ZeroLock Management Console: System Configuration
Overview of the System Configuration section found on the ZeroLock® Management Console
For ZeroLock Management Console versions before v4.2.x, please use this link.
Overview
From the dashboard, selecting System Configuration takes you to an access point for four (4) separate pages: Data Management, General, Integrations, and SSO.
Data Management
In this section, administrators configure the retention settings for:
- Backups
- Activity Data
- Alert Data
Backup file location: ~/zerolock-server/database/mariadb/zerolock-server-backup
- Enabled – If the box is white, a backup of the system configuration is enabled.
- Interval – When enabling system configuration backup, the drop-down menu is activated. The menu offers four (4) interval options: Hourly, Daily, Weekly, and Monthly.
- Retention Count – The number of system back-ups that will be retained. For example, entering ‘5’ will only keep the most recent 5 back-ups. On the 6th backup, the oldest backup will be deleted. If left blank, all back-ups will be retained.
- Next DateTime – This feature allows the scheduling of when the backups will begin. The format is mm/dd/yyyy and hh:mm (a|p)m.
- Descriptor – A description of the backup that will be included in its filename.
Selecting UPDATE confirms the edits/configuration.
********************
Activity Data Retention Config
The data is information on the activities occurring on an endpoint. It is reached by selecting an endpoint, then double-clicking anywhere along its row.
- Enabled – If the box is white, backup is enabled.
- Interval – Options are Hourly, Daily, Weekly, or Monthly.
- Next DateTime – The next scheduled backup.
- Retention Period – The time in months that the data is to be retained. The options are to keep the data for the:
- Last 6 months
- Last 3 months
- Last month
- Last Week
- Last Day
- Descriptor – This is included in the backup filename.
Selecting UPDATE confirms the edits/configuration.
********************
Alert Data Retention Config
The data is information on all alerts that have occurred on the endpoint(s). It is reached from the ALERTS page.
- Enabled – If the box is white, backup is enabled.
- Interval – On enabling retention of Activity Data, the drop-down menu is activated. The menu offers four (4) interval options: Hourly, Daily, Weekly, and Monthly.
- Next DateTime – This feature allows the scheduling of when the backups will begin. The format is mm/dd/yyyy and hh:mm (a|p)m.
- Retention Period – The time in months that the data is to be retained. The options are to keep for the:
- Last 6 months
- Last 3 months
- Last month
- Last Week
- Last Day
- Select Alert Type(s) – There are 8 options:
- Cryptojacking
- File Access
- Hash
- Network Access
- Program Execution
- Ransomware
- SSH-MFA
- Tampering
Note: If the Select Alert Type field is left blank, the system will automatically add all eight (8) types to be deleted.
Selecting UPDATE confirms the edits/configuration.
General (Settings)
This section contains 2 sections:
- Date/Time Display Preferences
- General
- Date/Time Display Preferences
- Format – how the date and time will display.
- Time Zone – the options are LOCAL or ZULU.
- Enable Shortening – if the checkbox is white, the timestamps displayed in some tables will switch to an “ago” format where the user is shown how much time has passed since the event occurred, rather than the timestamp of the event itself.
- For example, the Activity Log tracks every user’s activity and has a default time setting of yyyy-MM-dd HH:mm.
- However, if Enable Shortening is selected, only the number of seconds, minutes, or hours since the activity occurred is displayed.
- For example, the Activity Log tracks every user’s activity and has a default time setting of yyyy-MM-dd HH:mm.
-
General
- Require Email Validation – if the checkbox is white, it is enabled. Email validation is a method of determining whether an email address is reachable and valid. It also verifies whether a specific email address is associated with a reputable domain.
- UI Server Session Timeout – the options are 5, 15, or 30 minutes.
Integrations
This page enables administrators to configure the settings for:
- HTTP Transport
- VEEAM API

Email
This section is for configuring the ZMC to send alert emails.

- Enabled – if the checkbox is white, sending an email is enabled.
- SMTP Server – the name of the SMTP (Simple Mail Transfer Protocol) server.
- SMTP Port – the assigned port for SMTP.
- From Address – the email address sending the Alert.
- Disable Certificate Validation – when selected, the application will ignore TLS/TSS certificate validation errors, allowing connections to servers with self-signed, expired, or otherwise invalid certificates.
- Use Username – if the box is white, a username is required.
- Use Password – if the box is white, a password is required.
Selecting UPDATE confirms the edits/configuration.
********************
HTTP Transport
This section is for configuring the ZMC to send data securely. For example, to an out-of-network source for log management and analytics.
1. Enabled – If the checkbox is white, HTTP Transport ability is active.
2. Hostname – the name of the external server.
3. Port – the port being used. The default is 443 or, for demo instances, 8088.
4. Use TLS – When the checkbox is white, TLS is enabled.
5. Path – the path to the data being sent. By default, this will usually be /service-path.
6. AUTH Header – provides credentials that authenticate the user to the server.
7. Username – the user’s name.
8. Password – User’s password.
9. Proxy Server – the URL and port of the proxy server.
Example: 10.100.1.56: 3128
10. MS Workspace ID – the unique identifier for an Azure Log Analytics workspace.
11. MS Primary Key - a secure authentication token used to securely authenticate requests when pushing data into Azure.
12. Alerts Only – if checked, only alerts will be sent to the SIEM ( Security Information and Event Management) and not Activities.
13. Min Alert Severity Level – Low, Medium, or High.
********************
Veeam API
ZeroLock supports sending alert activity data to the Veeam API integration. This functionality enables Veeam to detect when an alert is generated and identify potentially affected VMs. This information can then be used to assess the validity of VM backups.
This section configures the communication between ZMC and the Veeam server.
- Enabled – When the box is checked, Veeam API integration is activated.
- Hostname – of the VEEAM server.
- Port – port used to communicate.
- Username – Name of the user who has the Incident API User role.
- Password – User’s password.
This is an example of the alert activity data sent to the VEEAM server.
_________________________________________________________________________________________________
SSO
The administrator uses the configuration values in this section to configure the ZeroLock Server application (ZeroLock Management Console) for your SSO IDP (Identity Provider). The entries below are for example only and will not be the same for each client/organization.
This consists of two (2) editable sections: Service Provider Config and Identity Provider Config.
Service Provider Config
- Entity ID– is a globally unique name for a SAML (Security Assertion Markup Language) entity, i.e., your Identity Provider (IdP) or Service Provider (SP).
- Reply URL – is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.
Identity Provider
- IDP Identifier – is the name of the identification provider. The IDP is a service that stores, creates, and manages digital identities. In other words, it offers user authentication- as-a-service.
- Login URL – the locator of a resource. This is used to locate the address of a resource on the Internet.
- Logout URL – sends a logout request to the OAuth provider to log out from the provider while logging out the user from the application.
- Certificate – represents that a certificate authority has verified that the web address belongs to the organization. If you have a certificate, you click Select File, which opens the file location of the certificate.
This completes the introduction to the System Configuration section of the ZeroLock® Management Console.