Home
Guardian
Administrator Guide
Information and resources about the Administration section of Guardian, and the tasks that you can do in this part of the software.
Administration
System
Network interfaces
The Network interfaces page shows information on how much network traffic is being ingested/captured.
Configure a denylist
The Network interfaces page lets you configure denylists.
Denylist examples

Guardian
- Introduction
  An overview of Guardian.
- Installation Guide
  Information and resources on how to install Guardian, and the different options and settings that are available.
- Administrator Guide
  Information and resources about the Administration section of Guardian, and the tasks that you can do in this part of the software.
  - Administration
    - Administration page
      The administration page lets a user with administrator privileges configure settings and do other tasks.
    - Settings
    - System
      - General
        The General page lets you change the hostname and specify a login banner on a sensor.
      - Date and time
        The Date and time page lets you configure the date and time of a sensor.
      - Updates and licenses
        The Updates and licenses page lets you configure and manage the base software license and the licenses for optional features, such as Smart Polling, Threat Intelligence, Asset Intelligence, Arc, and Federal Information Processing Standards (FIPS).
      - Network interfaces
        The Network interfaces page shows information on how much network traffic is being ingested/captured.
        Configure a NAT rule
        The Network interfaces page lets you configure network address translation (NAT) rules.
        Configure a BPF filter
        The Network interfaces page lets you configure Berkeley Packet Filters (BPF).
        Configure a denylist
        The Network interfaces page lets you configure denylists.
        Denylist examples
      - Upload traces
        The Upload traces page lets you upload trace files and select the options for the uploaded file.
      - Export
        The Export page lets you export data in content packs.
      - Import
        The Import page lets you import data from multiple different sources, and in multiple formats.
      - Health
        The Health page lets you monitor the health of your sensors.
      - Audit
        The Audit page shows a list of all relevant user actions, from login/ logout to configuration operations, such as manually learning or deleting objects from the environment. This includes all recorded user actions based on the internet protocol (IP) address and username of the user who performed the action.
      - Data
        The Data page lets you selectively reset several kinds of data. You can select All, Only data, or None, depending on the type of user data that you want to reset.
      - Migration tasks
        The Migration tasks page gives you access to automated tasks that help you migrate the system configuration and settings to newer standards.
      - Operations
        The Operations page lets you reboot or shutdown the sensor, or manage the software updates for your sensor.
      - Support
        The Support page section lets you generate a support archive that you can then send to Customer Support when you need technical support.
      - Backup and restore
        The Backup and restore page lets you generate and schedule backup archives as well as restore the software from a backup.
- User Guide
  Information and resources about the main features of Guardian, and the tasks that you can do from the user interface (UI).
- Maintenance Guide
  Information about the maintenance tasks of Guardian, to help you administer and maintain the solution in a production environment.
- Print format documentation
  A list of all the print-format documentation that is available for Guardian.

Denylist examples

Table 1. Denylist examples

`- 192.168.1.* - 192.168.2.1 - 192.168.2.6...192.168.3.90 - 192.168.4.1/20 - 192.168.5.1 tcp 80 - 192.168.5.2 tcp 80 100-110 - 192.168.5.3 udp 11 22 2000-30000`	A wildcard in the IP in position 2, 3 or 4 is equivalent to a subnet ending in /8, /16 or /24. The last lines block only packets from a specific host/port (or set of ports).
`- 192.168.2.* - 192.168.2.1`	These entries are not disjoint, but the Guardian is able to fix automatically the conflict.
`- 192.168.3.2 tcp 80 - 192.168.3.1/24 tcp 100`	A logical error: 192.168.3.2 is an ambiguous match.
`- 192.168.3.1 tcp 100 - 192.168.3.2 tcp 80 - 192.168.3.3...192.168.3.255 tcp 100`	As the entries do not intersect, this is the right way to fix the error above.
`- 192.168.3.3 tcp 80 - 192.168.3.3 udp 100`	These lines are in conflict: an ip can be associated with at most one port filter.