Skip to content

AQG Protect navigation

When you open AQG Protect, you’ll find four main tabs designed to facilitate comprehensive cryptographic management. These tabs provide tools for monitoring, policy enforcement, and configuration:

  • Dashboard - Offers an overview of your cryptographic management posture and key metrics.
  • Certificates - Provides tools for managing your certificates, including their lifecycle and rotation.
  • Policy templates - Allows you to define and apply cryptographic policies.
  • Configuration - Contains settings for AQG Protect.

The following sections provide details on each tab.

Dashboard

The Dashboard is where you gain a comprehensive view of your protected cryptographic assets. From here, you can monitor the health of all enrolled certificates and workloads, quickly spotting unusual activity, tracking key metrics, and investigating issues, such as alerts from an EDR solution.

Tip

In AQtive Guard Protect, a workload refers to any application, service, or process that performs cryptographic signature operations.

On the Protect dashboard, you’ll find four main views:

  • Workload usage - Displays cryptographic signature operations over the last 48 hours.
  • Most active workloads - Identifies the most active workloads over the last 48 hours.
  • Certificate expiration timeline - A graph visualizing certificate expiration trends, showing data for:
    • Certificates expired in the last 7 days.
    • Certificates expiring within 7 days.
    • Certificates expiring in the next 8-30 days.
  • Certificate expiration summary - Provides a breakdown of certificate statuses into four categories:
    • Expired.
    • Expiring within 7 days.
    • Expiring in 8-30 days.
    • Expiring in 30+ days.

Certificates

The Certificates tab provides a centralized view of all certificates managed by AQtive Guard. It displays comprehensive details for each certificate, enabling you to monitor its status and apply management policies.

The following details are presented for each certificate:

  • Certificate CName - The certificate’s Common Name (CNAME), which is typically the primary hostname or identity associated with the certificate.
  • Fully qualified name - The complete and unambiguous name of the host or resource associated with the certificate. This name must be unique.
  • Policy template - The policy template currently applied to the certificate.
  • Time to live - The certificate’s remaining validity period.
  • Protect setting - The specific protection settings applied by AQG Protect.
  • State - The current lifecycle status of a certificate/key pair within AQG Protect. This will either be:
    • Active - the certificate has been enrolled and deployed.
    • Awaiting deployment - the certificate has been enrolled but not deployed.
    • Renewing - The certificate is currently in the process of being renewed.

At the end of each row, you can select Details for more information about the certificate, such as the:

  • Certificate string - The complete, encoded cryptographic data of the certificate.
  • Deployment configuration - The specific settings for how a certificate is used on its deployed system or application.
  • Startup configuration - The parameters AQtive Guard Protect uses to manage a certificate when its client or agent initializes.

Policy templates

The Policy Templates tab allows you to view and manage the cryptographic policies available for comparison against your certificates. Here, you’ll see which policies a certificate is using or following, ensuring compliance and alignment with security standards. The following details are presented for each policy:

  • Policy name - The name of the policy, including its NIST security level and bits of security.
  • Signature algorithm - The cryptographic algorithm used for digital signatures within the policy.
  • Hash algorithm - The hashing algorithm specified by the policy.
  • Certificate count - The number of certificates currently associated with or following this policy.

Note

The NIST security level quantifies the strength of a cryptographic algorithm or system, typically expressed in bits, indicating the estimated computational effort required to break it.

Policy template settings

Signature Algorithm Hash Algorithm NIST Security Level (Approx.) Policy Name
ECDSA_P256 SHA_256 Level 1 / 128-bit equivalent ECC Level 1 (128b)
ECDSA_P384 SHA_384 Level 3 / 192-bit equivalent ECC Level 3 (192b)
ECDSA_P521 SHA_512 Level 5 / 256-bit equivalent ECC Level 5 (256b)
RSA_PSS_2048 SHA_256 Below Level 1 / 112-bit equivalent RSA sub-Level 1 v1 (112b)
RSA_PSS_2048 SHA_384 Below Level 1 / 112-bit equivalent RSA sub-Level 1 v2 (112b)
RSA_PSS_2048 SHA_512 Below Level 1 / 112-bit equivalent RSA sub-Level 1 v3 (112b)
RSA_PSS_4096 SHA_256 Level 1 / 128-bit equivalent RSA Level 1 v1 (128b)
RSA_PSS_4096 SHA_384 Level 1 / 128-bit equivalent RSA Level 1 v2 (140b)
RSA_PSS_4096 SHA_512 Level 1 / 128-bit equivalent RSA Level 1 v3 (140b)

Configuration

The Configuration tab displays the foundational settings for your AQG Protect infrastructure. Here, you’ll find details about the parameters governing the Protect environment and the specific Root Certificate Authority (CA) certificate it’s configured to use:

  • Infrastructure Configuration - Displays the parameters that define how your AQG Protect infrastructure is set up.
  • CA Root Certificate - Shows the Root CA certificate that your Protect infrastructure is configured with.