Community
cancel
Showing results for 
Search instead for 
Did you mean: 
amit_kulkarni83
New Contributor I
77 Views

Is it possible to notify administrator that an agent is terminated?

Hi All,

I have used Agent Presence feture of Intel AMT. It enables or disables a policy and according to that controls the network trafic. But is does not notify to the administrator of the event. Is possible with the AMT to notify Administrator that an agent is trminated?

Thnaks & Regards,

Amit.

0 Kudos
4 Replies
77 Views

Hi,

Actually the possible actions on agent termination includes

1. Changing the configuration of the Network Isolation filters in accordance with a pre-programmed policy set by the Management Console.
2. Sending an alert to the Enterprise Management Framework.
3. Logging the event to the local event log.
4. Sending a posture/statement of health to an external platform that controls access to network resources (added in Release 4.0).

You can set your timeout action to any of these.

Thanks,

Sree

amit_kulkarni83
New Contributor I
77 Views

Hi Sree,

Following lines are written in System Defense and Agent Presence Overview for Use Case #1.

A system has been identified by a central management console as possibly infected with a worm
and the central console would like to restrict the system so that it can communicate with only one
subnet.

Does it mean that there is a facility provided by AMT to Antivirus to report central management consolethatthat a viris is found on this machine. If Yes how does it works?

Also in previous reply you have said that Sending a posture/statement of health to an external platform that controls access to network resources (added in Release 4.0). What is Release 4.0? AMT 4.0 or SDK 4.0?

Can I send posture/statement of health in my won format?

Thanks & Regards,

Amit.

Andrew_S_Intel2
Employee
77 Views

To your first question, I believe your question is whether AMT provides a mechanism for the antivirus software to communicate that a virus was found on the machine. The answer to that question is no, within AMT you could set up a heuristic filter to trigger a rule if the number of packets exceeded a certain threshold, and you could have an Administrator register for an event against that filter on a specific machine. But there isn't a mechanism for passing an event from a process running on the system (such as anti virus software) through AMT to a backend system. But if I misinterpreted your question, please correct me.

The Posture / statement of health functionality refers to AMT 4.0, it's referring to support for Agent Presence and Endpoint Admission Control. You can read more about the details in the 4.0 SDK DOCS folder, in the System Defense and Agent Presence Overview in section 4.2, and in the Network interface guide in section 7.16. To sum up, this allows you to configure AMT to set a posture statement for NAC/NAP. But the posture statements are about the state transitions of the Agent being watched, you cannot set your own formats through AMT.I don't knowvery much about NAC/NAP, but my understanding is that most postures are set at the OS level, so you could have the software you are creating use postures without going through AMT.

Andy

amit_kulkarni83
New Contributor I
77 Views

Hi Andy,

Thanks for the help. You have interpreated the qusetion correctly and I am satisfied with your answer.

Thanks & Regards,

Amit.

Reply