Security Settings

Download this manual as a PDF file

This section provides a map to some of the security features described in the Security Features section. If a security feature in the Security Features section includes a specific page or field in SL1, this section describes that page or field.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

Access Control

Description Click Path Page/Field Field Options

Password Expiration. Defines global expiration setting for user passwords. Specifies whether or not the passwords for user account will expire and if so, when the passwords will expire.

System > Settings > Behavior Behavior Settings / Password Expiration Disabled, 30 days, 60 days, 90 days, 180 days
Password Hash Method. Specifies how user passwords will be encrypted for storage in the Database Server. You can choose the hashing algorithm that works best for your enterprise. System > Settings > Behavior Behavior Settings / Password Hash Method MD5 (legacy), SHA-512 (FIPS 140-2 Compliant), Automatic (PHP Password API)
Password Minimum Length.
  • Specifies the minimum required number of characters for user passwords. The default value is "8". You can enter any value between 1 and 99. SL1 will enforce this minimum when an administrator creates a new user or edits a user's account properties and when a user changes his/her password.
  • System > Settings > Behavior Behavior Settings / Password Minimum Length 1 through 99 characters.
    Account Lockout Type. Defines global parameter for lockouts. If a user enters incorrect login information multiple times in a row, that user will be locked out of the system. In this field, you can select how the lockout will be applied. System > Settings > Behavior Behavior Settings / Account Lockout Type Lockout by IP address (default), Lockout by Username and IP address, Lockout by username, Disable
    Account Lockout Attempts. Defines global trigger for lockouts. Specifies the number of times a user can enter incorrect login information before the lockout occurs. System > Settings > Behavior Behavior Settings / Account Lockout Attempts 1 through 10 attempts
    Account Lockout Duration. Defines global duration for lockouts. Specifies how long a user will be locked out of the system. System > Settings > Behavior Behavior Settings / Account Lockout Duration 1 hour to 24 hours in one-hour increments
    Login Delay.
  • To prevent unauthorized users from using brute-force login attempts, you can set a login delay in this field. After each failed login, SL1 will not allow another attempt for the number of seconds specified in this field.
  • System > Settings > Behavior Behavior Settings / Login Delay Disabled, 1 second, 2 seconds, 4 seconds, 8 seconds
    Single Instance Login (for both Admins and Users). Global settings for how the system will handle multiple instances of the same username. Specifies whether more than one instance of a single username can be logged in to the system at the same time. Separate settings for the default behavior for users of account type "User" and users of account type "Admin". System > Settings > Behavior Behavior Settings / Single Instance Login (Admin) and Single Instance Login (Users) Disabled, session can be transferred instantly, session can be transferred after 1 minute of inactivity, after 5 minutes of inactivity, after 10 minutes of inactivity, after 30 minutes of inactivity, after 1 hour of inactivity, or session can be transferred after a manually specified number
    Account Lockout Duration. Defines global duration for lockouts. Specifies how long a user will be locked out of the system. System > Settings > Behavior Behavior Settings / Account Lockout Duration 1 hour to 24 hours in one-hour increments
    Lockout Contact Information. This contact information will be displayed when a user is locked out of the system. This information should allow the user to contact his/her administrator to unlock the account. System > Settings > Behavior Behavior Settings / Lockout Contact Information This information should allow the user to contact his/her administrator to unlock the account.
    Prevent Browser Saved Credentials. This checkbox specifies whether or not SL1 will allow the browser to cache login credentials and perform auto-complete in the login page. By default, SL1 will allow browsers to cache login credentials. System > Settings > Behavior Behavior Settings / Prevent Browser Saved Credentials Selected, Not Selected
    Display Previous Login in Footer. This checkbox specifies whether or not SL1 will display information about the last successful login to the Administration Portal or All-In-One Appliance and the last failed login (if applicable) in the lower right corner of each page.

    Previous Login: yyyy-mm-dd hh-mm-ssfrom user's IP address

    Failed Login: yyyy-mm-dd hh-mm-ssfrom user's IP address

    System > Settings > Behavior Behavior Settings / Display Previous Login in Footer Selected, Not Selected
    Prevent Loading Interface in External Frames. If you select this checkbox, other pages cannot be loaded in external frames in the same browser session that includes SL1. This option can be used as a security measure to prevent click-jacking attacks. System > Settings > Behavior System > Settings > Behavior / Prevent Loading Interface in External Frames Selected, Not Selected
    CAC/ClientCert Auth. This page allows you to define an SSL certificate check that controls whether the login page is displayed to the end user. This feature is primarily used to authenticate Common Access Card (CAC) users against a Department of Defense (DoD)-issued server-side certificate; however, based on your business needs, this feature can also be used with your own client/server certificates. System > Settings > CAC/ClientCert Auth Client Certificate & CAC Authentication
    Login Alert Message. This page defines

    a customizable click-through banner at login. This banner prevents further activity on the SL1 until the user agrees to the terms by clicking on the OK button.

    System > Settings > Login Alert Message Login Alert Editor
    Password Reset Email Editor. This page allows system administrators to define the Email message that is sent to users who select the "I forgot my password" option from the Login page. If the user enters a valid username in the Login page and then selects the "I forgot my password" option, the system will check the account information for that user. If the user's account information includes an Email address, the system will send the user an Email message. The Email message will include a link that allows the user to redefine their password. System > Settings > Password Reset Email Password Reset Email Editor
    Change Password. The user's new password. Registry > Accounts > User Accounts > Create/Edit Account Permissions / Change Password Enter the new password.
    Login State. Default login state for the user. Registry > Accounts > User Accounts > Create/Edit Account Permissions / Login State Active, Suspended, Vacation
    Password Strength. When defining or editing a user account, the administrator can define the required password strength. The user must then always use a password that meets or exceeds that specified password strength. The system will not allow the user to save changes to his/her password that do not meet the password-strength requirement. Registry > Accounts > User Accounts > Create/Edit Account Permissions / Password Strength Good, Strong, Very Strong
    Password Expiration. Specifies whether or not the password for this account will expire and if so, when the password will expire. Registry > Accounts > User Accounts > Create/Edit Account Permissions / Password Expiration Disabled, 30, 60, 90, 180 days
    Password Shadowing. Specifies requirements for password reuse. By default, when a user defines a new password, he/she cannot reuse any passwords that he/she has used in the last 12 months. Registry > Accounts > User Accounts > Create/Edit Account Permissions / Password Shadowing Default - cannot reuse passwords from the past year, 1 - cannot reuse current password, 2 - cannot reuse last two 2 passwords, 3 - cannot reuse last 3 passwords, 4 - cannot reuse last 4 passwords, 5 - cannot reuse last 5 passwords
    Require Password Reset. If selected, the user will be prompted to change his/her password at the next login. When creating a new user account, this option is selected by default. After the user's first login, when he/she is prompted to change his/her password, this option is then deselected. Registry > Accounts > User Accounts > Create/Edit Account Permissions / Require Password Reset Selected, Not Selected
    Restrict to IP. The user will be allowed to access the system only from the specified IP address. Specify the IP address in standard dotted-decimal notation. Registry > Accounts > User Accounts > Create/Edit Account Permissions / Restrict to IP Blank or enter an IP address

     

    Authentication

    Description Click Path Page/Field Field Options
    Authentication Method. Specifies how the user's username and password will be authenticated. Registry > Accounts > User Accounts > Create/Edit Account Permissions / Restrict to IP For configuration details, see the section on Active Directory and LDAP Integration.
    Client Certificate & CAC Authentication. The Client Certificate & CAC Authentication page allows you to define an SSL certificate check that controls whether the login page is displayed to the end user. This feature is primarily used to authenticate Common Access Card (CAC) users against a Department of Defense (DoD)-issued server-side certificate; however, based on your business needs, this feature can also be used with your own client/server certificates. System > Settings > Authentication > CAC/ClientCert Auth Client Certificate & CAC Authentication

     

    Multiple Tenancy and Segregation of Duties

    Description Click Path Page/Field Field Options
    Primary Organization. Specifies the primary organization to align with a user account. Registry > Accounts > User Accounts > Create/Edit Account Permissions / Primary Organization You can select a single organization from a list of all organizations in the system.
    Additional Organization Memberships. Specifies additional organizations for the user. This allows the user to view and access elements from multiple organizations. Registry > Accounts > User Accounts > Create/Edit Account Permissions / Additional Organization Memberships You can select one or more organizations from a list of all organizations in the system.
    Account Type. For each user account, specifies the standard account type. These account types affect the list of Privilege Keys for the user. Registry > Accounts > User Accounts > Create/Edit Account Permissions / Account Type User, Administrator

    Access Key. The Privilege Keys pane displays a list of access keys that can be assigned to the user's account. Access Keys define the tabs and pages users have access to and the actions that a user may perform. These access keys are defined by the system administrator from the Access Keys page (System > Manage > Access Keys).

    Registry > Accounts > User Accounts > Create/Edit Account Permissions / Privilege Keys Accounts of type "Administrator" are automatically assigned all access keys. For accounts of type "User", you can manually assign one, multiple, or all access keys. For details on defining and using access keys, see the section on Access Permissions.
    Credential Management. To support multi-tenancy, the system allows you to align each credential with one, multiple, or all organizations in the system. You can also align a credential with no organizations. When you align an organization with a credential, you control who can view details about the credential, who can view the name of the credential, and who can apply the credential in the system. System > Manage > Credentials > Organization icon () Align Organizations Enabled alignment, select one or more organizations to align with a credential.
    Cloaked Comments. Ticket notes that are created with the Cloaked checkbox enabled can be viewed only by: the user who created the note; all users of type "administrator"; and users in the same organization as the user who create the note, who also have Access Hooks that allow them to view the ticket where the cloaked note resides, and who also have the Access Hook "Ticket:Notes:Cloaked". Tickets > Create/Edit > Notepad > Cloak Notepad / Cloak Enabled, Disabled
    User Policies. User Policies allow you to define a custom set of account properties and key privileges (from the Account Permissions page) and then save them as a policy, for reuse. When you create a user account, you can use the User Policy to quickly apply settings to the new account. Registry > Accounts > User Policies > Create/Edit User Policies For details on defining and applying user policies, see the section on Organizations and Users.

     

    Protection of Shared Content

    Description Click Path Page/Field Field Options
    Intellectual Property Protection. After adding content to a PowerPack, you can add Intellectual Property Protection to included Dynamic Applications and event policies. Intellectual Property Protection prevents users from viewing or editing advanced implementation details about the Dynamic Application or the event policy after it has been installed on another system. System > Manage > PowerPacks > Create/Edit > Dynamic Applications or Event Policies Embedded/Available page / IPP Enabled, Disabled

     

    Data Integrity

    Description Click Path Page/Field Field Options

    Backups. The Backup Management page allows you to define two types of backups for your system: configuration backup that stores a local copy of the core database tables that are required to restore a system, and full backups that make a full backup of Database Server.

    System > Settings > Backup
    Collector Groups. For distributed systems, a collector group is a group of Data Collectors. ScienceLogic Data Collectors retrieve data from managed devices and applications. Grouping multiple Data Collectors allows you to create one of the following configurations: load-balanced collection system, where you can manage more devices without loss of performance; or redundant, high-availability system that minimizes downtime should a failure occur. If a Data Collector fails, another Data Collector is available to handle collection until the problem is solved. System > Settings > Collector Groups Collector Group Management / Collector Failover Off (Maximize Management Devices), On (Maximize Reliability)

     

    Security Events

    Description Click Path Page/Field Field Options
    Events console. The Event Console page displays a list of currently active events. One of the easiest ways to monitor the health of your network is to look at events. Events are messages that are triggered when a specific condition is met. For example, an event can signal that a server has gone down, that a device's hard-drives are getting too full, or simply display the status of a device. Events tab Event Console
    Event policies. The Event Policy Editor page allows you to define a new event or edit the properties of an existing event definition. Registry > Events > Event Manager > create or edit Event Policy Editor

     

    Monitoring Changes to Device Configuration

    Description Click Path Page/Field Field Options
    Alert when asset record changes. The Asset Automation page allows you to define the default behavior for all asset records. For each standard asset field, you can specify how the field should be populated and whether or not the system should generate an event if the field’s value changes. System > Settings > Assets Asset Automation / Alert on change Yes, No

     

    Monitoring for Illicit Behavior

    Description Click Path Page/Field Field Options
    Generate an event if the system discovers an illicit domain record Registry > Monitors > Domain Name > Create / Edit Domain Name Policy / Alert if Found

    Yes. Use this setting to look for an illicit domain record. If the system finds the specified, illicit domain record, the system will generate an event.

    Generate an event if the system discovers an illicit process Registry > Monitors > System Processes > Create / Edit System Process Policy / Alert if Found Yes. Use this setting to look for an illicit system process. If the system finds the specified, illicit system process, the system will generate an event.
    Generate an event if the system discovers an illicit Windows service Registry > Monitors > Windows Services > Create / Edit Windows Service Policy / Alert if Found Yes. Use this setting to look for an illicit Windows service. If the system finds the specified, illicit Windows service, the system will generate an event.
    Generate an event if the system discovers a specified, illicit port open System > Customize > TCP-IP Ports TCP/IP Port Editor / Illicit Port Alarm On, off

     

    Blueprinting DNS, System Processes, and Windows Services

    Description Click Path Page/Field Field Options
    Generate an event if the system discovers a change to a domain record. Registry > Monitors > Domain Name > Create / Edit Domain Name Policy / Alert if Found

    No. Use this setting to ensure that a required domain record is running. If the system does not find the specified domain record, the system generates an event.

    Generate an event if the system discovers a change to a process. Registry > Monitors > System Processes > Create / Edit System Process Policy / Alert if Found

    No. Use this setting to ensure that a required system process is running. If the system does not find the system process, the system generates an event.

    Generate an event if the system discovers a change to a Windows service. Registry > Monitors > Windows Services > Create / Edit Windows Service Policy / Alert if Found

    No. Use this setting to ensure that a required Windows service is running. If the system does not find the specified Windows service, the system generates an event.

     

    Monitoring Open Ports

    Description Click Path Page/Field Field Options
    Generate an event if the system discovers a specified, illicit port open. System > Customize > TCP-IP Ports TCP/IP Port Editor / Illicit Port Alarm On, off

     

    Monitoring Bandwidth Usage

    Description Click Path Page/Field Field Options
    Define a global threshold and generate an event if the counter rolls over. System > Settings > Thresholds Global Threshold Settings / Rollover Percent 0% - 100%
    Define a global threshold and generate an event if packets are sent out-of-order. System > Settings > Thresholds Global Threshold Settings / Out-of-order Percent 0% - 100%
    Define a global threshold and generate an event if inbound bandwidth exceeds the specified percentage. System > Settings > Thresholds Global Threshold Settings / Inbound Percent 0% - 100%
    Define a global threshold and generate an event if outbound bandwidth exceeds the specified percentage. System > Settings > Thresholds Global Threshold Settings / Outbound Percent 0% - 100%
    Define a global threshold and generate an event if inbound bandwidth exceeds the specified Mbps. System > Settings > Thresholds Global Threshold Settings / Inbound Bandwidth 0 - 1,000,000 Mbps
    Define a global threshold and generate an event if outbound bandwidth exceeds the specified Mbps. System > Settings > Thresholds Global Threshold Settings / Outbound Bandwidth 0 - 1,000,000 Mbps
    Define a global threshold and generate an event if inbound errors exceed the specified number of packets. System > Settings > Thresholds Global Threshold Settings / Inbound Errors 0 - 10,000 packets
    Define a global threshold and generate an event if outbound errors exceed the specified number of packets. System > Settings > Thresholds Global Threshold Settings / Outbound Errors 0 - 10,000 packets
    Define a global threshold and generate an event if inbound discards exceed the specified number of packets. System > Settings > Thresholds Global Threshold Settings / Inbound discards 0 - 10,000 packets
    Define a global threshold and generate an event if outbound discards exceed the specified number of packets. System > Settings > Thresholds Global Threshold Settings / Outbound Discards 0 - 10,000 packets
    Define a global threshold and generate an event if inbound errors exceed the specified percentage. System > Settings > Thresholds Global Threshold Settings / Inbound Error Percent 0% - 100%
    Define a global threshold and generate an event if outbound errors exceed the specified percentage. System > Settings > Thresholds Global Threshold Settings / Outbound Error Percent 0% - 100%
    Define a global threshold and generate an event if inbound discards exceed the specified percentage. System > Settings > Thresholds Global Threshold Settings / Inbound Discard Percent 0% - 100%
    Define a global threshold and generate an event if outbound discards exceed the specified percentage. System > Settings > Thresholds Global Threshold Settings / Outbound Discard Percent 0% - 100%
    Define a device-specific threshold and generate an event if the counter rolls over. Registry > Devices > Device Manager > wrench icon > Thresholds Device Thresholds / Rollover Percent 0% -100%
    Define a device-specific threshold and generate an event if packets are sent out-of-order. Registry > Devices > Device Manager > wrench icon > Thresholds Device Thresholds / Rollover Percent 0%-100%

    Monitoring Hardware Performance

    Description Click Path Page/Field Field Options

    Define a global threshold and generate an event if system latency exceeds the specified number of milliseconds.

    System > Settings > Thresholds Global Threshold Settings / System Latency 0 ms - 5,000 ms
    Define a global threshold and generate an event if system availability falls below the specified percentage. System > Settings > Thresholds Global Threshold Settings / System Availability 0% - 100%
    Define a global threshold and generate a warning event if filesystem usage exceeds the specified percentage. System > Settings > Thresholds Global Threshold Settings / Filesystem Warning 0% - 100%
    Define a global threshold and generate a critical event if filesystem usage exceeds the specified percentage. System > Settings > Thresholds Global Threshold Settings / Filesystem Critical 0% - 100%
    Define a global threshold and generate an event if ICMP availability falls below the specified percentage. System > Settings > Thresholds Global Threshold Settings / Avail Required Ping Percent 0% -100%

    Define a device-specific threshold and generate an event if system latency exceeds the specified number of milliseconds.

    Registry > Devices > Device Manager > wrench icon > Thresholds Device Thresholds / System Latency 0 ms - 5,000 ms

    Define a device-specific threshold and generate an event if system availability falls below the specified percentage.

    Registry > Devices > Device Manager > wrench icon > Thresholds Device Thresholds / System Availability 0% - 100%
    Define a device-specific threshold and generate a warning event if the filesystem usage exceeds the specified percentage. Registry > Devices > Device Manager > wrench icon > Thresholds Device Thresholds / File System Thresholds (Warning) 0% -100%
    Define a device-specific threshold and generate a critical event if the filesystem usage exceeds the specified percentage-order. Registry > Devices > Device Manager > wrench icon > Thresholds Device Thresholds / Files System Thresholds (Critical) 0% -100%
    Define a device-specific threshold and generate an event if ICMP availability falls below the specified percentage. Registry > Devices > Device Manager > wrench icon > Thresholds Device Thresholds / Avail Required Ping Percent 0% -100%

     

    Monitoring Patches and Hot Fixes

    Description Click Path Page/Field Field Options
    Generate an exclusion report for a selected software title. This report displays devices where the software is installed and devices where the software is not installed. Registry > Devices > Software > printer icon () Software Titles printer icon ()

     

    Using Run Book Automation to Automate Responses to Security Events

    Description Click Path Page/Field Field Options
    Create an automation policy that defines the conditions during which you want the system to execute automated actions. Registry > Run Book > Automation > Create button Automation Policy Manager Create button
    Create an action that you want the system to execute automatically when specific conditions occur. Registry > Run Book > Actions > Create button Action Policy Manager Create button

     

    Audit Logs

    Description Click Path Page/Field Field Options
    View all messages about the system's standard operations, like starting and stopping key processes, backing up data, purging old data, and other maintenance activities. System > Monitor > System Logs System Logs
    View a complete audit trail for all actions in the system that are performed by users or related to managed devices. System > Monitor > Audit Logs Audit Logs..
    Monitor and manage user logins and logouts to the system. System > Monitor > Access Logs Access Sessions.
    View all the messages and log entries generated for a device. Registry > Devices > Device Manager > wrench icon > Logs Device Logs & Messages.