Skip to content

Application Settings

Application settings overview

CYBERQUEST's Web Interface includes the administrative section needed for a visual configuration of your audit system. This is done under Settings > Application Settings. The administrator will be presented will a distinct section, listing all configurable components, some of them already being detailed in previous chapters.

Active Directory

A dedicated zone where details are to be completed in order CYBERQUEST to integrate with Active Directory.

This integration means that an Active Directory group can be granted access rights and the group users can authenticate in to CYBERQUEST using their AD credentials.

Alt Image

To see more information about Active Directory, please check the links below:

Adjusting your CYBERQUEST environment

Select Administration entry to access the instance administration page. Here you can change all entries that are explained in sections dedicated to CYBERQUEST configuration files.

The Administration service role is to check the status of data collections and raise alerts at the level of data sources when the data no longer reaches the processing server. It also checks the status of CYBERQUEST's component services and triggers alerts when operational issues arise.

Available configurations:

Alt Image

  • AdministrationService_dataPath - the path (on disk) where the online data resides.
  • AdministrationService_elasticClusterName - the name of the Elasticsearch cluster.
  • AdministrationService_elasticHostName - the host name (or IP) of the Elasticsearch machine.
  • AdministrationService_elasticPath - the path (on disk) where Elasticsearch resides.
  • AdministrationService_logsPath - the path to the functional logs of CYBERQUEST.
  • AdministrationService_mqHeartBeatExchangeName - the name of the message queueing HeartBeat Exchange.
  • AdministrationService_mqHeartBeatQueueName - the path to the message queueing HeartBeat service. This service is responsible with the evaluation of queues load.
  • AdministrationService_mqHeartBeatQueueType - the message queueing HeartBeat type.
  • AdministrationService_mqHeartBeatRouting - the message queueing HeartBeat routing (if applies).
  • AdministrationService_mqHost - the host name (or IP) of the message queueing machine.

Adjusting Agents settings

Select Agents entry to change agents settings. Here you can change all entries that are related to Agents.

Alt Image

  • Agents_SettingsUrl - (for custom implementations) the address the agents are connecting to in order to receive settings. By default agents are receiving settings from the central processing server.

Adjusting Alert settings

Select Alert Settings entry to change Alert settings. Here you can change all entries that are related to Alert.

Alt Image

  • Alerts_Blacklisted_IPs - it enables / disables the Blacklisted_IPs alert
  • Alerts_Blacklisted_Users - it enables / disables the Blacklisted_Users alert

Adjusting Integrations settings

Select Integrations entry to change Integrations settings. Here you can change all entries that are related to Integrations.

Alt Image

  • Integrations_OpenVasHost - the host name (or IP) of the OpenVAS machine (the vulnerability scanner integrated in CYBERQUEST).
  • Integrations_OpenVasPassword - the password for the account that it is used to connect with OpenVAS.
  • Integrations_OpenVasUsername - the username for the account that it is used to connect with OpenVAS.

Adjusting Teams settings

Select Teams entry to change Teams settings. Here you can change all entries that are related to Teams.

Alt Image

  • Teams_TeamsHookURL - url hook for the teams account where CYBERQUEST can send messages

Adjusting Jira settings

Select Jira entry to change Jira settings. Here you can change all entries that are related to Jira.

Alt Image

  • Jira_JiraHookURL - url hook for the jira account where CYBERQUEST can send messages

Adjusting Slack settings

Select Slack entry to change Slack settings. Here you can change all entries that are related to Slack.

Alt Image

  • Slack_SlackHookURL - url hook for the slack account where CYBERQUEST can send messages

Adjusting Alert Templates settings

Select Alert Templates entry to change Alert Templates settings. Here you can change all entries that are related to Alert Templates.

Alt Image

  • Alert template creation page

  • For new alert template, the following fields are to be completed:

  • Name - the name of the new template

  • Alert section or event data that triggers the alert template

  • Text - details / explanation / etc.

    Alt Image

Adjusting Assets settings

Configuration page for assets. Assets are data source generators and the details are automatically filled in by CYBERQUEST when data is collected. Also, new assets can be manually defined or asset details modified in CYBERQUEST.

Alt Image

The asset configuring board has the following fields:

  • Name - name of the asset. Can be predefined by CYBERQUEST or manually defined by user
  • PrimaryHostName - the name of the machine that is identified as an asset by CYBERQUEST
  • FQDN
  • NatIP - if the asset is behind a NAT
  • Tenant - the asset can be allocated to a specific tenant - for CYBERQUEST instances that are hosting multiple tenants
  • HostNames
  • IPs
  • Longitude - longitude details of the asset location
  • Latitude - latitude details of the asset location
  • Description - description of the asset
  • Owner - owner of the asset
  • Project - the project the asset is related to
  • Application - the application the asset is related to
  • Asset Time Skew Offset - time skew offset, in seconds, when asset time is different from the CYBERQUEST server time
  • Asset groups - the groups the agent is bound to
  • Agent - the collecting agent for the asset

Adjusting Asset groups settings

Configuration page for the assets groups. From this page the asset group type can be assigned to an asset group.

Alt Image

Alt Image

Adjusting Asset Groups Types settings

Select Asset Groups Types entry to change Asset Groups Types settings. Here you can change all entries that are related to Asset Groups Types.

Alt Image

The configuration is done manually and New Asset Group Type screen contains the fields:

  • Name - the name of the asset group type
  • Description - description of the asset group type
  • Active / disabled switch

Alt Image

Customizing the Web Interface

Select Customize entry to access the instance customization page.

Alt Image

  • Company email disclaimer - disclaimer automatically inserted in emails sent by CYBERQUEST
  • Company logo - end user company logo that can be inserted in report sheets generated in CYBERQUEST
  • License server (by default, local server) - indicates the server that contains the CYBERQUEST license, in distributed instances. In All-In-One deployments the license resides on the local machine (127.0.0.1).
  • Number of login attempts before the user account is blocked - number of consecutive failed logins before a CYBERQUEST user is blocked (locked)
  • Login welcome message to be shown at logon - the message presented to CYBERQUEST users after user/password input.
  • Send to external link - for data forwarding

Adjusting data acquisition settings

Select DataAcquisition entry to change data acquisition settings. Here you can change all entries that are related to data aquisition.

Alt Image

  • DataAcquisition_bulk_size - Bulk size (in Bytes) to send to short term storage (Elasticsearch)
  • DataAcquisition_Cache_minim_free_space - in MB - Minimum space available on disk to write data, in case of throttleing
  • DataAcquisition_cache_path - Cache files location
  • DataAcquisition_CLEANUP_CRON - deprecated
  • DataAcquisition_collection_unique_keys - Unique event identifier based of fields enumerated, to identify one asset
  • DataAcquisition_debug_level - The debug level as:
    • 0 - FATAL ERROR, ERROR messages
    • 1 - WARNING messages
    • 2 - INFO messages
    • 3 - DEBUG messages
  • DataAcquisition_ELPusherThreadNo - Number of threads to push data to short term storage (Elasticsearch)
  • DataAcquisition_EL_minim_free_space - in MB - Minimum space available on disk used by short term storage (Elasticsearch), in case of throtteling
  • DataAcquisition_EL_Port - Short term storage (Elasticsearch) port
  • DataAcquisition_el_shards - Template number of shards for short term storage

Adjusting data correlation settings

Select DataCorrelation entry to change data correlation settings. Here you can change all entries that are related to data correlation.

Alt Image

  • DataCorrelation_AplicationGUID - This is the Server global unique ID , is represented by 32 lowercase/uppercase hexadecimal digits, displayed in five groups separated by hyphens, in the form 8-4-4-4-12 for a total of 36 characters;
  • DataCorrelation_cache_path - Cache files location
  • DataCorrelation_DebugLevel - The debug level as
    • 0 - FATAL ERROR, ERROR messages
    • 1 - WARNING messages
    • 2 - INFO messages
    • 3 - DEBUG messages
  • DataCorrelation_EL_Port - Short term storage (Elasticsearch) port
  • DataCorrelation_EL_Url - Short term storage (Elasticsearch) address
  • DataCorrelation_PercolatorNumberOfContainers - Number of containers to be used to percolate
  • DataCorrelation_PercolatorThreadPoolSize - Threadpool for percolator
  • DataCorrelation_RedisServerPORT - Memory based storage port
  • DataCorrelation_RedisServerURL - Memory based storage address
  • DataCorrelation_restart - Restarts DataCorrelation service

Adjusting data storage settings

Select DataStorage entry to change data storage settings. Here you can change all entries that are related to data storage.

Alt Image

Adjusting ElasticSearch settings

Select ElasticSearch entry to change NoSQL settings. Here you can change all entries that are related to ElasticSearch nodes and engine.

Alt Image

Adjusting email settings

Select Email entry to change email settings for CYBERQUEST. Here you can change all entries that are related to email sending by CYBERQUEST.

Alt Image

Adjusting reports export settings

Select ReportsExport entry to change export setting for your reports. Here you can change all entries that are related to exporting reports.

Alt Image

Adjusting retention time

Select RetentionPeriod entry to change the retention period of stored data. Here you can change all entries that are related to retention.

Alt Image

RetentionPeriodAN: Retention time for data in data analyzer - deprecated;

RetentionPeriodArchive: Retention Period for unarchived data, using the Archives option in jobs.

To see how to import data from archive, please follow the link: How to import data from archive

RetentionPeriodEL: Online repository, and online data retention policy applies (Elasticsearch);

RetentionPeriodSelfAdjust: You can choose between 1 (ON) and 0 (OFF). If you choose value 1, the period of data retention in the online database (ElasticSearch) will be automatically adjusted according to the allocated storage space. If you choose the value 0, the period in the RetentionPeriodEL field will not change, and CYBERQUEST will collect data until disk is full. When disk is full, the system will no longer collect new data.

Adjusting Tenants settings

Select Tenants entry to change Tenants settings. Here you can change all entries that are related to Tenants.

Alt Image