A health policy is a collection of health module settings you apply to an appliance to define the criteria
that the Defense Center uses when checking the health of the appliance. The health monitor tracks a
variety of health indicators to ensure that your FireSIGHT System hardware and software are working
correctly.

When you create health policies, you choose which tests to run to determine appliance health. You can
also apply the default health policy to any appliance.

Understanding Health Modules

License:

Any

Health modules, also sometimes referred to as health tests, are scripts that test for the criteria you specify
in a health policy. The available health modules are described in the following table.

Table 55-1

Health Modules

Module

Description

Advanced Malware
Protection

This module alerts if the Defense Center cannot contact the Collective Security Intelligence
Cloud, either to retrieve file disposition information for files detected in network traffic or to
submit files for dynamic analysis, or if an excessive number of files are detected in network
traffic, based on the file policy configuration.

This module runs on all Defense Centers except the DC500, which does not support advanced
malware protection.

Appliance Heartbeat

This module determines if an appliance heartbeat is being heard from the appliance and alerts
based on the appliance heartbeat status.

Automatic Application
Bypass Status

This module determines if an appliance has been bypassed because it did not respond within the
number of seconds set in the bypass threshold, and alerts when a bypass occurs.

CPU Usage

This module checks that the CPU on the appliance is not overloaded and alerts when CPU usage
exceeds the percentages configured for the module.

This module is not available for health policies applied to 3D9900 devices.

Card Reset

This module checks for network cards which have restarted due to hardware failure and alerts
when a reset occurs.