Navigating the Airlock Console

This document provides a detailed walkthrough of navigating the Airlock console. It guides users through various features and functionalities available within the console, allowing them to effectively manage their environment. The instructions include how to view and interact with dashboards, manage baselines and allowlists, handle exceptions, and configure policies.

Step 1

Upon logging into the console, you will first arrive at the dashboard page.

Step 2

The dashboard provides a high-level overview of your environment. You can explore various widgets to delve deeper into the data presented, such as blocklist executions or blocked executions, which offer valuable insights.

Step 3

These widgets provide significant value to your organization. You can adjust the time selector to view data over a specified period, such as two weeks, to analyze file executions and build trust or review activities for your organization.

Step 4

From this page, you can focus on file executions or file overviews. The same operations apply to the extension overview. By examining multiple weeks, you can observe all blocked or untrusted browser executions.

Step 5

You can also monitor real-time activity, which displays live events within your environment. This includes viewing the server activity history, which logs actions such as new reputation lookups, policy modifications, and login activities.

Step 6

The Server Health pane provides an overview of the Airlock console’s performance. You can restart client services, monitor memory and RAM utilization, and access baselines to establish trust in core components of the operating system.

Step 7

Add new baselines by right-clicking, importing, or examining reference baselines to integrate into your environment. These baselines are continuously updated by the Airlock team. Additionally, you can customize allowlists by defining metadata rules and criteria to build trust.

Step 8

For instance, examine the Call on Windows 11 allowlist and navigate to the allowlist metadata, where you can layer criteria to create trust. Use the allowlist for hash-based trust or include browser extension IDs as necessary. Allowlists can be associated with parent or child groups in the policy section.

Step 9

The next tab in the navigation menu is blocklists. Blocklists supersede audit or OTP modes. Use blocklists to prevent execution of items that should never run in your environment, complementing Airlock's deny-by-default nature.

Step 10

For example, my blocklist associated with policy groups blocks Wireshark, Discord, and Spotify. Use criteria layering to enforce blocks. Predefined blocklist packages address techniques and system hardening, helping manage shadow IT.

Step 11

If any blocklist items interest you, import them into your environment. After importing, you can customize these blocklists to suit your needs. Airlock offers extensive customization capabilities.

Step 12

The OTP (One-Time Pad) section handles exceptions in Airlock. If clients or agents are in enforcement and an exception is required, provide an OTP code. All data is funneled to the console.

Step 13

Similarly, the self-service exception handling mode is available. From OTP sessions, right-click to add items to the allowlist, creating trust. The console's next section covers policies.

Step 14

Policies define agent topology. Focus on specific groups, such as Indianapolis Windows Workstation, and view agents in respective audit and enforcement groups. The right-hand side displays criteria forming a policy.

Step 15

Criteria include baselines, allowlists, blocklists, and various trust-based elements. In the policy section, when focusing on a child group, modify group or agent settings. The search section enables reporting and query execution within the Airlock console.

Step 16

The last primary navigation section is settings, containing subsections like user management, RBAC control, domain or cloud directory syncing, logging options for SIEM or data lake integration, and reviewing database and server activity history.

Step 17

Under License, view Airlock license information. The Reputation section covers VirusTotal OEM integration. Privacy settings allow enabling command line collection.

Step 18

Lastly, the Others section displays security certificates, the VirusTotal API key, cloud preferences for hosted client upgrades, and predefined rules. Thank you.