Use the following menu options to navigate the SL1 user interface:
- To view a pop-out list of menu options, click the menu icon (
). - To view a page containing all of the menu options, click the Advanced menu icon (
).
Access Control
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
|
Password Expiration. Defines global expiration setting for user passwords. Specifies whether or not the passwords for user account will expire and if so, when the passwords will expire. |
System > Settings > Behavior | Behavior Settings / Password Expiration | Disabled, 30 days, 60 days, 90 days, 180 days |
| Password Hash Method. Specifies how user passwords will be encrypted for storage in the Database Server. You can choose the hashing algorithm that works best for your enterprise. | System > Settings > Behavior | Behavior Settings / Password Hash Method | MD5 (legacy), SHA-512 (FIPS 140-2 Compliant), Automatic (PHP Password API) |
| Password Minimum Length. |
System > Settings > Behavior | Behavior Settings / Password Minimum Length | 1 through 99 characters. |
| Account Lockout Type. Defines global parameter for lockouts. If a user enters incorrect login information multiple times in a row, that user will be locked out of the system. In this field, you can select how the lockout will be applied. | System > Settings > Behavior | Behavior Settings / Account Lockout Type | Lockout by IP address (default), Lockout by Username and IP address, Lockout by username, Disable |
| Account Lockout Attempts. Defines global trigger for lockouts. Specifies the number of times a user can enter incorrect login information before the lockout occurs. | System > Settings > Behavior | Behavior Settings / Account Lockout Attempts | 1 through 10 attempts |
| Account Lockout Duration. Defines global duration for lockouts. Specifies how long a user will be locked out of the system. | System > Settings > Behavior | Behavior Settings / Account Lockout Duration | 1 hour to 24 hours in one-hour increments |
| Login Delay. |
System > Settings > Behavior | Behavior Settings / Login Delay | Disabled, 1 second, 2 seconds, 4 seconds, 8 seconds |
| Single Instance Login (for both Admins and Users). Global settings for how the system will handle multiple instances of the same username. Specifies whether more than one instance of a single username can be logged in to the system at the same time. Separate settings for the default behavior for users of account type "User" and users of account type "Admin". | System > Settings > Behavior | Behavior Settings / Single Instance Login (Admin) and Single Instance Login (Users) | Disabled, session can be transferred instantly, session can be transferred after 1 minute of inactivity, after 5 minutes of inactivity, after 10 minutes of inactivity, after 30 minutes of inactivity, after 1 hour of inactivity, or session can be transferred after a manually specified number |
| Account Lockout Duration. Defines global duration for lockouts. Specifies how long a user will be locked out of the system. | System > Settings > Behavior | Behavior Settings / Account Lockout Duration | 1 hour to 24 hours in one-hour increments |
| Lockout Contact Information. This contact information will be displayed when a user is locked out of the system. This information should allow the user to contact his/her administrator to unlock the account. | System > Settings > Behavior | Behavior Settings / Lockout Contact Information | This information should allow the user to contact his/her administrator to unlock the account. |
| Prevent Browser Saved Credentials. This checkbox specifies whether or not SL1 will allow the browser to cache login credentials and perform auto-complete in the login page. By default, SL1 will allow browsers to cache login credentials. | System > Settings > Behavior | Behavior Settings / Prevent Browser Saved Credentials | Selected, Not Selected |
| Display Previous Login in Footer. This checkbox specifies whether or not SL1 will display information about the last successful login to the Administration Portal or All-In-One Appliance and the last failed login (if applicable) in the lower right corner of each page. Previous Login: yyyy-mm-dd hh-mm-ssfrom user's IP address Failed Login: yyyy-mm-dd hh-mm-ssfrom user's IP address |
System > Settings > Behavior | Behavior Settings / Display Previous Login in Footer | Selected, Not Selected |
| Prevent Loading Interface in External Frames. If you select this checkbox, other pages cannot be loaded in external frames in the same browser session that includes SL1. This option can be used as a security measure to prevent click-jacking attacks. | System > Settings > Behavior | System > Settings > Behavior / Prevent Loading Interface in External Frames | Selected, Not Selected |
| CAC/ClientCert Auth. This page allows you to define an SSL certificate check that controls whether the login page is displayed to the end user. This feature is primarily used to authenticate Common Access Card (CAC) users against a Department of Defense (DoD)-issued server-side certificate; however, based on your business needs, this feature can also be used with your own client/server certificates. | System > Settings > CAC/ClientCert Auth | Client Certificate & CAC Authentication | |
| Login Alert Message. This page defines a customizable click-through banner at login. This banner prevents further activity on the SL1 until the user agrees to the terms by clicking on the button. |
System > Settings > Login Alert Message | Login Alert Editor | |
| Password Reset Email Editor. This page allows system administrators to define the Email message that is sent to users who select the "I forgot my password" option from the Login page. If the user enters a valid username in the Login page and then selects the "I forgot my password" option, the system will check the account information for that user. If the user's account information includes an Email address, the system will send the user an Email message. The Email message will include a link that allows the user to redefine their password. | System > Settings > Password Reset Email | Password Reset Email Editor | |
| Change Password. The user's new password. | Registry > Accounts > User Accounts > Create/Edit | Account Permissions / Change Password | Enter the new password. |
| Login State. Default login state for the user. | Registry > Accounts > User Accounts > Create/Edit | Account Permissions / Login State | Active, Suspended, Vacation |
| Password Strength. When defining or editing a user account, the administrator can define the required password strength. The user must then always use a password that meets or exceeds that specified password strength. The system will not allow the user to save changes to his/her password that do not meet the password-strength requirement. | Registry > Accounts > User Accounts > Create/Edit | Account Permissions / Password Strength | Good, Strong, Very Strong |
| Password Expiration. Specifies whether or not the password for this account will expire and if so, when the password will expire. | Registry > Accounts > User Accounts > Create/Edit | Account Permissions / Password Expiration | Disabled, 30, 60, 90, 180 days |
| Password Shadowing. Specifies requirements for password reuse. By default, when a user defines a new password, he/she cannot reuse any passwords that he/she has used in the last 12 months. | Registry > Accounts > User Accounts > Create/Edit | Account Permissions / Password Shadowing | Default - cannot reuse passwords from the past year, 1 - cannot reuse current password, 2 - cannot reuse last two 2 passwords, 3 - cannot reuse last 3 passwords, 4 - cannot reuse last 4 passwords, 5 - cannot reuse last 5 passwords |
| Require Password Reset. If selected, the user will be prompted to change his/her password at the next login. When creating a new user account, this option is selected by default. After the user's first login, when he/she is prompted to change his/her password, this option is then deselected. | Registry > Accounts > User Accounts > Create/Edit | Account Permissions / Require Password Reset | Selected, Not Selected |
| Restrict to IP. The user will be allowed to access the system only from the specified IP address. Specify the IP address in standard dotted-decimal notation. | Registry > Accounts > User Accounts > Create/Edit | Account Permissions / Restrict to IP | Blank or enter an IP address |
Authentication
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
| Authentication Method. Specifies how the user's username and password will be authenticated. | Registry > Accounts > User Accounts > Create/Edit | Account Permissions / Restrict to IP | |
| Client Certificate & CAC Authentication. The Client Certificate & CAC Authentication page allows you to define an SSL certificate check that controls whether the login page is displayed to the end user. This feature is primarily used to authenticate Common Access Card (CAC) users against a Department of Defense (DoD)-issued server-side certificate; however, based on your business needs, this feature can also be used with your own client/server certificates. | System > Settings > Authentication > CAC/ClientCert Auth | Client Certificate & CAC Authentication |
Multiple Tenancy and Segregation of Duties
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
| Primary Organization. Specifies the primary organization to align with a user account. | Registry > Accounts > User Accounts > Create/Edit | Account Permissions / Primary Organization | You can select a single organization from a list of all organizations in the system. |
| Additional Organization Memberships. Specifies additional organizations for the user. This allows the user to view and access elements from multiple organizations. | Registry > Accounts > User Accounts > Create/Edit | Account Permissions / Additional Organization Memberships | You can select one or more organizations from a list of all organizations in the system. |
| Account Type. For each user account, specifies the standard account type. These account types affect the list of Privilege Keys for the user. | Registry > Accounts > User Accounts > Create/Edit | Account Permissions / Account Type | User, Administrator |
|
Access Key. The Privilege Keys pane displays a list of access keys that can be assigned to the user's account. Access Keys define the tabs and pages users have access to and the actions that a user may perform. These access keys are defined by the system administrator from the Access Keys page (System > Manage > Access Keys). |
Registry > Accounts > User Accounts > Create/Edit | Account Permissions / Privilege Keys | Accounts of type "Administrator" are automatically assigned all access keys. For accounts of type "User", you can manually assign one, multiple, or all access keys. |
| Credential Management. To support multi-tenancy, the system allows you to align each credential with one, multiple, or all organizations in the system. You can also align a credential with no organizations. When you align an organization with a credential, you control who can view details about the credential, who can view the name of the credential, and who can apply the credential in the system. | System > Manage > Credentials > Organization icon ( ) |
Align Organizations | Enabled alignment, select one or more organizations to align with a credential. |
| Cloaked Comments. Ticket notes that are created with the Cloaked checkbox enabled can be viewed only by: the user who created the note; all users of type "administrator"; and users in the same organization as the user who create the note, who also have Access Hooks that allow them to view the ticket where the cloaked note resides, and who also have the Access Hook "Ticket:Notes:Cloaked". | Tickets > Create/Edit > Notepad > Cloak | Notepad / Cloak | Enabled, Disabled |
| User Policies. User Policies allow you to define a custom set of account properties and key privileges (from the Account Permissions page) and then save them as a policy, for reuse. When you create a user account, you can use the User Policy to quickly apply settings to the new account. | Registry > Accounts > User Policies > Create/Edit | User Policies |
|
Protection of Shared Content
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
| Intellectual Property Protection. After adding content to a PowerPack, you can add Intellectual Property Protection to included Dynamic Applications and event policies. Intellectual Property Protection prevents users from viewing or editing advanced implementation details about the Dynamic Application or the event policy after it has been installed on another system. | System > Manage > PowerPacks > Create/Edit > Dynamic Applications or Event Policies | Embedded/Available page / IPP | Enabled, Disabled |
Data Integrity
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
|
Backups. The Backup Management page allows you to define two types of backups for your system: configuration backup that stores a local copy of the core database tables that are required to restore a system, and full backups that make a full backup of Database Server. |
System > Settings > Backup | ||
| Collector Groups. For distributed systems, a collector group is a group of Data Collectors. ScienceLogic Data Collectors retrieve data from managed devices and applications. Grouping multiple Data Collectors allows you to create one of the following configurations: load-balanced collection system, where you can manage more devices without loss of performance; or redundant, high-availability system that minimizes downtime should a failure occur. If a Data Collector fails, another Data Collector is available to handle collection until the problem is solved. | System > Settings > Collector Groups | Collector Group Management / Collector Failover | Off (Maximize Management Devices), On (Maximize Reliability) |
Security Events
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
| Events console. The Event Console page displays a list of currently active events. One of the easiest ways to monitor the health of your network is to look at events. Events are messages that are triggered when a specific condition is met. For example, an event can signal that a server has gone down, that a device's hard-drives are getting too full, or simply display the status of a device. | tab | Event Console | |
| Event policies. The Event Policy Editor page allows you to define a new event or edit the properties of an existing event definition. | Registry > Events > Event Manager > create or edit | Event Policy Editor |
Monitoring Changes to Device Configuration
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
| Alert when asset record changes. The Asset Automation page allows you to define the default behavior for all asset records. For each standard asset field, you can specify how the field should be populated and whether or not the system should generate an event if the field’s value changes. | System > Settings > Assets | Asset Automation / Alert on change | Yes, No |
Monitoring for Illicit Behavior
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
| Generate an event if the system discovers an illicit domain record | Registry > Monitors > Domain Name > Create / Edit | Domain Name Policy / Alert if Found |
Yes. Use this setting to look for an illicit domain record. If the system finds the specified, illicit domain record, the system will generate an event. |
| Generate an event if the system discovers an illicit process | Registry > Monitors > System Processes > Create / Edit | System Process Policy / Alert if Found | Yes. Use this setting to look for an illicit system process. If the system finds the specified, illicit system process, the system will generate an event. |
| Generate an event if the system discovers an illicit Windows service | Registry > Monitors > Windows Services > Create / Edit | Windows Service Policy / Alert if Found | Yes. Use this setting to look for an illicit Windows service. If the system finds the specified, illicit Windows service, the system will generate an event. |
| Generate an event if the system discovers a specified, illicit port open | System > Customize > TCP-IP Ports | TCP/IP Port Editor / Illicit Port Alarm | On, off |
Blueprinting DNS, System Processes, and Windows Services
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
| Generate an event if the system discovers a change to a domain record. | Registry > Monitors > Domain Name > Create / Edit | Domain Name Policy / Alert if Found |
No. Use this setting to ensure that a required domain record is running. If the system does not find the specified domain record, the system generates an event. |
| Generate an event if the system discovers a change to a process. | Registry > Monitors > System Processes > Create / Edit | System Process Policy / Alert if Found |
No. Use this setting to ensure that a required system process is running. If the system does not find the system process, the system generates an event. |
| Generate an event if the system discovers a change to a Windows service. | Registry > Monitors > Windows Services > Create / Edit | Windows Service Policy / Alert if Found |
No. Use this setting to ensure that a required Windows service is running. If the system does not find the specified Windows service, the system generates an event. |
Monitoring Open Ports
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
| Generate an event if the system discovers a specified, illicit port open. | System > Customize > TCP-IP Ports | TCP/IP Port Editor / Illicit Port Alarm | On, off |
Monitoring Bandwidth Usage
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
| Define a global threshold and generate an event if the counter rolls over. | System > Settings > Thresholds | Global Threshold Settings / Rollover Percent | 0% - 100% |
| Define a global threshold and generate an event if packets are sent out-of-order. | System > Settings > Thresholds | Global Threshold Settings / Out-of-order Percent | 0% - 100% |
| Define a global threshold and generate an event if inbound bandwidth exceeds the specified percentage. | System > Settings > Thresholds | Global Threshold Settings / Inbound Percent | 0% - 100% |
| Define a global threshold and generate an event if outbound bandwidth exceeds the specified percentage. | System > Settings > Thresholds | Global Threshold Settings / Outbound Percent | 0% - 100% |
| Define a global threshold and generate an event if inbound bandwidth exceeds the specified Mbps. | System > Settings > Thresholds | Global Threshold Settings / Inbound Bandwidth | 0 - 1,000,000 Mbps |
| Define a global threshold and generate an event if outbound bandwidth exceeds the specified Mbps. | System > Settings > Thresholds | Global Threshold Settings / Outbound Bandwidth | 0 - 1,000,000 Mbps |
| Define a global threshold and generate an event if inbound errors exceed the specified number of packets. | System > Settings > Thresholds | Global Threshold Settings / Inbound Errors | 0 - 10,000 packets |
| Define a global threshold and generate an event if outbound errors exceed the specified number of packets. | System > Settings > Thresholds | Global Threshold Settings / Outbound Errors | 0 - 10,000 packets |
| Define a global threshold and generate an event if inbound discards exceed the specified number of packets. | System > Settings > Thresholds | Global Threshold Settings / Inbound discards | 0 - 10,000 packets |
| Define a global threshold and generate an event if outbound discards exceed the specified number of packets. | System > Settings > Thresholds | Global Threshold Settings / Outbound Discards | 0 - 10,000 packets |
| Define a global threshold and generate an event if inbound errors exceed the specified percentage. | System > Settings > Thresholds | Global Threshold Settings / Inbound Error Percent | 0% - 100% |
| Define a global threshold and generate an event if outbound errors exceed the specified percentage. | System > Settings > Thresholds | Global Threshold Settings / Outbound Error Percent | 0% - 100% |
| Define a global threshold and generate an event if inbound discards exceed the specified percentage. | System > Settings > Thresholds | Global Threshold Settings / Inbound Discard Percent | 0% - 100% |
| Define a global threshold and generate an event if outbound discards exceed the specified percentage. | System > Settings > Thresholds | Global Threshold Settings / Outbound Discard Percent | 0% - 100% |
| Define a device-specific threshold and generate an event if the counter rolls over. | Registry > Devices > Device Manager > wrench icon > Thresholds | Device Thresholds / Rollover Percent | 0% -100% |
| Define a device-specific threshold and generate an event if packets are sent out-of-order. | Registry > Devices > Device Manager > wrench icon > Thresholds | Device Thresholds / Rollover Percent | 0%-100% |
Monitoring Hardware Performance
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
|
Define a global threshold and generate an event if system latency exceeds the specified number of milliseconds. |
System > Settings > Thresholds | Global Threshold Settings / System Latency | 0 ms - 5,000 ms |
| Define a global threshold and generate an event if system availability falls below the specified percentage. | System > Settings > Thresholds | Global Threshold Settings / System Availability | 0% - 100% |
| Define a global threshold and generate a warning event if filesystem usage exceeds the specified percentage. | System > Settings > Thresholds | Global Threshold Settings / Filesystem Warning | 0% - 100% |
| Define a global threshold and generate a critical event if filesystem usage exceeds the specified percentage. | System > Settings > Thresholds | Global Threshold Settings / Filesystem Critical | 0% - 100% |
| Define a global threshold and generate an event if ICMP availability falls below the specified percentage. | System > Settings > Thresholds | Global Threshold Settings / Avail Required Ping Percent | 0% -100% |
|
Define a device-specific threshold and generate an event if system latency exceeds the specified number of milliseconds. |
Registry > Devices > Device Manager > wrench icon > Thresholds | Device Thresholds / System Latency | 0 ms - 5,000 ms |
|
Define a device-specific threshold and generate an event if system availability falls below the specified percentage. |
Registry > Devices > Device Manager > wrench icon > Thresholds | Device Thresholds / System Availability | 0% - 100% |
| Define a device-specific threshold and generate a warning event if the filesystem usage exceeds the specified percentage. | Registry > Devices > Device Manager > wrench icon > Thresholds | Device Thresholds / File System Thresholds (Warning) | 0% -100% |
| Define a device-specific threshold and generate a critical event if the filesystem usage exceeds the specified percentage-order. | Registry > Devices > Device Manager > wrench icon > Thresholds | Device Thresholds / Files System Thresholds (Critical) | 0% -100% |
| Define a device-specific threshold and generate an event if ICMP availability falls below the specified percentage. | Registry > Devices > Device Manager > wrench icon > Thresholds | Device Thresholds / Avail Required Ping Percent | 0% -100% |
Monitoring Patches and Hot Fixes
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
| Generate an exclusion report for a selected software title. This report displays devices where the software is installed and devices where the software is not installed. | Registry > Devices > Software > printer icon ( ) |
Software Titles | printer icon () |
Using Run Book Automation to Automate Responses to Security Events
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
| Create an automation policy that defines the conditions during which you want the system to execute automated actions. | Registry > Run Book > Automation > Create button | Automation Policy Manager | Create button |
| Create an action that you want the system to execute automatically when specific conditions occur. | Registry > Run Book > Actions > Create button | Action Policy Manager | Create button |
Audit Logs
| Description | Click Path | Page/Field | Field Options |
|---|---|---|---|
| View all messages about the system's standard operations, like starting and stopping key processes, backing up data, purging old data, and other maintenance activities. | System > Monitor > System Logs | System Logs | |
| View a complete audit trail for all actions in the system that are performed by users or related to managed devices. | System > Monitor > Audit Logs | Audit Logs.. | |
| Monitor and manage user logins and logouts to the system. | System > Monitor > Access Logs | Access Sessions. | |
| View all the messages and log entries generated for a device. | Registry > Devices > Device Manager > wrench icon > Logs | Device Logs & Messages. |