Creating the Open Port Baseline Filter - PAS ICS Integrity - 7.3 - Administration & Configuration - Intergraph

ICS Integrity Administration Guide

Language
English
Product
PAS ICS Integrity
Subproduct
ICS
Search by Category
Administration & Configuration
PAS Version
7.3

Configuring baselines for open ports requires some initial setup. You may need to create a special filter for the open ports baseline you want to create. A pre-configured FunctionDef comes with the PAS Baselines asset model so you do not need to create queries in the Integrity web interface for open ports.

To create the open port baseline filter:

  1. Open the Asset Model Development Kit (AMDK) on the Integrity server. To open the AMDK, run the following file: InstallPath\DataCollector\AMDK.exe.

  2. Select [PAS Baselines] from the Asset Model field.

  3. Click Baselines > Baseline Type Definition to open the configuration details.

  4. In Baseline Type, select Medium Risk, or another baseline type if you prefer.

  5. In Asset Model, select PAS Recon or another asset model you want to configure.

  6. In the Filters section of the Baseline Definition window, click the Add (+) button.

  7. Select the Execute this FunctionDef instead of applying filters check box, and then select GetOpenPorts. ICS Integrity sets the Filter name field to GetOpenPorts. Do not edit this name.

  8. Click Save.

You can test the filter to verify the output results, and adjust settings as needed, before moving forward.