Monitor ECA from Eyeglass
Remote Service Authentication and Protocol
You can configure Eyeglass to communicate with multiple Ransomware Defender or Easy Auditor endpoints.
Each endpoint requires a unique API token, which you generate through the Superna Eyeglass Integrations window.
To create or view tokens, navigate to: Eyeglass Menu → Integrations → API Tokens.
After generating a token for a specific ECA, include it in the ECA's startup command for authentication, along with the Eyeglass location.
For more information, see API Guide - Creating Tokens
Communication between Eyeglass and the ECA is initially bidirectional. The ECA sends security events to Eyeglass, and Eyeglass regularly queries the analytics database and tests database access.
The ECA performs the following tasks:
- Sends heartbeats to Eyeglass.
- Notifies Eyeglass of any detected threats.
- Periodically sends statistics on processed events.
- Periodically polls for updated ransomware definitions, thresholds, and ignore list settings.
Monitoring Service Registration with Eyeglass
The Manage Services icon in Eyeglass displays all registered ECAs and CA UIM probes operating remotely from the Eyeglass appliance. The screenshot below shows three ECA nodes registered and the health of each process running inside the node.
Understanding Service States
- Active: The service has checked in with a heartbeat.
- Inactive: The service has failed to send a heartbeat and is no longer processing.
Interpreting Health States
- Up: The service is running, and the uptime is displayed in days.
- Down: The service is not running.
Do not use the Delete icon per service registration unless directed by support. This action removes the registration from the remote service.