Topics on this page
Customize advanced system settings
A number of advanced configurations can be performed via Administration > System Settings > Advanced.
You can automate system setting changes using the Workload Security API. For examples, see Configure Policy, Computer, and System Settings.
Export
Export file character encoding: The character encoding used when you export data files from Workload Security. The encoding must support characters in your chosen language.
Exported Diagnostics Package Language: Your support provider may ask you generate and send them a Workload Security diagnostics package. This setting specifies the language for the package. The diagnostic package is generated through Administration > System Information.
Manager AWS Identity
You can configure cross-account access. Select one of the following:
- Use Manager Instance Role: The more secure option to configure cross-account access. Attach a policy with the sts:AssumeRole permission to the Workload Security instance role, then select this option. Does not appear if Workload Security does not have an instance role.
- Use AWS Access Keys: Create the keys and attach a policy with the sts:AssumeRole permission before you select this option, and then type the Access Key and Secret Key.
Application Control
Every time you create or modify an Application Control ruleset, it must be distributed to all computers that use it. Shared rulesets are larger than local rulesets. Shared rulesets are also often applied to multiple servers. If all the computers download the ruleset directly from the manager at the same time, the high load could cause slower performance. Global rulesets have similar considerations.
Using relays can solve this problem. For more information, see Distribute security and software updates with relays.
To use this option, create a relay group, then go to Administration > System Settings > Advanced and select Serve Application Control rulesets from relays.
Verify compatibility with your deployment before using relays. If the agent does not have any previously downloaded rulesets currently in effect, and if it does not receive new Application Control rules, then the computer cannot be protected by Application Control. If an Application Control ruleset fails to download, a ruleset download failure event is recorded on the manager and on the agent.
Asynchronous Tasks
A number of Notification Service tasks are executed asynchronously. You can enable and disable them when required. Once enabled, the following tasks are executed in the background, with their status indicated by the bell notification icon at the top of the console:
- Send Policy To Computers Asynchronously
- Export Computers Asynchronously
- Generate Single Reports Asynchronously
- Export Events Asynchronously
- Dismiss Computer Alerts Asynchronously