When troubleshooting issues with SIEM devices, Technical Support might require remote access to the device. Remote access is typically provided using a tool such as GoToAssist, or Cisco WebEx. For more challenging issues when lower-level access to the device is needed, Technical Support might use the call home feature.

This article provides a brief description of the call home feature. Included is an explanation of what it does, when to use it, and how it is used.
 
When this connection is made, the SIEM creates a local tunnel adapter that picks up an IP address in the 172.x.x.x range. This virtual network adapter is visible from the command-line tool ifconfig and the physical Ethernet devices. Because the call home connection uses VPN and encryption, it is secure from tampering. 

NOTE: The call home feature allows Technical Support to connect remotely, but it does not provide a logon or password. The NGCP account must be reset to a common password, or you must provide your root password to the Technical Support agent.

When the call home is established, and a logon is provided, Technical Support or Engineering SSH to the command line through the GUI. Once the connection is established, they troubleshoot the product. No further customer assistance or interaction is needed at that point. When a call home is requested, Technical Support can provide details of what type of access is needed. They then obtain permission from you to allow remote troubleshooting with or without your presence. 

NOTE: In either circumstance, no troubleshooting that affects the up time or service of the SIEM device is performed without your explicit permission.

When is a call home used?
Technical Support requests a call home when other troubleshooting efforts have been exhausted.

When is a call home not used?
Most Technical Support calls do not require this level of assistance, and so a call home is not needed. Instead, GoToAssist and WebEx are commonly used to perform remote troubleshooting.

How do I open a call home?
When requested to do so by Technical Support, perform the following steps to initiate a call home via the graphical user interface:

1. Click System Properties, ESM Management, Maintenance.
2. Click Connect, and then provide the IP address that is displayed to your Technical Support representative.
3. After the call home is enabled, provide the NGCP or root user details to your Technical Support representative.

If the graphical user interface is not accessible:

1. Log on to the ESM via SSH.
2. Type the following command:
   
   SetCallHome yes
    
3. Provide the call home IP address displayed in the output of the command to your Technical Support representative.
4. After the call home IP is enabled, provide the NGCP or root user details to your Technical Support representative.
5. Add the devsupport.nitrosecurity.com URL to the allow list of the firewall. Make sure that the URL is accessible from the ESM.

You can disable the CallHome feature by setting the command with a negative statement:  SetCallHome no
NOTE: Although a call home can be opened from any SIEM device, Technical Support recommends that you create the connection on the ESM. Connecting from the ESM first allows Technical Support to more easily access the other appliances.