Management Console - ZMC
      Back to home
      1. Vali Cyber Knowledge Base
      2. ZeroLock®
      3. Management Console - ZMC

      The ZeroLock® Management Console - Dashboard

      Details regarding the user interface of the ZeroLock Management Console's main Dashboard

        The home screen of the ZeroLock Management Console (ZMC) is called the Dashboard. Providing a wealth of information at a glance, the display is split into five (5) areas:  Banner, List of Homepages, Status, Recent Alerts, and Activity Log.

        Main Screen v2.0

        BANNER   

        The ZeroLock banner is the starting point for managing the ZeroLock Management Console (ZMC) itself. From this point on the upper right of the ZMC, you are able to access the current alerts status, edit the contact information of the logged in user, change the password for the user, and setup Multifactor Authentication (MFA) for the user.

        1) Open Alerts 

        Selecting OPEN ALERTS takes you to the ALERTS section.  The three (3) tabs to the right represent the counters for the severity types of alerts – High, Medium, and Low. Selecting any of these will also take you to the ALERTS section.

        2) User Profile

        To the right of the counters is the Profile button. The initial on the button represents the logged in user who, in this case, is the Default Tenant ‘superuser’. On selecting the button, a drop-down screen appears with the User name and Manage Account.  The user name is static, but Manage Account is interactive.

        3) Logout

        This will log you out of the ZeroLock Management Console.

        For a more information on the ZMC Banner please use the link - ZMC Banner .

        List of Homepages

        On the left side of the screen there is a list that links to the corresponding homepage and, like the ZeroLock banner, is visible on the left side of the screen regardless of the section you are in.  The section you are currently in will appear as blue on this list.

        White arrows indicate that there are subsections within a homepage. For example, selecting Manage Users opens a drop-down list showing the subsections Users, User Roles, and Tenants.  Selecting one of these will take you to that subsection.

        Each of the homepages has its own Knowledge Base article(s) which may be found on the ValiCyber support page

        STATUS

        Status_v2.0

        The Status section consists of twelve (12) tiles that provide a snapshot of the current state of each monitored section of ZeroLock protected systems (Endpoints).  

        The tiles are divided as follows:

        One (1) tile for the total number of alerts to date. 

        Four (4) tiles dedicated to specific malicious activity ZeroLock is protecting the endpoints from.

        • Ransomware
        • Cryptojacking
        • Tampering
        • Blocked

        Three (3) tiles representing the protection alerts generated for:

        • Program Execution
        • Network Access
        • File Access

        Four (4) tiles depicting the following information:

        • The total number of alerts generated by each endpoint.
        • A visual of the connections status of the endpoints.
        • SSH MFA logins for both successful and failed attempts.
        • The number of alerts generated each day over the last 7 days.

        RECENT ALERTS

        An alert is generated when ZeroLock detects system behavior that meets criteria set forth by previously configured Control Policies and Rules.

        Recent Alerts with Numbers

        Recent Alerts provides information for up to 100 alerts.  The most recent six (6) alerts are visible, with the ability to scroll down to see any previous alerts.

        Column Headings:

        1.    ID: The number of the alert. Starts with one (1).

        2.    TIME: Date and Time of the alert event. Format: dd-mm-yy hh:mm:ss.

        3.     STATUS: Options for cyberthreats: Blocked, Released, Remediated, and Suspended.   For SSH MFA only Success is shown.  The number of Failed Attempts may be found on the SSH MFA tile on the Dashboard. 

        4.    SEVERITY: Rating of attack:  Low (Green) or High (Red).

        5.    TYPE:

        • Ransomware (ransomware detection)
        • Cryptojacking (Crypto-mining/cryptojacking detection)
        • Tampering (Anti-tamper detected)
        • Blocked (A process has matched a HASH rule in place)
        • SSH-MFA (Successful SSH-MFA session creation)
        • Lockdown Rule (Lists the type of rule violated)

        6.    ENDPOINT: By number and name.

        Quantity Name ENDPOINT value shown
        1 testuser-1-vm 1 : testuser-1-vm
        2 host-3 2 : host-3

        7.    INFO – If malware, the number of files infected.  If SSH-MFA, User ID and IP address.  If a Lockdown rule, the name of the rule violated.

        • Malware: 45 files affected
        • SSH-MFA:  User: testuser1 IP:10.0.0.1
        • Lockdown Rule:  MITRE T1041 Block wget

        Alert Details

        Clicking anywhere on a row takes you to the ALERTS page for that specific alert incident where much more detailed information may be found. For example, clicking on the ID 41 row brings you to the screen below.

        Alert 40 v3.0.2

        For additional information please use this link - Alerts page.

        ACTIVITY LOG

        Activity Log v3.0.2

        The Activity Log tracks every User’s activity. The TIME column contains the Date and Time of the activity. Format is dd-mm-yy hh:mm:ss.  

        Under the INFO column is a brief description of the activity performed. Examples of the activity tracked include both successful and failed login attempts, connecting to endpoints, SSH sessions, disconnecting from endpoints, resetting passwords, editing configuration profiles. etc.

         

        For more information, please see the Vali Cyber support page