Skip to content

Application Settings

Application settings overview

CYBERQUEST's Web Interface includes the administrative section needed for a visual configuration of your audit system. This is done under Settings > Application Settings. The administrator will be presented will a distinct section, listing all configurable components, some of them already being detailed in previous chapters.

Active Directory

A dedicated zone where details are to be completed in order CYBERQUEST to integrate with Active Directory.

This integration means that an Active Directory group can be granted access rights and the group users can authenticate in to CYBERQUEST using their AD credentials.

Alt Image

To see more information about Active Directory, please check the links below:

Adjusting your CYBERQUEST environment

Select Administration entry to access the instance administration page. Here you can change all entries that are explained in sections dedicated to CYBERQUEST configuration files.

The Administration service role is to check the status of data collections and raise alerts at the level of data sources when the data no longer reaches the processing server. It also checks the status of CYBERQUEST's component services and triggers alerts when operational issues arise.

Available configurations:

Alt Image

Alt Image

  • AdministrationService_dataPath - the path (on disk) where the online data resides.
  • AdministrationService_elasticClusterName - the name of the Online DataStorage cluster.
  • AdministrationService_elasticHostName - the host name (or IP) of the Online DataStorage machine.
  • AdministrationService_elasticPassword - the password of the Online DataStorage.
  • AdministrationService_elasticPath - the path (on disk) where Online DataStorage resides.
  • AdministrationService_ElasticSearchIsHttpsConnection - is https connection Online DataStorage.
  • AdministrationService_ElasticSearchIsUserAuth - is user authentication Online DataStorage.
  • AdministrationService_elasticUserName - the UserName of the Online DataStorage.
  • AdministrationService_logsPath - the path to the functional logs of CYBERQUEST.
  • AdministrationService_mqHeartBeatExchangeName - the name of the message queueing HeartBeat Exchange.
  • AdministrationService_mqHeartBeatQueueName - the path to the message queueing HeartBeat service. This service is responsible with the evaluation of queues load.
  • AdministrationService_mqHeartBeatQueueType - the message queueing HeartBeat type.
  • AdministrationService_mqHeartBeatRouting - the message queueing HeartBeat routing (if applies).
  • AdministrationService_mqHost - the host name (or IP) of the message queueing machine.
  • AdministrationService_mqPassword - the password of the message queueing machine.
  • AdministrationService_mqPort - port of the message queueing machine.
  • AdministrationService_mqUserName - the UserName of the message queueing machine.
  • AdministrationService_mqVhost - the virtual host name (or IP) of the message queueing macine.
  • AdministrationService_notificationApiURL - notification API URL

Adjusting Agents settings

Select Agents entry to change agents settings. Here you can change all entries that are related to Agents.

Alt Image

  • Agents_SettingsUrl - (for custom implementations) the address the agents are connecting to in order to receive settings. By default agents are receiving settings from the central processing server.

Adjusting Alert settings

Select Alert Settings entry to change Alert settings. Here you can change all entries that are related to Alert.

Alt Image

  • Alerts_Blacklisted_IPs - it enables / disables the Blacklisted_IPs alert
  • Alerts_Blacklisted_Users - it enables / disables the Blacklisted_Users alert

Adjusting Integrations settings

Select Integrations entry to change Integrations settings. Here you can change all entries that are related to Integrations.

Alt Image

  • Integrations_OpenVasHost - the host name (or IP) of the OpenVAS machine (the vulnerability scanner integrated in CYBERQUEST).
  • Integrations_OpenVasPassword - the password for the account that it is used to connect with OpenVAS.
  • Integrations_OpenVasUsername - the username for the account that it is used to connect with OpenVAS.

Adjusting Teams settings

Select Teams entry to change Teams settings. Here you can change all entries that are related to Teams.

Alt Image

  • Teams_TeamsHookURL - url hook for the teams account where CYBERQUEST can send messages

Adjusting Jira settings

Select Jira entry to change Jira settings. Here you can change all entries that are related to Jira.

Alt Image

  • Jira_JiraHookURL - url hook for the jira account where CYBERQUEST can send messages

Adjusting Slack settings

Select Slack entry to change Slack settings. Here you can change all entries that are related to Slack.

Alt Image

  • Slack_SlackHookURL - url hook for the slack account where CYBERQUEST can send messages

Adjusting Alert Templates settings

Select Alert Templates entry to change Alert Templates settings. Here you can change all entries that are related to Alert Templates.

Alt Image

  • Alert template creation page

  • For new alert template, the following fields are to be completed:

  • Name - the name of the new template

  • Alert section or event data that triggers the alert template

  • Text - details / explanation / etc.

    Alt Image

Adjusting Assets settings

Configuration page for assets. Assets are data source generators and the details are automatically filled in by CYBERQUEST when data is collected. Also, new assets can be manually defined or asset details modified in CYBERQUEST.

In Assets Settings, you will find the following graphs: the Asset Model, Operating System Types, which Version of the Operating System, the OS Build Number, Physical Memory (in GB), CPU Cores.

Alt Image

Alt Image

Also, in this page you will find a summary of the assets grouped by: ASSET LIST, PRINTERS, SERVICES, SCHEDULED JOBS, SOFTWARE

Alt Image

In the right page, you will see a drop-down list, from there you can grouped assets by:

Alt Image

1.In Asset List, are all the assets that are identified by CQ (Assets that have Last Error must be configured properly for the CQ module to get information about this asset). Here you have the option to Edit, Delete and View.

For viewing the asset informations you have to press Alt Image button, and the page will open:

Alt Image

If you expand Asset Details, Hardware Info, Extanded Info, you will see information about Operating System, Network, Hard Diisk

In the area designated as fields, you will have the opportunity to observe:

  • Installed software - which software is installed on the asset;
  • Services - the existing services on the asset;
  • Printers - printers associated with the asset;
  • Local users - who are the local users for the asset;
  • Local groups - who are the local groups for the asset;
  • Logical Disks - partition of a physical disk of the asset;
  • Network Adapters - network adapters for the asset;
  • Drivers - asset drivers;
  • Installed updates - the installed updates of the asset;
  • Scheduled Jobs - the scheduled jobs for the asset;

2.Printers - here are all the printers that are identified by CQ. You will see how many assets can be found on printers (e.g. the OneNote (Desktop) printer is found on 1 asset).

Alt Image

3.Services - here are all the services that are identified by CQ. You will see how many assets can be found on the service (e.g. the Windows Defender Antivirus Service is found on 4 assets).

Alt Image

4.Scheduled Jobs - here are all the scheduled jobs that are identified by CQ. You will see how many assets can be found on the scheduled job (e.g. the Configuration scheduled job is found on 6 assets).

Alt Image

5.Software - here are all the softwares that are identified by CQ. You will see how many assets can be found on software (e.g. the software Next Generation Software is found on 2 assets).

Alt Image

To see how to ADD a New Asset, please follow the link: How to ADD a New Asset

To see how to collect data on Active Directory Assets Information:How to collect data on Active Directory Assets Information

Adjusting Asset groups settings

Configuration page for the assets groups. From this page the asset group type can be assigned to an asset group.

Alt Image

Alt Image

Adjusting Asset Groups Types settings

Select Asset Groups Types entry to change Asset Groups Types settings. Here you can change all entries that are related to Asset Groups Types.

Alt Image

The configuration is done manually and New Asset Group Type screen contains the fields:

  • Name - the name of the asset group type
  • Description - description of the asset group type
  • Active / disabled switch

Alt Image

Customizing the Web Interface

Select Customize entry to access the instance customization page.

Alt Image

  • Company email disclaimer - disclaimer automatically inserted in emails sent by CYBERQUEST
  • Company logo - end user company logo that can be inserted in report sheets generated in CYBERQUEST
  • License server (by default, local server) - indicates the server that contains the CYBERQUEST license, in distributed instances. In All-In-One deployments the license resides on the local machine (127.0.0.1).
  • Number of login attempts before the user account is blocked - number of consecutive failed logins before a CYBERQUEST user is blocked (locked)
  • Login welcome message to be shown at logon - the message presented to CYBERQUEST users after user/password input.
  • Send to external link - for data forwarding

Adjusting data acquisition settings

Select DataAcquisition entry to change data acquisition settings. Here you can change all entries that are related to data aquisition.

Alt Image

  • DataAcquisition_bulk_size - Bulk size (in Bytes) to send to short term storage (Online DataStorage)

  • DataAcquisition_Cache_minim_free_space - in MB - Minimum space available on disk to write data, in case of throttleing

  • DataAcquisition_cache_path - Cache files location

  • DataAcquisition_CLEANUP_CRON - deprecated

  • DataAcquisition_collection_unique_keys - Unique event identifier based of fields enumerated, to identify one asset

  • DataAcquisition_debug_level - The debug level as:

    • 0 - FATAL ERROR, ERROR messages
    • 1 - WARNING messages
    • 2 - INFO messages
    • 3 - DEBUG message
  • DataAcquisition_ElasticSearchIsHttpsConnection - is https connection of Online DataStorage

  • DataAcquisition_ElasticSearchPassword - the password of Online DataStorage

  • DataAcquisition_ElasticSearchUseAuthentication - use authentication Online DataStorage

  • DataAcquisition_ElasticSearchUsername - Username of Online DataStorage

  • DataAcquisition_ELPusherThreadNo - number of threads to push data to short term storage (Online DataStorage)

  • DataAcquisition_EL_minim_free_space - in MB - Minimum space available on disk used by short term storage (Online DataStorage), in case of throtteling

  • DataAcquisition_EL_Port - short term storage (Online DataStorage) port

  • DataAcquisition_el_shards - template number of shards for short term storage

  • DataAcquisition_el_shards_replica - replica template number of shards for short term storage

  • DataAcquisition_EL_Url - short term storage (Online DataStorage) address

  • DataAcquisition_FieldAutoSuggest - the FieldAutoSuggest as:

    • 0 - has no autocomplete suggestion for a field
    • 1 - has autocomplete suggestion only on User, Computer and SrcIP
    • 2 - has autocomplete suggestion on all fields except S (1..150) and Subobjects

    After changing any settings, you must restart the DataAcquisition service.

  • DataAcquisition_GetterThreadNo - number of threads to read from incoming events queue

  • DataAcquisition_LIC_PATH - the license file path on server

  • DataAcquisition_LoadDatabase - whether load database stored in sql folder

  • DataAcquisition_maxmindb_path - the server path for "maxmin" database

  • DataAcquisition_no_of_threads - maximum number of threads. This field auto-fills

  • DataAcquisition_ParserThreadNo - the number of threads to parse data

  • DataAcquisition_RedisServerPORT - the memory based storage port

  • DataAcquisition_RedisServerURL - the memory based storage address

  • DataAcquisition_ResyncCache - resync cache if used in default parsers, it will be reseted to 0 after setting it to 1

  • DataAcquisition_RMQPusherThreadNo - specifies the number of threads used to push data to queue service

  • DataAcquisition_RMQUseSSL - use secure sockets layer (SSL) - for secure traffic encryption

  • DataAcquisition_RMQ_host - the messaging queue server. In distributed architectures, it may differ from the default database server

  • DataAcquisition_RMQ_password - user password for queuing services

  • DataAcquisition_RMQ_port - port for queuing services

  • DataAcquisition_RMQ_queue - the messaging queue name for queuing services

  • DataAcquisition_RMQ_username - the administrative username for queuing services

  • DataAcquisition_run_collection_servers - indicates true/false flag for cluster type deployments

  • DataAcquisition_sendRawData - whether to send raw data to short-term storage (Online DataStorage)

  • DataAcquisition_ServiceDebugLevel - it can have the following values: 0-FATAL ERROR, 1-WARNING, 2-INFO, 3-DEBUG

  • DataAcquisition_supressRawData - indicates whether delete raw data to send to long term storage (datastorage)

  • DataAcquisition_throttle_queue - the number of events stored in the message queue at wich it will stop send events. All events will be cached localy

  • DataAcquisition_UseDefaultParsers - whether use internal defined parsers for all events

  • DataAcquisition_use_http_ES_DA_client - whether use http transport for short term storage (Elasticsearch), if false transport will be used by other means via queue service (fanout)

  • DataAcquisition_validateDataForEL - verify if data is valid for Elasticsearch

  • DataAcquisition_writeEventPath - the path to send the event in CYBERQUEST sistem to short term storage (Online DataStorage)

Adjusting data correlation settings

Select DataCorrelation entry to change data correlation settings. Here you can change all entries that are related to data correlation.

Alt Image

  • DataCorrelation_AplicationGUID - This is the Server global unique ID , is represented by 32 lowercase/uppercase hexadecimal digits, displayed in five groups separated by hyphens, in the form 8-4-4-4-12 for a total of 36 characters;
  • DataCorrelation_cache_path - Cache files location
  • DataCorrelation_DebugLevel - The debug level as
    • 0 - FATAL ERROR, ERROR messages
    • 1 - WARNING messages
    • 2 - INFO messages
    • 3 - DEBUG messages
  • DataCorrelation_ElasticSearchIsHttpsConnection - https connection Online DataStorage
  • DataCorrelation_EL_Port - Short term storage (Online DataStorage) port
  • DataCorrelation_ElasticSearchPassword - password Online DataStorage
  • DataCorrelation_ElasticSearchUseAuthentication - use authentication Online DataStorage
  • DataCorrelation_ElasticSearchUsername - Username Online DataStorage
  • DataCorrelation_EL_Port - short term storage (Online DataStorage) port
  • DataCorrelation_EL_Url - Short term storage (Online DataStorage) address
  • DataCorrelation_PercolatorNumberOfContainers - Number of containers to be used to percolate
  • DataCorrelation_PercolatorThreadPoolSize - Threadpool for percolator
  • DataCorrelation_RedisServerPORT - Memory based storage port
  • DataCorrelation_RedisServerURL - Memory based storage address
  • DataCorrelation_restart - Restarts DataCorrelation service
  • DataCorrelation_RMQueueAddress - messaging queue server. In distributed architectures, it may differ from the default database server
  • DataCorrelation_RMQueueName - the messaging queue name for queuing services
  • DataCorrelation_RMQueuePassword - user password for queuing services
  • DataCorrelation_RMQueuePort - port for queuing services
  • DataCorrelation_RMQueueUserName - username for queuing services
  • DataCorrelation_RMQUseSSL - use secure sockets layer (SSL) - for secure traffic encryption
  • DataCorrelation_throttle_queue - throttle value

Adjusting data storage settings

Select DataStorage entry to change data storage settings. Here you can change all entries that are related to data storage.

Alt Image

  • DataStorage_elasticClusterName - the Online DataStorage cluster name
  • DataStorage_elasticHostName - the Online DataStoragehost name
  • DataStorage_elasticPassword - password of Online DataStorage
  • DataStorage_ElasticSearchIsHttpsConnection - is https connection Online DataStorage
  • DataStorage_ElasticSearchIsUserAuth - is user authentication Online DataStorage
  • DataStorage_elasticUserName - UserName of Online DataStorage
  • DataStorage_encryptionPrivateKeyFilePath - the file path for defined private key
  • DataStorage_encryptionPrivateKeyPassword - the password for defined private key
  • DataStorage_encryptionPrivateKeyPasswordPath - the file path for defined private key password
  • DataStorage_encryptionPublicKeyFilePath - the file path for defined public key
  • DataStorage_fileImportThreads - how many threads are used for import
  • DataStorage_fileWriterTimeout - the timeout interval for the event writer
  • DataStorage_maxEventsPerFile - the maximum number of events allowed per stored file
  • DataStorage_mqAlternateHost - the alternate host name to use if the current queue is dead
  • DataStorage_mqExchangeName - the exchange name used by MQ service
  • DataStorage_mqHost - the MQ service server. In distributed architectures, it may differ from the default CYBERQUEST server
  • DataStorage_mqPassword - user's password for MQ service
  • DataStorage_mqPort - the network communication port used by MQ service
  • DataStorage_mqQueueName - the MQ queue name
  • DataStorage_mqQueueType - the queue type
  • DataStorage_mqReceiveCommandExchangeName - the MQ Receive command exchange name
  • DataStorage_mqReceiveCommandQueueName - the MQ Receive command queue name
  • DataStorage_mqReceiveCommandQueueType - the MQ Receive command queue type
  • DataStorage_mqReceiveCommandRouting - the MQ Receive command routing path
  • DataStorage_mqReceiveExchangeName - the MQ Receive exchange name
  • DataStorage_mqReceiveQueueName - the MQ Receive queue name
  • DataStorage_mqReceiveQueueType - the MQ Receive queue type
  • DataStorage_mqReceiveRouting - the MQ Receive routing key
  • DataStorage_mqRouting - the routing path for message queues
  • DataStorage_mqSendExchangeName - the MQ Send exchange name
  • DataStorage_mqSendQueueName - the MQ Send queue name
  • DataStorage_mqSendQueueType - the MQ Send queue type
  • DataStorage_mqSendRouting - the MQ Send routing path
  • DataStorage_mqUserName - the administrative username for MQ service access
  • DataStorage_mqVhost - the MQ service virtual server. In distributed architectures, it may differ from the default CYBERQUEST server
  • DataStorage_mqVHost - the MQ service virtual server. In distributed architectures, it may differ from the default CYBERQUEST server

Adjusting ElasticSearch settings

Select ElasticSearch entry to change NoSQL settings. Here you can change all entries that are related to Online DataStorage nodes and engine.

Alt Image

  • AdministrationService_ElasticSearchIsHttpsConnection - is https connection of Online DataStorage
  • AdministrationService_ElasticSearchIsUserAuth - is user authentication Online DataStorage
  • DataAcquisition_ElasticSearchIsHttpsConnection - is https connection of Online DataStorage
  • DataAcquisition_ElasticSearchPassword - the password of Online DataStorage
  • DataAcquisition_ElasticSearchUseAuthentication - use authentication for Online DataStorage
  • DataAcquisition_ElasticSearchUsername - Username of Online DataStorage
  • DataCorrelation_ElasticSearchIsHttpsConnection - https connection Online DataStorage
  • DataCorrelation_ElasticSearchPassword - password Online DataStorage
  • DataCorrelation_ElasticSearchUseAuthentication - use authentication Online DataStorage
  • DataCorrelation_ElasticSearchUsername - Username Online DataStorage
  • DataStorage_ElasticSearchIsHttpsConnection - is https connection of Online DataStorage
  • DataStorage_ElasticSearchIsUserAuth - is user authentication Online DataStorage
  • ElasticSearchIsHttpsConnection - Online DataStorage is Https Connection
  • ElasticSearchPassword - Online DataStorage password
  • ElasticSearchPort - Online DataStorage port
  • ElasticSearchServer - Online DataStorage server
  • ElasticSearchUseAuthentication - Online DataStorage use authentication
  • ElasticSearchUsername - username Online DataStorage

Adjusting email settings

Select Email entry to change email settings for CYBERQUEST. Here you can change all entries that are related to email sending by CYBERQUEST.

Alt Image

Adjusting remote cluster settings

Select Remote Cluster entry to federated search in several instances.

Adjusting reports export settings

Select ReportsExport entry to change export setting for your reports. Here you can change all entries that are related to exporting reports.

Alt Image

Adjusting retention time

Select RetentionPeriod entry to change the retention period of stored data. Here you can change all entries that are related to retention.

Alt Image

RetentionPeriodAN: Retention time for data in data analyzer - deprecated;

RetentionPeriodArchive: Retention Period for unarchived data, using the Archives option in jobs.

To see how to import data from archive, please follow the link: How to import data from archive

RetentionPeriodEL: Online repository, and online data retention policy applies (Online DataStorage);

RetentionPeriodSelfAdjust: You can choose between 1 (ON) and 0 (OFF). If you choose value 1, the period of data retention in the online database (Elasticsearch) will be automatically adjusted according to the allocated storage space. If you choose the value 0, the period in the RetentionPeriodEL field will not change, and CYBERQUEST will collect data until disk is full. When disk is full, the system will no longer collect new data.

Adjusting DataForwarder settings

Select DataForwarder entry to forward events to a syslog server. Here you can change all entries that are related to DataForwarder:

Alt Image

  • DataForwarder_cache_path - Cache files location
  • DataForwarder_forwardCEF - forward in format CEF (Common Event Format)
  • DataForwarder_forwardCEF_host - host name (or IP) to forward to
  • DataForwarder_forwardCEF_port - forward CEF port
  • DataForwarder_forwardCEF_protocol - forward CEF protocol
  • DataForwarder_forwardLEEF - forward in forma LEEF (Log Event Extended Format)
  • DataForwarder_forwardLEEF_host - host name (or IP) to forward to
  • DataForwarder_forwardLEEF_port - forward LEEF port
  • DataForwarder_forwardLEEF_protocol - forward LEEF protocol
  • DataForwarder_forwardRMQ - to forward the event to another CQ server
  • DataForwarder_forwardRMQ_host - the messaging queue server. In distributed architectures, it may differ from the default database server
  • DataForwarder_forwardRMQ_password - user password for queuing services
  • DataForwarder_forwardRMQ_port - forward RMQ port
  • DataForwarder_forwardRMQ_queue - the messaging queue name for queuing services
  • DataForwarder_forwardRMQ_username - the administrative username for queuing services
  • DataForwarder_forwardSyslog - forward syslog
  • DataForwarder_forwardSyslog_host - the forward syslog server. In distributed architectures, it may differ from the default database server
  • DataForwarder_forwardSyslog_port - forward syslog port
  • DataForwarder_forwardSyslog_protocol - forward syslog protocol
  • DataForwarder_forwardTCPSyslog - TCP syslog
  • DataForwarder_forwardTCPSyslog_host - TCP syslog host
  • DataForwarder_forwardTCPSyslog_port - TCP syslog port
  • DataForwarder_GetterThreadNo - the number of threads to read from incoming events queue
  • DataForwarder_ServiceDebugLevel - It can have the following values: 0-FATAL ERROR, 1-WARNING, 2-INFO, 3-DEBUG
  • DataForwarder_source_RMQ_host - the messaging queue server. In distributed architectures, it may differ from the default database server
  • DataForwarder_source_RMQ_password - user password for queuing services
  • DataForwarder_source_RMQ_port - port for queuing services
  • DataForwarder_source_RMQ_queue - the messaging queue name for queuing services
  • DataForwarder_source_RMQ_username - the administrative username for queuing services
  • DataForwarder_throttle_queue - the number of events stored in the message queue at wich it will stop send events. All events will be cached localy
  • DataForwarder_UseDefaultParsers - whether use internal defined parsers for all events

To see more information about DataForwarder, please access the link: How to forward syslog data

Adjusting AlertForwarding settings

Select AlertForwarding entry to forward alerts to a syslog server. Here you can change all entries that are related to AlertForwarding.

Alt Image

  • AlertForwarding_AlertForwardingEnable - enable altert forwarding
  • AlertForwarding_ForwardingSecurityLevel - security level of alert forwarding
  • AlertForwarding_ForwardingSecurityScore - security score of alert forwarding
  • AlertForwarding_forwardSyslog - forward syslog
  • AlertForwarding_forwardSyslog_host - forward syslog host
  • AlertForwarding_forwardSyslog_port - forward syslog port

To see more informations about AlertForwarding, please access the link: How to forward alerts to another host

Adjusting Tenants settings

Select Tenants entry to change Tenants settings. Here you can change all entries that are related to Tenants.

Alt Image