Enhancing access management (Analyzer)

In a

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

, a Security user can configure security features for services and account policies.

To configure the following security features for services, point to Administration > Security settings and click Services:

The Security user can enable or disable the following security features on the Analyzer's Administration > Security settings > Services page:

  • SNMP — When SNMP is enabled, you can configure the system the system as a managed network device that sends SNMP traps.
  • SSH access — When SSH access is enabled, an Administrator can switch SSH access to the system command-line interface on and off.

  • Configuration API access — When configuration API access is enabled, you can configure the Watchpoints and custom fields via the Configuration API in addition to the web interface.

    • Incident and error alerts — When incident and error alerts are enabled, you can configure the system to send alerts via email to recipients when certain events occur.
    • Automatic device update checks — When automatic device update checks are enabled, the system automatically checks for software releases. These releases might consist of critical code updates or a firmware version with new features.

  • The storage of raw site traffic data — When the data storage is enabled, the system stores data about individual hits, pages and sessions to support drilling down and export functionality in the Session Browser. 

    Note

    Enabling or disabling session data storage does not impact other features, such as reports, Watchpoint streaming, and bulk data export.

    Tip

    Disabling this feature might increase the system performance.

    Warning

    Disabling this feature prevents any further data from reaching the Session Browser and renders the data storage configuration irrelevant.

  • Launching URLs in a browser window from the Session browser — When the URL launch feature is enabled, users can launch URLs from monitored traffic displayed in the web interface of the system.

    • A prelogin message — When the prelogin message is enabled, the system displays a custom message on the logon page.
       To customize this message, click Edit on the Action menu for Pre-login message. Maximum length of the message is 1024 characters, HTML is not allowed.

    • Automatic page reload — When automatic page reload is enabled, some pages automatically reload themselves after a predefined interval. This function is useful if you want to monitor data in near-real time without manually refreshing the page repeatedly. 

      Note

      The automatic page-reload function might prevent inactive user sessions from timing out.

    • Change the timeout period for inactive sessions — Click Edit on the Action menu for Inactive session timeout period.
      • Minimum: 5 minutes
      • Maximum: 48 hours
  • Bulk data export — When bulk data export is enabled, external applications can use the system as a source for data mining, warehousing, and other integrations (via HTTPS interfaces).
  • Watchpoint streaming — When enabled, external applications can tap directly into the system data-processing engine to receive real-time data feeds.

  • Nonsecure data transfer — By default, URL-based data exports (whether for export APIs or for Watchpoint streaming) use a secure connection (HTTPS). When nonsecure data transfer is enabled, you can specify that the actual data delivery might use a nonsecure connection (HTTP) to achieve faster transfer rates with minimal impact on the system. 

    Note

    A request for nonsecure delivery is still required to perform authentication using a secure connection. The nonsecure data transfer flag is limited to allowing the actual delivery to be nonsecure.

To configure the following security features for account policies, point to Administration > Security settings and click Account policies:

  • Password change upon first logon — When this feature is enabled, the system forces new users to change their password upon first logon.
  • Strict password policy — When strict passwords are enabled, users are forced to change simple passwords upon logon.
  • Password expiration period — When a password expiration period is enabled, a Security user can specify the number of days that a password is valid (the default value is 30). When this feature is disabled, passwords never expire. To configure this feature, click Edit on the Action menu, and enter a value (in days).
  • LDAP authentication and authorization — The Security user can enable or disable either or both LDAP functions.
  • Account lockout — When account lockout is enabled, an account locks after the specified number of unsuccessful attempts to log on and unlocks after a specified period. The default lockout value is 5, and the default unlock value is 24 hours. To configure the default period (30 days), click Edit on the Action menu.

  • Entitlement groups — Entitlement groups give groups of users access to data from some Watchpoints but not others. When enabled, Observers who are associated with a particular Entitlement group only have access to data from Watchpoints also associated with that Entitlement group.

    • Concurrent logons — When enabled, multiple simultaneous logons under the same account are permitted. When disabled, only the most recent logon works. 

      Note

      Concurrent login settings only apply to interactive sessions (where users are logged on to the web interface). You can still have multiple simultaneous API calls (such as data export and configuration APIs) using the same account credentials.

    • Automatic logins prevention — When enabled, browser software will not persist usernames and password (auto-completion is not permitted on the login page).

Related topics

Enhancing-access-management-Collector
Configuring-access-policies-Console

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*