Detector Service Delivery System (SDS) Version PDF Free Download

Contents Overview of Detector... 3 Purpose of this Guide... 4 Components of the Detector... 4 Detector Appliance... 4 Diagnostic Tool... 4 Network Detective Application... 4 The Network Detective Service Plan Creator and the Service Catalog... 4 The Network Detective Portal... 5 Diagnostic Tool... 5 Network Detective Application... 5 Detector Deployment Options... 6 Detector System Requirements... 6 General Overview of Detector SDS Use and Operation... 7 Defining the Detector Security Policy Violation Detection, Scanning, and Alerting Settings... 7 Configuring Daily and Weekly Data Collection Scans and Schedules... 8 Setting Up Detector... 9 Step 1 - Initial Set Up of the Detector Appliance... 9 Step 2 - Associate Detector with a Site and Access Detector Settings... 9 Step 3 - Set Up the Detector Scan Host and Scan Configuration... 10 Step 4 - Schedule Scans, Daily Alert Notifications, and Weekly Notices... 12 Step 5 - Configure Technician Email Group... 12 Step 6 - Set Up Subject Text for End User and Email Tech Alert Notification Emails... 14 Step 7 - Assign Security Policies for Policy Violation Detection and Alerting... 15 Step 8 - Set Up Weekly Notice Notification Recipients... 17 Step 9 - Run Scan to Perform Initial Data Collection... 18 Step 10 - Download Detector Initial Data Collection Scan Data... 18 Step 11 - Set up Smart-Tags (optional)... 19 Step 12 - Set Up Ticketing/PSA System Integrations (Optional)... 20 Appendix A - Sample Tech Alert and End User Alert Notifications and Weekly Notices... 21 Sample Tech Alert... 21 1

Sample End User Alert... 21 Sample Weekly Notice... 22 Appendix B Set Up and Assign a Ticketing/PSA System Integration to a Site Using Detector SDS... 23 Appendix C Setting up a ConnectWise Integrator Login ID... 28 Setting up an Integrator Login in ConnectWise... 28 Appendix D Setting up a Network Detective to ConnectWise REST API Integration... 29 Step 1 Download and Install the ConnectWise Manage Internet Client Application... 29 Step 2 Select the ConnectWise Ticket System API Member Account to Integrate with Network Detective... 29 Step 3 Create an API Key in the ConnectWise Ticketing System... 29 Step 4 Configure Service Tables in ConnectWise... 30 Appendix E Additional Scan Host Configuration Options and Requirements... 32 Scan Host Requirements... 32 Assigning Scan Hosts... 32 Assigning Scan Hosts within a Workgroup... 33 2

Overview of Detector Detector prowls an entire network each day at whatever time you determine and then sends out daily Security Policy violation notification alerts to notify you of any suspicious issues it discovers. And, for Detector Service Delivery System (SDS) subscribers, each discovered issue listed in a Security Policy Violation Alert contains and Alert Link that is a part of an automated process flow to enable your technicians to Investigate or Ignore the Alert item using the Network Detective (ND) Portal. Clicking on any of these Alert Links in the Violation Alert Notification Email will take you to the ND Portal. In the Portal you can: review the issue s forensics automatically generate a service ticket in your favorite Ticketing System/PSA configure a Detector Smart-Tag or an Ignore Rule to ignore the alert and prevent the same false-positive from being generated again in the future Detector Daily Alert Throughout the day, the Detector Appliance can perform scheduled IT assessment scans then issue network change related Security Policy Violation Alerts on a Daily basis and Weekly Notices after Anomalies, Changes, or Threats (ACT) have been identified on the network. Each time Detector executes a pre-scheduled scan, it s on the look-out for three classifications of internal security issues: Anomalies, Changes, and Threats. Anomalies are suspicious activities and findings that are out of the ordinary and unexpected and that should be investigated. Examples of anomalies are users logging in at times outside their historical patterns, or a USB drive plugged into a computer that has been tagged as being "locked down." Changes are recorded variances from previous scans linked to specific aspects of the network environment that could represent a threat. Examples of suspicious changes are a user s security permission promoted to administrative, or a new device added to the network that wasn t there before. Threats are defined as clear and recognizable dangers to the network environment that need fast attention. Examples of threats would be a critical security hole or a machine in the "DMZ" that hasn t been patched in 30 days. 3

Purpose of this Guide This guide is designed to provide an overview and specific steps required to install and configure the Detector appliance. Configuration will include the setting of Security Policies, the scheduling of network data collection and assessment scans, and issue network change related Daily Alerts and Weekly Notices. Please note that throughout this guide you may see references to both stand-alone Detector and Detector SDS. Depending on which subscription you have purchased, please follow the instruction set for one or the other. Components of the Detector Detector Appliance This is the Detector Appliance software application that operates on either on a user supplied Microsoft Hyper-V or VMware based system or the Small Form Factor Server computer available from RapidFire Tools. Optional Small Form Factor Server Computer This is an optional hardware component that can be purchased from RapidFire Tools to host and operate the Detector Appliance. It is a small, portable server computer which plugs into the target network through an Ethernet connection. Diagnostic Tool This tool is used for configuring and troubleshooting the Detector Appliance. The Diagnostic Tool should be run on the same network as the Detector Appliance to perform diagnostics checks such as for Detector Appliance connectivity. Network Detective Application This is the same Network Detective desktop application and report generator that is used with any other Network Detective modules. This application contains additional features to manage the Detector Appliance remotely. The Network Detective Service Plan Creator and the Service Catalog Detector SDS users have access to the Network Detective s unique Service Plan Creator tool that gives you the ability to modify our starter Service Plans, or create your own plans from scratch. You define and name the offerings based on the security policies that you want to enforce, and the tool automatically generates a Service Plan Catalog (or catalogs), and Service Plan Matrix sheet that compares your plans to help you sell them to your clients and prospects. 4

Once you sell one of your plans to your client, simply apply the plan to the Detector assigned to that client and its Service Policy Violation detection capability is then automatically configured to deliver that exact plan. For more information about creating Service Plans and Catalogs, please refer to the Service Plan Creator Quick Reference Guide located at www.rapidfireotools.com/nd. The Network Detective Portal The Network Detective (ND) Portal is used to process Investigate Alert Action Requests and Ignore Alert Action Requests created in response to Anomalies, Changes, or Threats (ACT) detected by the Detector Appliance. The Portal acts as an ACT triage center that enables technicians to view a To-Do list of Investigate Alert Action Requests and Ignore Alert Action Requests and to enable processing of these requests by: transferring the requests to Ticketing/PSA Systems such as Autotask, ConnectWise, and Tigerpaw using the Portal to modify Detector Smart-Tags to configure the Detector Appliance to more effectively detect Security Policy violations and address False Positives creating Ignore Rules to address Alert False Positives completing a given Action Request To access the ND Portal, visit the default web site URL of https://alerts.alert-central.com. To learn more about the Portal refer to the Detector User Guide. To set up Detector SDS integration of the Autotask, ConnectWise, or Tigerpaw ticketing/psa systems with the ND Portal, please refer to Appendix B - Set Up and Assign a Ticketing System Integration to a Site. Diagnostic Tool This tool is used for configuring and troubleshooting the Detector. The Diagnostic Tool should be run on the same network as the Detector to perform diagnostics checks such as for Detector connectivity or for available updates. Network Detective Application This is the same Network Detective desktop application and report generator that is used with any other Network Detective modules. This application contains additional features to manage the Detector remotely. 5

Detector Deployment Options There are three Detector deployment options available to users: Detector deployment on a user owned and operated Hyper-V based system Detector deployment on a user owned and operated VMware based system Detector deployment on the Small Form Factor Computer Server available from RapidFire Tools The next section outlines the steps to set up the scans, alerts, notices, and automatic report generation to be performed using Detector. Detector System Requirements Below are the minimum requirements for installing and operating Detector. Please note the Operational Requirements that must be met after Detector has been installed and deployed. Hyper-V Install Requirements: Hyper-V Enabled Operating System (Windows 8.1+) 2 GB Available RAM 20 GB Hard Drive Space VMware Install Requirements: ESXi 5.5+ 2 GB Available RAM 20 GB Hard Drive Space Operational Requirements: i5 Processor for dedicated use. Xeon server class processors for non-dedicated. 6 GB Available RAM 20 GB Hard Drive Space 6

General Overview of Detector SDS Use and Operation Detector SDS is used to Detect and Alert upon Security Policy Violations that may consist of network Access Anomalies, Changes, and Threats (ACT). Detector SDS will scan a network and compare collected data with a set of predefined network Security Policies that are contained within a Security Service Plan you create and assign to a Detector Site. When Detector identifies a Security Policy Violation, there are a series of rule based Alert Notification Actions and Response Action Workflows that can take place on a Daily basis in response to these violations. These Actions include: Investigate Alert Requests sent to a Tech Group via email Investigate Alert Requests are automatically created as To Do items in the ND Portal to enable your company technicians to efficiently manage security incident perform Triage on the issue Security Policy Violation Alerts sent to an End User Group containing a list of email recipients at your client s company Tickets being automatically generated in your Ticketing/PSA system for investigation, security incident response, and remediation purposes Detector SDS contains a number of other features that can enable you to package, market, and sell Security Services. These features include the Service Plan Creator and the Service Catalog generation tool that may be used to produce marketing literature and service contract documents. Defining the Detector Security Policy Violation Detection, Scanning, and Alerting Settings The setup process of the Detector SDS consists of setting up the following options: Policy Configuration using Service Plans with pre-configured Security Policies used for policy violation detection of network Anomalies, Changes, or Threats (ACT) Notification Configurations consisting of Actions that automatically occur in response to Security Policy Violations. These Actions include: o Daily Alert Notification Emails sent to Technicians (Techs) o Daily Alert Notification Emails sent to End Users o Automatically created Tickets in Autotask, ConnectWise, or Tigerpaw Email Notification configuration that enables you to set up Tech and End User Notification Email Groups of recipients set up to receive Daily Security Policy Violation Alert Notifications Setting up Scans o Level 1 (Daily) Network Scan configuration and scheduling o Level 2 (Weekly) Network Scan configuration and scheduling 7

Weekly Notices Recipient assignment, notice Event Selection, and Scheduling Smart-Tag configurations to facilitate the refinement of security policy-based ACT detection Setting up Ticketing System Integration for use with the Network Detective (ND) Portal and Network Detective Sites (Detector SDS Only) ND Portal Customization o Portal Branding o Custom Portal Subdomain o Custom SMTP Server Usage for Alerts and Notifications Configuring Daily and Weekly Data Collection Scans and Schedules Detector based scans can be setup to run on a daily and weekly basis. Below is an overview of the scans that can be set up and performed using the Detector. Level 1 Scan (Daily) Scan The resulting daily scan can be used to issue Daily Alerts concerning identified Anomalies, Changes and Threats (ACT) to the network based upon the Security Policies and Smart-Tag configuration set up within the Detector during deployment. Level 2 Scan (Weekly) Scan The resulting weekly scan can be used to issue Alerts about identified Internal Network Vulnerabilities and Weekly summaries of all detected network changes. 8

Setting Up Detector Step 1 - Initial Set Up of the Detector Appliance 1. Install Detector on your client s network by either: a) connecting the Detector installed on the Small Form Factor Server Computer that you purchased from RapidFire Tools to your client s Network. b) going to www.rapidfiretools.com/nd to download and install the Network Detective Virtual Appliance on a Hyper-V or VMware enabled computer operating within your client s network. For more information about installing the Virtual Appliance, please download the Virtual Appliance Installation Guide for Detector. 2. After successfully deploying Detector, visit www.rapidfiretools.com/nd to download and install the latest version of the Network Detective Application. Then run Network Detective and login with your credentials. 3. Create a new Site by selecting the New Site option. Set the Site Name for the Site in Network Detective. Select the OK button to create the site. Step 2 - Associate Detector with a Site and Access Detector Settings 1. From within the Site Window, select the selector symbol to expand the Site s Preferences in order to Add an Appliance. 2. Next, select the Add Appliance button. The Add Appliance window will be displayed. 3. Select the Appliance ID of the Detector Appliance from the drop down menu. Note: When users have purchased a Small Form Factor Server Computer, the Appliance ID can be found on a printed label on the Small Form Factor Server Computer itself. After selecting the Appliance ID, select the OK button to continue. 9

4. After successfully adding a Detector to the Site, its Appliance ID will appear under the Appliance bar in the Site Preferences window. The status of the Appliance will be indicated as Active. Warning Concerning the Removal of a Detector Appliance from a Site: When a Detector has been Associated with a Site and the Scan Schedule, Alert Schedule, Alert Recipients, and Smart-Tags settings have been defined, if the Detector is ever Associated with a different Site, the original Site s Detector settings will be automatically deleted. Step 3 - Set Up the Detector Scan Host and Scan Configuration The Detector Appliance requires access to at least one separate, additional PC on the client s network. This computer is called the Scan Host. The Scan Host is used to initiate scans. Be sure that the computer you select to be a Scan Host meets the necessary Admin$, WMI, File and Print Sharing requirements and their respective firewall settings. The computer must also be operating Windows 7 or higher. For more information on Scan Host requirements, see Appendix E Additional Scan Host Configuration Options and Requirements. Follow the steps below to set up a Scan Host and configure the scan: 1. After associating the Detector with the Site, select the Detector Settings Icon located in the Network Detective window to view the Detector Settings window. 2. In the Detector Settings window, select the Modify Scan Configuration option. The Scan Configuration Wizard will appear. 10

3. Enter the following information about the Scan Host(s): a. One set of login credentials for all PCs that will serve as scan hosts b. IP Address or Computer Name for the PCs that will serve as scan hosts c. Domain name (NOT the name of the domain controller) If you are in a Workgroup environment, see Assigning Scan Hosts within a Workgroup. Note: We recommend that you assign at least two PCs to serve as scan hosts. This will allow scans to run even if one scan host becomes unavailable. 4. Click Test Scan Hosts. A message will appear indicating whether a connection can be established to each scan host. If the connection cannot be established, be sure the scan host meets the requirements and that you have entered the correct credentials. See Appendix E Additional Scan Host Configuration Options and Requirements for more information. 5. Follow the steps presented in the Wizard and select Finish to complete the Scan Host set up and Scan Configuration step. 11

Once installed and configured, the Detector Scan Host is used to perform network and push local computer scans to ping-able computers during the Daily Scan process. Step 4 - Schedule Scans, Daily Alert Notifications, and Weekly Notices 1. In the Detector settings window, select the Modify Schedules option. The Schedule window will be displayed. 2. Define the Time Zone, the time that the Level 1 (Daily) and Level 2 (Weekly) scans should start, and the days and times that the Daily Alerts resulting from Security Policy Violations and Weekly Notices should be sent to designated recipients. Select Save to store the Schedule settings. Step 5 - Configure Technician Email Group During the Security Policy Configuration step later in this Guide, you will configure the Security Policies that Detector will Alert upon during its operation as the Appliance detects violations to the selected policies. During the Security Policies Configuration process, it will be necessary to define policy violation detection response Action. This Action may include the sending of an Alert Notification Email to a predefined list of recipients referred to as a Detector Email Group. In this step, we will set up the Email Group that will be used when one particular Detector Action named Email Tech is designated as a particular Security Policy violation s response Action. To create the Email Tech action s Email Group, follow these steps. 1. Select the Modify Email Configuration option. 12

2. Select the Email Groups tab in the Email Configuration window. 3. Select the Add Email Group button. 4. The Add Email Group window will be displayed. 5. During this step, you will enter in the Name of the Email Group, select the Group Type, and select or type in the email addresses of the recipients that will receive email notifications sent to this Email Group. a. For this Quick Start set up process, type in the Name of the Email Group you will use for your Company s Tech Team Email Group. b. Next, set the Group Type to be Tech. c. Finally, select the To button to select email addresses from a list of your company s Network Detective users. to define the Recipients of Daily 13

Alert Notification Emails. You can also directly type in the email address of the recipients as well. d. Once you have selected the email addresses for your Tech Team Email Group, Select the OK button to save your new Email Group. 6. Proceed to Step 6 below before selecting the Email Configuration window s Save & Close button. Step 6 - Set Up Subject Text for End User and Email Tech Alert Notification Emails 1. Select the Email Subjects tab in the Email Configuration window. 2. Enter a reference to the Detector s Network Detective Site name within the Subject line for the End User Alert and Tech Alert Notification Email messages. 3. Select the Save & Close button. 14

Step 7 - Assign Security Policies for Policy Violation Detection and Alerting The Policy Configuration option enables you to define when Detector sends alerts containing information about identified threats to Access Control, Computer, and Network Security policies that are detected by the Detector Appliance. 1. In the Detector Settings window, select the Policy Configuration Modify button to access the Policy Configuration options window. The Policy Configuration window will be displayed. 2. Using the Service Plan option, select the Gold Service Plan to assign an initial set of Security Policies to your Detector s configuration. To learn more about Service Plans and how to create custom Service Plans, please refer to the Detector User Guide. Any Policy Item listed and presented in Red Text indicates that this policy requires that some policy specific Smart- Tags must be set up. To learn more about Smart-Tags and their use, please refer to Step 11 Set up of Smart-Tags. In some cases, Smart-Tags that are associated with these particular policies may need to be set up if alerts are to be generated or to prevent the detection of false positives. Policies listed in Black Text within the Policy Configuration window are either: a) policies that do not require a Smart-Tag b) policies that require Smart-Tags that have been configured Select one or more of Policies that you would like Detector to alert upon when a policy violation has occurred. During this process, be sure to note which Smart-Tags must be configured to enable alerts to be sent when violations of the selected Security Policies take place. 15

3. Select the Next button. The Configure Notifications window will be displayed. Each Security Policy s Alert Notification Rule is assigned one of four Action options: Create Ticket Email Tech Email End User None When the Create Ticket Action is assigned to a policy s Alert Notification Rule, Detector SDS will automatically submit an Alert to your Ticketing System/PSA based on the Ticketing System to Site Mapping configuration contained within the Portal s Settings. For more information about how to set up Detector SDS to work with your Autotask, ConnectWise or Tigerpaw Ticketing System/PSA, refer to Appendix B - Set Up and Assign a Ticketing System Integration to a Site. 4. In this step, an Action will need to be assigned to each policy violation Notification associated with a given Security Policy. a. Right click on the Action column and select the Select All menu option. b. The list of Security Policy Notifications will be highlighted in Blue. c. Next, right click again on the Action column. d. Next, select the Select Action menu option. e. Then select the Email Tech menu option. This selection will assign the Email Tech Action to all of the selected Security Policies. 16

5. In this step you will assign your Company s Tech Team Email Group to each of the Security Policy Notifications that were assigned the Email Tech Action. a. Right click on the Email Group column and click on the Select Group Name menu option. b. The list of available Email Groups for selection will be displayed. c. Select your Company s Tech Team Email Group. To create a Group, refer to Step 5 - Configure Technician Email Group. d. Now, all of the Email Tech Notification Action for each Security Policy will be assigned the Email Group you selected. 6. Next, select the Finish button to save your selections. Note: Service Plans have a set of recommended Reports that should be generated on a regular basis. If you want to have these reports automatically generated, then set up the necessary Network and Security Assessments using the Network Assessment and Security Assessment Modules to generate the reports to be run. Step 8 - Set Up Weekly Notice Notification Recipients 1. Go to Detector settings window and select the Add Recipient button on the Weekly Notice bar. The Weekly Notice Alerts configuration window will be displayed. 2. Within the Email Configuration tab, define the recipients of Weekly Notice Alerts emails either by: a. selecting the To button and selecting recipients from list in Select Users Form b. entering in recipient email address(es) manually in the To field. After adding the recipient email addresses, select the Selected Notices tab. 17

3. Set the Selected Notices by selecting the Weekly Notice Alerts options available in the list. After you have selected the Weekly Notice types that you want sent to the selected Recipients, click on the Save & Close button to save your Weekly Notice Alerts settings. Please Note: Two Weekly Scan Data Sets must exist in order for a Weekly Notice to be generated and sent. For example: from a past scan (last week) and most recent scan (this week). Step 9 - Run Scan to Perform Initial Data Collection In order to perform Step 10 Download Detector Initial Data Collection Scan Data, it is necessary for Detector to perform an initial Data Collection on the network. This initial Data Collection is performed through the execution of the Level 1 Scan (Daily Scan). Two options are available to you in order to perform this initial Data Collection: 1) Wait until Detector completes the Level 1 Scan (Daily) scheduled in the previous step. 2) Use the Detector Scan Now feature to start the Level 1 Scan (Daily). When either the scheduled scan or the scan initiated with the Scan Now option have been completed, the scan data must be downloaded into the Detector s Smart-Tags settings window Step 10 - Download Detector Initial Data Collection Scan Data 1. After the initial Data Collection scan is complete, select the Smart-Tags link in the Detector Settings window. The Smart-Tags window will be displayed. 2. Select the Download Scan button to download the scan data. 3. After the scan data has been downloaded, you may select the Configure link to return to the 18

Detector Settings window. Otherwise, to set up Smart-Tags proceed to Step 11. Step 11 - Set up Smart-Tags (optional) Smart-Tags are used to enable Detector s Machine Learning capability in order to further detect violations to the Security Policies you select, as well as, eliminate False Positives. During the initial set-up of the Detector Appliance, this step is optional. You may either close the Detector Settings window and wait for Detector to start running scans and sending Alerts, or you may proceed with setting up Smart-Tags. This step is dependent on the successful completion of Step 9 and Step 10. To configure Smart-Tags, follow these steps. 1. For the initial set-up of the Detector using this Guide, configure the following Smart-Tags: SMART-TAG ITEM TAGGED WHY IS THIS ITEM BEING TAGGED? RESTRICTED NETWORK Network Devices added to this network must be authorized BUSINESS OWNER PC Computer Only the Business Owner is authorized to access RESTRICTED IT ADMIN ONLY Computer Computers may only be accessed by IT Administrators SINGLE DESKTOP USER User Users are only supposed to access one computer LOCKED DOWN COMPUTER Computer No applications are to be installed or removed SENSITIVE COMPUTER Computer Screen lock should be enabled on these computers 2. Search the list of Recommended and Available Smart-Tags displayed in the Smart-Tags window with those you previously noted above. Note: Some Smart-Tags have a Red Corner marker in the tag s icon. These marked Smart- Tags represent tags that must be set up to enable alerts to be sent for the specific Security Policies you selected in Step 7. 19

3. Double-click on a Smart-Tag icon to open the Tag. Depending on the requirements for the Smart- Tag you are configuring, select or type in the Computers, Users, SSIDs, Printers, or IP Addresses that are required to configure the specific tag. 4. After configuring the Smart-Tag, select the Save & Close button to save the Smart-Tag s configuration. 5. After configuring the six (6) Smart-Tags defined in item one (1) above, select the Configure link to return to the Detector Settings window. 6. After completing all of the Detector settings configuration, you can exit the Network Detective application. Step 12 - Set Up Ticketing/PSA System Integrations (Optional) To set up Detector SDS integration of the Autotask, ConnectWise, or Tigerpaw ticketing/psa systems with the ND Portal, please refer to Appendix B - Set Up and Assign a Ticketing System Integration to a Site. 20

Appendix A - Sample Tech Alert and End User Alert Notifications and Weekly Notices Below are samples of email messages that present a Tech Alert and End User Alert Notifications and a Weekly Notice. Sample Tech Alert Sample End User Alert 21

Sample Weekly Notice 22

Appendix B Set Up and Assign a Ticketing/PSA System Integration to a Site Using Detector SDS To successfully configure the Autotask, ConnectWise, or Tigerpaw Ticketing/PSA system integration with the ND Portal, you will require the following information for the ticketing system you plan to set up for use with the Portal: This information will include: your Username and Password for your Ticketing System/PSA Integration Account provided by the Ticketing System s manufacturer URL for the Ticketing/PSA system s API Integration system access Step 1 Set Up a Connection to your Ticketing System/PSA Follow these steps to set up a Connection to your Ticketing System/PSA in the Portal. 1. Visit https://alerts.alert-central.com and log into the Network Detective Portal. Note: In order to configure the Settings in the Portal, the login credentials you use to access the Portal will require the Master User rights for your company s Network Detective account. 2. Select the Global Settings option. 23

3. Select the Connections option. 4. Select the Add option to create a new Ticketing System/PSA Connection to be later assigned it to a Network Detective Site. The Add Connection Setup New Connection window will be displayed. 5. In the Setup New Connection window, select the Connection Type by selecting the Autotask, ConnectWise, ConnectWise REST, or Tigerpaw system. Note about ConnectWise Support: For ConnectWise connections, you will need to set up an Integrator ID and use the Integrator ID login credentials when setting up a ConnectWise integration in the ND Portal. To learn more about setting up a ConnectWise Integrator ID to work with the ND Portal, refer to Appendix C Setting up a ConnectWise Integrator Login ID. If you are using the ConnectWise REST API integration, see Appendix D Setting up a Network Detective to ConnectWise REST API Integration. 24

6. Then select the Test Login button to test the Connection to the Ticketing/PSA system you selected. 7. Then enter in the information required to set up the Connection. This information will include: your Username and Password for your Ticketing System/PSA Integration Account provided by the Ticketing System s manufacturer URL for the Ticketing/PSA system s API Integration system access 8. Select the Test Login button to test your Connection login. After a successful test login, the second Add Connection Ticket Details window will be displayed. 9. Continue creating your Connection by entering in the necessary Ticket Details that is relative to the Ticketing System /PSA you are using in your Connection setup. For Autotask. set up the Company Name, Work Type, Assigned Resource, Role, Due Date, Issue Type, Queue, Priority, Status and Source fields. For ConnectWise, set up the Company Name, Service Board, Status, Service Type, Source, and Priority fields. Sub-Service Type and Service Item should be completed if applicable. For Tigerpaw. set up the Service Board, Service Type, Account, Representative, Status, and Priority fields. Select the Test Ticket button to continue. The Add Connection Settings Confirmation window will be displayed after the Test Ticket process is successful. 25

10. In the Add Connection Confirm Settings window presented, enter the Name for your new Connection to the Ticketing System/PSA in the Name field. 11. Review the Connection s configuration details and select the Save button to complete the creation of your Ticketing System/PSA Connection setup. 12. The new Connection created will be listed in the Portal s Connection list. 13. Your new Connection will be listed in the Connections list. Step 2 Map your Detector s Site to a Ticketing System/PSA Connection Follow these steps to map a Ticketing System/PSA Connection to the Network Detective Site associated with your Detector. 1. In the Integrations window, select the Add button located in the Site Mappings section of the window. The Map Site to Connection window will be displayed. 2. Select the Network Detective Site you want to assign to this Ticketing System/PSA Integration. 3. Next, select the name of the Connection that you want use to link the Site to your Ticketing System/PSA. 26

4. After selecting the Connection name, use the Company Lookup field to search and select the Company name to be referenced when generating Tickets for the selected Site. 5. Select the Save button to save your Site Mapping to Ticketing System/PSA Integration. 6. The Site s mapping to your Ticketing System/PSA Integation will be saved and listed in the Site Mappings list. Your Portal account now can be used to create tickets for any Alerts or To Do items listed in the Portal for the Network Detective Site you selected. 27

Appendix C Setting up a ConnectWise Integrator Login ID Before configuration items can be imported into the ConnectWise PSA, the appropriate permissions must be setup in your ConnectWise system and you must configure a ConnectWise Integration Connection in Network Detective Portal. Setting up an Integrator Login in ConnectWise Navigate to System-> Setup Tables Type Integrator into the Table lookup and hit Enter Click the Integrator Login link Click the New Icon to bring up the New Integrator login screen as shown on the right. Enter and record Username and Password values which you will need later on when configuring a ConnectWise Integration Connection in the Network Detective Portal. Set the Access Level to All Records. Using the ConnectWise Enable Available APIs function, enable the following APIs: ServiceTicket API Company API Reporting API System API Note: If using the Network Detective Application s Export Options, then additional API s must be set up as referenced in the Network Detective User Guide. Click the Save icon to save this Integrator Login. 28

Appendix D Setting up a Network Detective to ConnectWise REST API Integration To set up a connection between the ND portal and the ConnectWise Ticketing system using the REST API you will be required to: Step 1 Download and Install the ConnectWise Manage Internet Client Application To enable the integration, you will need to use the ConnectWise Manage Internet Client application. Download and install the app from http://university.connectwise.com/install/. Then log in using your credentials. If you are using the ConnectWise Manage web app, you can continue to use the web app after you have completed the steps in this guide and enabled the integration with ND. Step 2 Select the ConnectWise Ticket System API Member Account to Integrate with Network Detective 1. From the ConnectWise dashboard, click System from the side menu. 2. Next, click Members. 3. Click on API Members Tab. The API Members screen will appear. Note that the API Members Tab may not show by default and may need to be added. You can add this tab from the Tab Configuration menu on the Members page. 4. Click on the button to create a new API Member. Fill in all required information. 5. Confirm that the API Member has been assigned Admin rights by checking the member s Role ID under Security Information. Step 3 Create an API Key in the ConnectWise Ticketing System 1. Select the API Member that you created previously. 2. From the API Member details screen, click API Keys. 29

3. Click the button. 4. Enter a Description for the API Key. 5. Click Save. 6. The newly generated API Key will appear. 7. Write down or take a screen shot of the Member s Public and Private API Key strings. This information will be required to set up the integration between ND and ConnectWise. Note that the Private Key is only available at the time the key is created. Be sure to copy the keys for your records. Step 4 Configure Service Tables in ConnectWise In order to export issues from ND as tickets in ConnectWise, you will need to configure several Service Tables in ConnectWise. These tables ensure that the issues in ND are mapped correctly to the tickets created within ConnectWise. You must configure the Service Tables correctly in order to establish the connection between ND and ConnectWise. You can configure the Service Tables in ConnectWise from System>Setup Tables>Category>Service. Configure the Service Tables as detailed below: 1. Service Board You must have a Service Board created within ConnectWise. In addition, within the Service Board, you must create values for the following fields. You can create values for these fields from the Service Board page: a. Statuses b. Types c. Teams You must create at least one value for each of these fields. 30

In addition, you must define values for two additional Service Tables: 2. Source You must include at least one Source. 3. Priority You must include at least one Priority level. If your existing Service Tables already contain values for the fields listed above, you do not need to create new values. Once you have completed the configuration requirements detailed in this topic, you can then proceed to Appendix B Set Up and Assign a Ticketing/PSA System Integration to a Site Using Detector SDS. 31

Appendix E Additional Scan Host Configuration Options and Requirements The Detector Appliance requires access to at least one separate, additional PC on the client s network. This computer is called the Scan Host. The Scan Host is used to initiate scans. Scan Host Requirements Before proceeding to set up the Scan Host, ensure that the following requirements are met: The Scan Host PC must have Windows 7 or higher. WMI, Admin$, and File and Print Sharing must be enabled on the network along with their respective firewall settings. Note that in order to initiate the scans, the Scan Host PC must also: be turned on be connected to the network Assigning Scan Hosts You assign Scan Hosts in the first step of the Scan Configuration Wizard. We recommend that you assign at least two PCs to serve as scan hosts. This will allow scans to run even if one scan host becomes unavailable. To assign Scan Hosts: 1. In the Detector Settings window, select the Modify Scan Configuration option. The Scan Configuration Wizard will appear. 2. Click Modify Settings if you wish to modify a previously configured scan. 32

3. The Scan Hosts window will appear. Next assign scan hosts: a. Enter one set of login credentials to access the PCs that you wish to designate as scan hosts. b. Enter the name of the domain (NOT the name of the domain controller). c. Enter the IPs or computer names of the computers that will initiate the scans. 4. Once you have entered scan hosts, click Test Scan Hosts to be sure you can connect. If you are unable to connect, verify that the A) scan hosts meet the requirements listed above, B) that you have entered the values correctly as detailed in the image above. Assigning Scan Hosts within a Workgroup If you are working within a Workgroup environment, you will need to enter the following characters into the Domain field when assigning scan hosts:.\ (without quotation marks). 33

Detector Service Delivery System (SDS) Version 3.0