To view the integrity alerts in AppDefense plug-in, you must verify if the settings for the guest integrity rules are enabled from the appliance. You can configure the integrity settings for the AppDefense plug-in in the Plug-in only or Non-SaaS mode. When the AppDefense plug-in connection is switched from the Non-SaaS mode to the SaaS mode, then the SaaS configuration takes precedence. AppDefense manages the integrity rules when AppDefense Service (SaaS) is enabled.

Prerequisites

AppDefense plug-in is configured in the Non-SaaS mode.

AppDefense Appliance version is 2.3 or later.

Procedure

  1. Log in to the AppDefense Appliance VA GUI at https://<appliance ip address> using the admin credentials or using the vSphere user credentials.

    You can log in using the vSphere user credentials only when the AppDefense Appliance is registered to the vCenter Server.

  2. (If needed) Click Cancel to the self-signed certificate.
  3. To configure the integrity rules, go to the Feature Settings > Integrity Rules tab.
  4. Click Edit, and toggle to turn on the integrity rules. All rules are enable by default. You must keep all rules enabled to view all integrity alerts. When you disable any rule, alerts for that rule are not displayed on AppDefense plug-in.
    Note: When you enable AppDefense Service (SaaS), the integrity rules settings are dimmed and you cannot configure the settings from the AppDefense Appliance UI. AppDefense manages the integrity rules when AppDefense Service (SaaS) is enabled.
    Parameter Description
    Guest Integrity Code Verify the code section of the AppDefense module for any unauthorized manipulation.
    Guest Integrity Data Verify the data section of the AppDefense module for any unauthorized manipulation.
    Guest Integrity Heap Verify the data heap section of the AppDefense module for any unauthorized manipulation.
    Guest Integrity Hooks Verify for any unauthorized manipulation of the callback hooks registered by the AppDefense module.
    Kernel Code Verify the kernel code section for any unauthorized manipulation of the NTOS (Windows NT operating system).
    Kernel Data Verify for any unauthorized manipulation of certain kernel data structures like IDT (Interrupt Descriptor Table), GDT (Global Descriptor Table), and SSDT (System Service Descriptor Table).
    Reconcile Module Verify the system for hidden kernel modules. AppDefense can see modules that are hidden (likely maliciously) from the operating system.
    Third Party Driver Data Verify the data section of all drivers loaded in the system for any unauthorized manipulation.
  5. Click Save.
    A confirmation dialog box appears.
  6. Click Yes.

What to do next

You can view OS integrity alerts on the AppDefense plug-in.