Skip to content
English
  • There are no suggestions because the search field is empty.

ZeroLock Management Console: System Configuration

Overview of the System Configuration section found on the ZeroLock® Management Console

For ZeroLock Management Console versions before v4.2.x, please use this link.

Overview

From the dashboard, selecting System Configuration takes you to an access point for four (4) separate pages:  Data Management, General, Integrations, and SSO.

Image_1_Side Banner_v4.2.4


Data Management

In this section, administrators configure the retention settings for:

  1. Backups
  2. Activity Data
  3. Alert Data

Image_2_Data Management Section_v4.2.4-1

Backup Config

Backup file location:  ~/zerolock-server/database/mariadb/zerolock-server-backup

Image_1_Backup File Location_v4.2.4  

Backup Config Settings_edit_v4.2.4_KB

  1. Enabled – If the box is white, a backup of the system configuration is enabled.
  2. Interval – When enabling system configuration backup, the drop-down menu is activated. The menu offers four (4) interval options: Hourly, Daily, Weekly, and Monthly.
  3. Retention Count – The number of system back-ups that will be retained. For example, entering ‘5’ will only keep the most recent 5 back-ups. On the 6th backup, the oldest backup will be deleted.   If left blank, all back-ups will be retained.
  4. Next DateTime – This feature allows the scheduling of when the backups will begin. The format is mm/dd/yyyy and hh:mm (a|p)m.
  5. Descriptor – A description of the backup that will be included in its filename.

    Selecting UPDATE confirms the edits/configuration.

    ********************

    Activity Data Retention Config

    The data is information on the activities occurring on an endpoint. It is reached by selecting an endpoint, then double-clicking anywhere along its row.

    Activity Data Retention Edit_v4.2.4_KB-1

    1. Enabled – If the box is white, backup is enabled.
    2. Interval – Options are Hourly, Daily, Weekly, or Monthly.
    3. Next DateTime – The next scheduled backup.
    4. Retention Period – The time in months that the data is to be retained. The options are to keep the data for the:
      1. Last 6 months
      2. Last 3 months
      3. Last month
      4. Last Week
      5. Last Day

    5. Descriptor – This is included in the backup filename.

    Selecting UPDATE confirms the edits/configuration.

    ********************

    Alert Data Retention Config

    The data is information on all alerts that have occurred on the endpoint(s). It is reached from the ALERTS page. 

    Image_7_Alert Data retention Dropdown_v4.2.4_KB

    1. Enabled – If the box is white, backup is enabled.
    2. Interval – On enabling retention of Activity Data, the drop-down menu is activated. The menu offers four (4) interval options: Hourly, Daily, Weekly, and Monthly.
    3. Next DateTime – This feature allows the scheduling of when the backups will begin. The format is mm/dd/yyyy and hh:mm (a|p)m.
    4. Retention Period – The time in months that the data is to be retained. The options are to keep for the:
      1. Last 6 months
      2. Last 3 months
      3. Last month
      4. Last Week
      5. Last Day

    5. Select Alert Type(s) – There are 8 options:
      1. Cryptojacking
      2. File Access
      3. Hash
      4. Network Access
      5. Program Execution
      6. Ransomware
      7. SSH-MFA
      8. Tampering

    Note: If the Select Alert Type field is left blank, the system will automatically add all eight (8) types to be deleted.

    Selecting UPDATE confirms the edits/configuration.

     


    General (Settings)

    This section contains 2 sections:

    1. Date/Time Display Preferences
    2. General

    Image_1_General Settings_v4.2.4

    1. Date/Time Display Preferences
      • Format – how the date and time will display.
      • Time Zone – the options are LOCAL or ZULU.
      • Enable Shortening – if the checkbox is white, the timestamps displayed in some tables will switch to an “ago” format where the user is shown how much time has passed since the event occurred, rather than the timestamp of the event itself.
        • For example, the Activity Log tracks every user’s activity and has a default time setting of yyyy-MM-dd HH:mm.Image_2_Activity Log_1_v4.2.4-1
        • However, if Enable Shortening is selected, only the number of seconds, minutes, or hours since the activity occurred is displayed.Image_2_Activity Log_Short enabled_v4.2.4

    2. General

      • Require Email Validation – if the checkbox is white, it is enabled.  Email validation is a method of determining whether an email address is reachable and valid. It also verifies whether a specific email address is associated with a reputable domain.
      • UI Server Session Timeout – the options are 5, 15, or 30 minutes.Image_General Section_v4.2.4

    Integrations

    This page enables administrators to configure the settings for:

    1. Email
    2. HTTP Transport
    3. VEEAM API
    Image_4_Integrations_v4.2.4-1

     


    Email

    This section is for configuring the ZMC to send alert emails. 

    Image_2_Email Settings_v4.2.4_KB_1-1
    1. Enabled – if the checkbox is white, sending an email is enabled.
    2. SMTP Server – the name of the SMTP (Simple Mail Transfer Protocol) server.
    3. SMTP Port – the assigned port for SMTP.
    4. From Address – the email address sending the Alert.
    5. Disable Certificate Validation – when selected, the application will ignore TLS/TSS certificate validation errors, allowing connections to servers with self-signed, expired, or otherwise invalid certificates.
    6. Use Username – if the box is white, a username is required.
    7. Use Password – if the box is white, a password is required. 

    Selecting UPDATE confirms the edits/configuration.

    ********************

    HTTP Transport
    This section is for configuring the ZMC to send data securely.  For example, to an out-of-network source for log management and analytics.
    Image_5_HTTP Transport_v4.2.4_KB

    1.    Enabled – If the checkbox is white, HTTP Transport ability is active.

    2.    Hostname – the name of the external server.

    3.    Port – the port being used. The default is 443 or, for demo instances, 8088.

    4.    Use TLS – When the checkbox is white, TLS is enabled.

    5.    Path – the path to the data being sent.  By default, this will usually be /service-path.

    6.    AUTH Header – provides credentials that authenticate the user to the server.

    7.    Username – the user’s name.

    8.    Password – User’s password.

    9.    Proxy Server – the URL and port of the proxy server.

    Example: 10.100.1.56: 3128

    10.    MS Workspace ID – the unique identifier for an Azure Log Analytics workspace.

    11.    MS Primary Key - a secure authentication token used to securely authenticate requests when pushing data into Azure.

    12.    Alerts Only – if checked, only alerts will be sent to the SIEM ( Security Information and Event Management) and not Activities.

    13.    Min Alert Severity Level – Low, Medium, or High.

    ********************

    Veeam API

    ZeroLock supports sending alert activity data to the Veeam API integration. This functionality enables Veeam to detect when an alert is generated and identify potentially affected VMs. This information can then be used to assess the validity of VM backups.

    This section configures the communication between ZMC and the Veeam server.

    Image_6_VEEAM API_v4.2.4_KB

    1. Enabled – When the box is checked, Veeam API integration is activated.
    2. Hostname – of the VEEAM server.
    3. Port – port used to communicate.
    4. Username – Name of the user who has the Incident API User role.
    5. Password – User’s password.

    This is an example of the alert activity data sent to the VEEAM server.

    Image_7_Data to VEEAM Server Image_v4.2.4

    _________________________________________________________________________________________________

    SSO

    The administrator uses the configuration values in this section to configure the ZeroLock Server application (ZeroLock Management Console) for your SSO IDP (Identity Provider).  The entries below are for example only and will not be the same for each client/organization.

    This consists of two (2) editable sections: Service Provider Config and Identity Provider Config.

    Service Provider Config
    Image_1_Service Provider_v4.2.4_KB
    1. Entity ID– is a globally unique name for a SAML (Security Assertion Markup Language) entity, i.e., your Identity Provider (IdP) or Service Provider (SP).
    2. Reply URL – is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.

    Identity Provider

    Image_2_Identity Provider_v4.2.4_KB

      1. IDP Identifier – is the name of the identification provider. The IDP is a service that stores, creates, and manages digital identities. In other words, it offers user authentication- as-a-service.
      2. Login URL – the locator of a resource. This is used to locate the address of a resource on the Internet.
      3. Logout URL – sends a logout request to the OAuth provider to log out from the provider while logging out the user from the application.
      4. Certificate – represents that a certificate authority has verified that the web address belongs to the organization. If you have a certificate, you click Select File, which opens the file location of the certificate.Image_3_Identity Provider Edit_v4.2.4

      This completes the introduction to the System Configuration section of the ZeroLock® Management Console.