macmon Endpoint Security and Network Access Control is capable of collecting threat notifications from other systems in order to protect a network infrastructure from malicious clients. The CloudGen Firewall can be configured to send notifications to the macmon system as soon as ATP detects a threat. If this happens, an event is created. To notify macmon about the event, a script has to be associated with the event. As soon as the event occurs, the configured script is executed and notifies macmon.
Step 1. Create a New Notification for macmon and Assign the macmon Script
- Go to CONFIGURATION > Configuration Tree > Infrastructure Services > Eventing.
- Click Lock.
- Select Notification.
- Click New... in the lower-right corner of the window.
- The Detail window opens.
- Enter a unique number as the Notification ID, e.g., 5.
- Enter a descriptive name for the macmon notification, e.g.,
macmon notification
. - Ensure that the check box Event must be confirmed is not selected.
- Select Server Action.
- For Type, select Execute Program.
-
For Parameter, enter the following string into the edit field. Replace the strings in the angle brackets by real values that are significant for your macmon system:
/opt/phion/modules/box/boxsrv/event/bin/macmonEventNotification -u <USER> -p <PASSWORD> -d <IP>
The following list contains the list of valid arguments which are also used for configuring the script as seen above:
Argument Meaning -h, --help Show help message and exit -u <USER>, --user=<USER> macmon user name -p <PASSWORD>, --password <PASSWORD> macmon password -d <DESTINATION>, --destination=<DESTINATION> macmon destination (hostname or IP address) - Click OK.
- Click Send Changes.
- Click Activate.
Step 2. Check Your Event List
- Go to EVENTS.
- Check the event list for ATP events. If the notification ID (e.g. ID=5) refers to the configuration set before, the macmon system has been notified about the event.