs at all times. Create customized cockpits and automated workflows to optimize your processes. With a focus on user-friendliness, the SIEM offers a comprehensive range of functions to help you manage security threats effectively.

Alerts

To ensure that you are always informed as soon as important events occur in your IT infrastructure, you can define in the Alerts module when and how you want to be notified. For example, when a new security vulnerability is found, new software is installed, or a new port is accessible. You can use webhooks to integrate other services via API, such as a ticket system. Plugins allow you to script automated initial actions on hosts that are executed when the alert is triggered. For example, a server restart or importing a configuration. Be creative!

5 first steps

1. create host

As a first step, add a host. At Enginsight, a host is a server or client on which an Enginsight Pulsar agent is installed to monitor the asset from the inside. The distinction between server and client is of a licensing nature. Client licenses are significantly cheaper, but offer full functionality. Click on Create Server or Create Client Host, select the desired operating system and follow the instructions on the platform. The installation takes only a few moments.

2. add endpoint

The second step is to create an endpoint. By an endpoint we mean websites, web portals, domains or IP addresses that are monitored externally with our Observer. In our SaaS variant, two pre-installed Observers with the locations Frankfurt and Virgina (USA) are available to you. You can add more observers at your own locations as you wish. If you use Enginsight On-Premises, the installation of your own observers is mandatory. Detailed instructions are available in the documentation.

To add the endpoint, you do not need to do anything other than click Add endpoint. Enter the destination address and if you want a description. Select what should be monitored and from where the monitoring should be performed.

It's best to run all checks through your company website to get started.

3. explore analyses

With one host and one endpoint, you already have plenty of analytics to discover.

For example, check if your host has software installed with a known vulnerability. To do this, select the host and click on Vulnerabilities. To enable the Intrusion Detection System on the host, allow network logging in the settings and select the desired detection level.

You should also already receive meaningful analyses for your endpoint. Here you can check, for example, whether there are any security vulnerabilities for the detected technologies used. You should also examine whether your SSL/TLS configuration complies with best practice and check whether critical ports are accessible for the Observer.

4. Generate reports

For documentation purposes or for internal communication within the company, you can also have the analysis results output as a PDF. To do this, select the endpoint or host you have created, click on Reports and then on 'Create report' in the top right-hand corner. You can then download the PDF.

5. create alerts

To create a new alert, go to the "Alerts" module. Now you can select the already created endpoint and host and switch the first alerts. We recommend using tags from the beginning to switch alerts to a group of hosts and endpoints.

For your host, we recommend the following alerts to start:

• Installed/Uninstalled Software

• New vulnerabilities (CVSS Score)

• New open Port (at Servers)

• Suspicious network traffic: with threshold High (if you have enabled network traffic recording).

For your endpoint, we recommend:

• Website not available

• New vulnerability

• New open port

• Data Protection (SSL/TLS does not comply with the recommendations of the BSI)

• Days until expire date of certificate

Where do we go from here?

After you've completed the first five steps, you can jump right in to include your entire IT infrastructure in monitoring with Enginsight.

• Roll out Pulsar agent to more servers and clients

  Only when you have rolled out the Pulsar agent on a large scale will you benefit fully from the new overview of your IT provided by Enginsight.

• Add all websites Add all websites as an endpoint so that no failure or security breach goes unnoticed in the future.

• Perform Asset Discovery Install a watchdog in your network and start permanent monitoring to get a persistent inventory. To the instructions!

• Start Pentest Perform a pentest on your entire IT using asset discovery results as a baseline. To the instructions!

• Activate Intrusion Prevention System Enable cyberattack blocking directly on your servers and clients where you have installed Pulsar Agent. To the instructions!