Application settings overview
CYBERQUEST's Web Interface includes the administrative section needed for a visual configuration of your audit system. This is done under Settings > Application Settings. The administrator will be presented will a distinct section, listing all configurable components, some of them already being detailed in previous chapters.
A dedicated zone where details are to be completed in order CYBERQUEST to integrate with Active Directory.
This integration means that an Active Directory group can be granted access rights and the group users can authenticate in to CYBERQUEST using their AD credentials.
To see more information about Active Directory, please check the links below:
- How to collect data on Active Directory
- How to connect to Active Directory
- AD information needed to read AD objects
Adjusting your CYBERQUEST environment
Select Administration entry to access the instance administration page. Here you can change all entries that are explained in sections dedicated to CYBERQUEST configuration files.
The Administration service role is to check the status of data collections and raise alerts at the level of data sources when the data no longer reaches the processing server. It also checks the status of CYBERQUEST's component services and triggers alerts when operational issues arise.
- AdministrationService_dataPath - the path (on disk) where the online data resides.
- AdministrationService_elasticClusterName - the name of the Elasticsearch cluster.
- AdministrationService_elasticHostName - the host name (or IP) of the Elasticsearch machine.
- AdministrationService_elasticPath - the path (on disk) where Elasticsearch resides.
- AdministrationService_logsPath - the path to the functional logs of CYBERQUEST.
- AdministrationService_mqHeartBeatExchangeName - the name of the message queueing HeartBeat Exchange.
- AdministrationService_mqHeartBeatQueueName - the path to the message queueing HeartBeat service. This service is responsible with the evaluation of queues load.
- AdministrationService_mqHeartBeatQueueType - the message queueing HeartBeat type.
- AdministrationService_mqHeartBeatRouting - the message queueing HeartBeat routing (if applies).
- AdministrationService_mqHost - the host name (or IP) of the message queueing machine.
Adjusting Agents settings
Select Agents entry to change agents settings. Here you can change all entries that are related to Agents.
- Agents_SettingsUrl - (for custom implementations) the address the agents are connecting to in order to receive settings. By default agents are receiving settings from the central processing server.
Adjusting Alert settings
Select Alert Settings entry to change Alert settings. Here you can change all entries that are related to Alert.
- Alerts_Blacklisted_IPs - it enables / disables the Blacklisted_IPs alert
- Alerts_Blacklisted_Users - it enables / disables the Blacklisted_Users alert
Adjusting Integrations settings
Select Integrations entry to change Integrations settings. Here you can change all entries that are related to Integrations.
- Integrations_OpenVasHost - the host name (or IP) of the OpenVAS machine (the vulnerability scanner integrated in CYBERQUEST).
- Integrations_OpenVasPassword - the password for the account that it is used to connect with OpenVAS.
- Integrations_OpenVasUsername - the username for the account that it is used to connect with OpenVAS.
Adjusting Teams settings
Select Teams entry to change Teams settings. Here you can change all entries that are related to Teams.
- Teams_TeamsHookURL - url hook for the teams account where CYBERQUEST can send messages
Adjusting Jira settings
Select Jira entry to change Jira settings. Here you can change all entries that are related to Jira.
- Jira_JiraHookURL - url hook for the jira account where CYBERQUEST can send messages
Adjusting Slack settings
Select Slack entry to change Slack settings. Here you can change all entries that are related to Slack.
- Slack_SlackHookURL - url hook for the slack account where CYBERQUEST can send messages
Adjusting Alert Templates settings
Select Alert Templates entry to change Alert Templates settings. Here you can change all entries that are related to Alert Templates.
Alert template creation page
For new alert template, the following fields are to be completed:
Name - the name of the new template
Alert section or event data that triggers the alert template
Text - details / explanation / etc.
Adjusting Assets settings
Configuration page for assets. Assets are data source generators and the details are automatically filled in by CYBERQUEST when data is collected. Also, new assets can be manually defined or asset details modified in CYBERQUEST.
The asset configuring board has the following fields:
- Name - name of the asset. Can be predefined by CYBERQUEST or manually defined by user
- PrimaryHostName - the name of the machine that is identified as an asset by CYBERQUEST
- NatIP - if the asset is behind a NAT
- Tenant - the asset can be allocated to a specific tenant - for CYBERQUEST instances that are hosting multiple tenants
- Longitude - longitude details of the asset location
- Latitude - latitude details of the asset location
- Description - description of the asset
- Owner - owner of the asset
- Project - the project the asset is related to
- Application - the application the asset is related to
- Asset Time Skew Offset - time skew offset, in seconds, when asset time is different from the CYBERQUEST server time
- Asset groups - the groups the agent is bound to
- Agent - the collecting agent for the asset
Adjusting Asset groups settings
Configuration page for the assets groups. From this page the asset group type can be assigned to an asset group.
Adjusting Asset Groups Types settings
Select Asset Groups Types entry to change Asset Groups Types settings. Here you can change all entries that are related to Asset Groups Types.
The configuration is done manually and New Asset Group Type screen contains the fields:
- Name - the name of the asset group type
- Description - description of the asset group type
- Active / disabled switch
Customizing the Web Interface
Select Customize entry to access the instance customization page.
- Company email disclaimer - disclaimer automatically inserted in emails sent by CYBERQUEST
- Company logo - end user company logo that can be inserted in report sheets generated in CYBERQUEST
- License server (by default, local server) - indicates the server that contains the CYBERQUEST license, in distributed instances. In All-In-One deployments the license resides on the local machine (127.0.0.1).
- Number of login attempts before the user account is blocked - number of consecutive failed logins before a CYBERQUEST user is blocked (locked)
- Login welcome message to be shown at logon - the message presented to CYBERQUEST users after user/password input.
- Send to external link - for data forwarding
Adjusting data acquisition settings
Select DataAcquisition entry to change data acquisition settings. Here you can change all entries that are related to data aquisition.
- DataAcquisition_bulk_size - Bulk size (in Bytes) to send to short term storage (Elasticsearch)
- DataAcquisition_Cache_minim_free_space - in MB - Minimum space available on disk to write data, in case of throttleing
- DataAcquisition_cache_path - Cache files location
- DataAcquisition_CLEANUP_CRON - deprecated
- DataAcquisition_collection_unique_keys - Unique event identifier based of fields enumerated, to identify one asset
- DataAcquisition_debug_level - The debug level as:
- 0 - FATAL ERROR, ERROR messages
- 1 - WARNING messages
- 2 - INFO messages
- 3 - DEBUG messages
- DataAcquisition_ELPusherThreadNo - Number of threads to push data to short term storage (Elasticsearch)
- DataAcquisition_EL_minim_free_space - in MB - Minimum space available on disk used by short term storage (Elasticsearch), in case of throtteling
- DataAcquisition_EL_Port - Short term storage (Elasticsearch) port
- DataAcquisition_el_shards - Template number of shards for short term storage
Adjusting data correlation settings
Select DataCorrelation entry to change data correlation settings. Here you can change all entries that are related to data correlation.
- DataCorrelation_AplicationGUID - This is the Server global unique ID , is represented by 32 lowercase/uppercase hexadecimal digits, displayed in five groups separated by hyphens, in the form 8-4-4-4-12 for a total of 36 characters;
- DataCorrelation_cache_path - Cache files location
- DataCorrelation_DebugLevel - The debug level as
- 0 - FATAL ERROR, ERROR messages
- 1 - WARNING messages
- 2 - INFO messages
- 3 - DEBUG messages
- DataCorrelation_EL_Port - Short term storage (Elasticsearch) port
- DataCorrelation_EL_Url - Short term storage (Elasticsearch) address
- DataCorrelation_PercolatorNumberOfContainers - Number of containers to be used to percolate
- DataCorrelation_PercolatorThreadPoolSize - Threadpool for percolator
- DataCorrelation_RedisServerPORT - Memory based storage port
- DataCorrelation_RedisServerURL - Memory based storage address
- DataCorrelation_restart - Restarts DataCorrelation service
Adjusting data storage settings
Select DataStorage entry to change data storage settings. Here you can change all entries that are related to data storage.
Adjusting ElasticSearch settings
Select ElasticSearch entry to change NoSQL settings. Here you can change all entries that are related to ElasticSearch nodes and engine.
Adjusting email settings
Select Email entry to change email settings for CYBERQUEST. Here you can change all entries that are related to email sending by CYBERQUEST.
Adjusting reports export settings
Select ReportsExport entry to change export setting for your reports. Here you can change all entries that are related to exporting reports.
Adjusting retention time
Select RetentionPeriod entry to change the retention period of stored data. Here you can change all entries that are related to retention.
RetentionPeriodAN: Retention time for data in data analyzer - deprecated;
RetentionPeriodArchive: Retention Period for unarchived data, using the Archives option in jobs.
To see how to import data from archive, please follow the link: How to import data from archive
RetentionPeriodEL: Online repository, and online data retention policy applies (Elasticsearch);
RetentionPeriodSelfAdjust: You can choose between 1 (ON) and 0 (OFF). If you choose value 1, the period of data retention in the online database (ElasticSearch) will be automatically adjusted according to the allocated storage space. If you choose the value 0, the period in the RetentionPeriodEL field will not change, and CYBERQUEST will collect data until disk is full. When disk is full, the system will no longer collect new data.
Adjusting Tenants settings
Select Tenants entry to change Tenants settings. Here you can change all entries that are related to Tenants.