User Guide

Welcome to Helios-Platform’s User Guide!

Dashboard

You can set what you want to see on the Dashboard screen from Settings > Dashboard Settings

Discovery

1. Click to pass discovery section.
2. Click to add subnet.

3. Enter the IP address.
4. Enter the CIDR.
5. Activate button if you want to repeat.
6. Save and close.

Monitored Servers

Our servers with Agent installed are listed on the Monitored servers page.

• OS: The operating system is indicated by the logo (Windows, Redhat, Ubuntu, Pardus etc.)
• Hostname: device name (hostname information is shown on devices included in the domain)

• Labels:

  • Role: The role played by the device (Web, Database, Processing, etc.)
  • Owner: Who owns the device (User or Group)
  • Application: Name of the application running on the device
  • Location: The physical/virtual location of the device.
  • Environment: The intended use of the device (Production, Developmnet etc.)
  • Criticality: Device priority and severity (High, Low, etc.)
  • Tags: More than one definition can be made for device-specific separator definitions to be used in filters.

• Ip Address: Shows the IP addresses defined on the device.
• Last Login: Shows the last login user information on the device.
• Web: Shows the application information that is broadcasting Web on the device.
• DB: Shows the application information that provides Database service on the device.
• Rmt: Indicates that the remote connection is on/off (RDP, SSH).
• Fw: Indicates that the local firewall is on/off.
• Last Sync: Shows the time information of the last data sent from the device.

Note

• Click the first button to view device detail.
• Click the second button to add a label to the device.

Labeling the device

Warning

It is mandatory to assign labels to devices for microsegmentation and report filtering.

Device Details

Note

All data sent by agents on the detail page are statistically displayed using special calculation formulas. These data are updated periodically.

1. Total number of connections
2. Number of active listening service ports.
3. Labels assigned to the device.
4. Information about the device.
5. Remote connection settings (RDP, SSH).
6. Local firewall settings.
7. Application dependency map.
8. Traffic information of physical/virtual interfaces on the device (displayed separately for each interface).
9. Active listening service ports.
10. Disk statistics on the device.
11. Memory statistics on the device.
12. Information of the last 3 users logged into the device.
13. Incoming and outgoing connection details to the device.

Security Policies

Note

The primary condition for a successful micro-segmentation project is the complete extraction of the right inventory.

Defining the relational networks of applications and processes of the inventoried inventory will be the secondary step. With this relational network, it should be aimed to reveal which applications and processes our inventory has, and how they communicate with different systems and different users.

Create a Ruleset

Click on the Rulesets link under Security Policies.

On this screen, we click on the add ruleset button and fill in the ruleset name and description fields in the window that opens, and then we determine the scope of our segment in the Scope section.

By selecting Application, Environment and Location, we group the servers in this scope by using the labels defined for the servers.

Create a Scope and Rule

To add scope and rule to the rule sets we created, we click on the second button under the action title in the rulesets list.

Note

We can add more than one scope and more than one rule to the rule sets we create.

By clicking the add scope button, you can add a new scope by filling and saving the relevant fields in the window that opens.

By clicking the add rule button, you can add a new rule by filling and saving the relevant fields in the window that opens.

Warning

• Source: The server role to which the Source rule will be applied.
• Service: the service port to be processed.
• Destination: server role to allow or block.
• Action: allow/block

Segmentation Map

We can view the scopes we define on the map, the servers included in the scopes, and the rules defined between these servers.

There are 3 provisioning states that we can apply to a ruleset.

Note

• Visibility: The defined rules are not applied to the servers, only the defined rules and connections outside these rules are monitored.
• Selective: Defined rules are applied to servers and connections outside the defined rules are monitored.
• Full: Defined rules are applied to servers and connections outside the defined rules are automatically blocked.

The circles on the map represent the servers and the arrows represent the rules.

Arrows use 3 different colors;

• Green : allowed connections
• Red: blocked connections
• Orange: means the rule is not defined but you can define Allow/Block rule by clicking on it.

Note

• When you click on the circle, the window that opens contains information about the presentation.
• When you click on the green arrow, the source, desteination and service port information of the allowed connection is displayed.
• When you click on the red arrow, the source, desteination and service port information of the blocked connection are displayed.
• When you click on the orange arrow, the source, desteination and service port information of the connection for which the rule is not defined will be displayed and you can create an allow/block rule for this connection.

Clicking on the circle (server) displays the following screen:

Clicking on the allowed (green arrow) connector displays the following screen:

Clicking on the blocked (red arrow) connector displays the following screen:

Clicking on the undefined (orange arrow) connector displays the following screen:

Alerts

1. Click to pass alerts section.
2. Click to add alert.

3. Select device.
4. Select alert type.
5. Select alert period.
6. Activate button if you don’t want alert period.
7. Set repeat period.
8. Select notification type.
9. Enter the e-mail address.
10. Save and close.

Reports

Server Map

1. Click to pass reports section.
2. Click to see server map options, in/out.
3. Click to see server map option in.
4. Click to see server map option out.
5. Enter hostname to monitor by specific hostname.
6. Enter IP address to monitor by specific IP address.
7. Choose the option to monitor by hostname or IP address.
8. Select alert status/ operating system.
9. Click to see result.

Application Map

1. Click to pass reports section.
2. Click to see application map.
3. Select a server from dropdown menu represented by the number 3.
4. Select an owner from dropdown menu represented by the number 4.
5. Select a group from dropdown menu represented by the number 5.
6. Select a connection tip from dropdown menu represented by the number 6.
7. Select a show IP address/Hostname represented by the number 7.
8. Click to apply filter to see result.

Custom Reports

1. Click to pass reports section.
2. Click to custom reports.
3. Click to export custom reports as excel format.

Listen Ports

1. Click to pass reports section.
2. Click to listen ports.
3. Click to export listen ports as excel format.

Web Servers

1. Click to pass reports section.
2. Click to web servers.
3. Click to export web servers as excel format.

Database Servers

1. Click to pass reports section.
2. Click to database servers.
3. Click to export database servers as excel format.

Server Inventories

1. Click to pass reports section.
2. Click to server inventories.
3. Click to export server inventories as excel format.

Disk Fullness

1. Click to pass reports section.
2. Click to disk fullness.
3. Click to export disk fullness as excel format.

Alert Reports

1. Click to pass reports section.
2. Click to alert reports.
3. Click to export alert reports as excel format.

Logs

1. Click to pass reports section.
2. Click to logs.
3. Click to select the type of log you want to see (all/user/alert/service)

Agent Installation

1. Click to pass agent installation section.
2. Click to copy button for linux systems.
3. Click to copy button for windows systems.

Integration

Grafana API

1. Click to see Grafana API.
2. Click to see Grafana API details.
3. Click to show details of distribution by operating system.
4. Click to show details of most connected servers.
5. Click to show details of most listen port.
6. Click to show details of most connection latency.
7. Click to show details of most connection duration.
8. Click to show details of most connection traffic.

Licence information

1. Click to see license information.

Settings

Users

1. Click to pass settings section.
2. Click to pass users settings.
3. Click to add user.

4. Fill the personal information for user.
5. Fill the user information.
6. Fill the connection information.
7. Choose the account type.
8. Save and close.

Dashboard Settings

1. Click to pass settings section.
2. Click to pass dashboard settings section.
3. You can choose what you want to see in dashboard section.
4. Selected features appears in this area.
5. Click to save changes.

Mail Settings

1. Click to pass settings section.
2. Click to pass mail settings.
3. Set the host.
4. Set the port.
5. Set the username.
6. Set the password.
7. Send the test e-mail.
8. Update changes.

Device Owners & Groups

1. Click to pass settings section.
2. Click to device owners & groups.
3. Click to add item.

4. Click to select a type.
5. Set the item name.
6. Save and close.