I have a couple of questions about the ATD solution as I'm in process of testing it out and was curious to see what people are actually doing out there for those with experience with it. I went through most of the videos on youtube from McAfee but still have a couple of questions.
1- Monitoring the different network links on the ATD box. Did you guys find anything that could be used to monitor the status of the different NICs? Since I'm using a link for management and a link for Malware, I'd be curious to see what could be done, since I'm not seeing anything from an SNMP side of things to monitor those. I basically would like to be alerted if any of the two links go down.
2- Malware DNS, what do you guys use as setting for the DNS for the malware port? I was thinking of possibly using 184.108.40.206, but I'm not sure if google might be blocking some of those malicious DNS entries automatically therefore prevent my ATD analysis to be complete.
3- When setting up your VM profile, do you guys use the activate feature from there? In the ATD 4.2 installation guide they mention to activate it prior to doing the Validation, which doesn't really makes sense to me, but right now the validate works fine for me, but the activation never works because x-mode doesn't seem to be working, I always get Failed to connect to server (code: 1006). I tried this in Chrome or Firefox following the different KBs for importing the certificate and adding the exception, it just wouldn't work for me.
4- I'd also be curious to know what you guys usually setup as the different types of VMs, do you see any point in creating server OS VMs? Maybe just for manual submissions? I'm wondering if going with just one type of VM of a workstation, say windows 7 x64 sp1 would be enough.
5- I'm also curious to know when do you know that you can't fit anymore VM on the ATD box? Is there a way to say how close we are to the limit?