Let’s turn our focus to keeping the appliance up to date. There are three types of appliance updates available from the DTI cloud. By default the information will be downloaded from cloud. FireEye.com using a content delivery network. These include guest image updates, security content and appliance images known as software version updates. Software version updates are performed as part of the initial configuration and periodically with new releases patches or malware threat profiles. First we’ll look at guest images. A physical appliance will contain guest images. New releases often become available at the same time as an appliance image.
As you can see various versions of the guest images are available to test against to ensure analysis is complete. New security content updates are checked regularly and automatically downloaded from the DTI. They include the latest malware threats from the global community. Blocking rules are created for new threats as soon as they are identified. Manual updates are available if needed. By default new security content updates are checked every 15 minutes, but this can be changed. Security content settings can be set to update at a defined frequency of 10, 15, 20 or 30 minutes or alternatively at a custom time daily or hourly. Software version updates are a little more involved and often a three stage process. The summary screen in the about tab shows available updates for the software version.
Click the upgrade tab in the software version notification box to be brought to the upgrade screen. On this screen you’ll see the available entries and the status for each. You may force a check for a later version by clicking on the action wheel and using check. Through checking if an appliance image or software version is showing as available clicking the action wheel once again will offer you the opportunity to download the file directly to the appliance. The status can be shown by refreshing the page. When the download is completed click the action wheel again to install the new image. When installed, click the action wheel to reload the system. After you upgrade you’ll be prompted with a new screen after logging in. This will show you what’s new with the latest versions you have just installed and give you an option to explore the new features.
The final area of the system maintenance checks we’ll cover in this session is backups. Manual backups can be one of four types. ‘Config’ backs up the configuration database which stores appliance configuration settings. ‘Config + FEDB’ backups the configuration database, FireEye appliance database and appliance specific data. ‘FEDB’ backs up the FireEye appliance database only. ‘Full’ backs up the configuration database, FireEye appliance database, appliance specific data and detections. Note that license keys and guest images are not included in the backup. You must reinstall the license keys and guest images separately.
Network settings can be restored.
Backups can be stored locally on the appliance, downloaded to a connected disk or transferred to a remote server using SCP or SFTP. Using the CLI only it is possible to configure and enable automatic backup jobs. You can specify how often you want the backup job to run automatically. Full instructions to enable automatic backups can be found in the administration guide.
Be aware, additional space is required when you schedule automatic backups to run frequently. You must monitor the generated backups and delete the unnecessary backups to avoid running out of disk space on the appliance. To restore a backup, choose from one of the existing backups listed. if you wish to restore any backup other than a config backup. The appliance will need to be using the same software version as was used to create the backup.