Product Settings

The following settings can be configured under product settings.

1. Connection
2. Security hardening

Connection

This setting helps to configure some of the prerequisites to run Log360 UEBA in a secure and seamless manner.

• Log into Log360 UEBA as an administrator.
• In the Settings tab, select Product Settings.
• Select Connection tab.
• Choose the connection type, either HTTP or HTTPS as per requirement and enter the port numbers. The default port numbers for HTTP and HTTPS are 8096 and 8446 respectively.
• On selecting the HTTPS connection, you can further configure the Advanced TLS setting.
• You can either select all versions or the required version of TLS from the drop down listing (TLSv1, TLSv1.1, and TLSv1.2).
• Set the Product Memory. It is the system space that can be allocated to the product, and by default it is set at 1GB.
• Set the Elasticsearch Memory. It is the space required in the system memory to run elastic search clusters. It should not be more than the product memory, and by default it is set at 1GB.
• Select Weekend for anomaly detection from the dropdown. The selected days will be treated as weekend by the detection engine during anomaly detection.
• Select the Session Expiry Time from the dropdown. It is the maximum idle time in a session after which the session will be closed automatically.
• Select the Log Level from the dropdown. Log level indicates the amount of debugging information that will be logged from the log files.
• Set the Direct Export Report Limit. It is the maximum number of records to be included in a directly exported report. By default it is set at 20000.

Security Hardening

This feature helps admins to ensure the safety and security of Log360 UEBA. To manage individual settings, click the Configure or Enable option corresponding to that security setting and make the required changes. Once configured, the setting will have a green ticked Configured/Enabled icon next to it. A security score which is calculated based upon the weightage given to each configuration will also be displayed in this tab. It is highly advisable to configure all the settings and ensure your product security score is 100%. Access to admin accounts can be hardened by enforcing the following configurations:

• Enforce HTTPS: This setting helps to establish secure communication between the client's web browser and Log360UEBA. On clicking Configure under this tab, you will be redirected to the Connection setting where you will have to enable HTTPS connection.
• Change Default Admin's Password: It is recommended to change the default admin password to a unique and strong password to secure access to Log360 UEBA. On clicking Change under this tab, you will be redirected to the My Account page in order to set a new password.
• Enforce Two-factor Authentication: This setting adds an extra layer of security while logging in to Log360 UEBA. On clicking Enable, you will be redirected to the Two-factor Authentication page under Logon settings.
• Enforce Secure TLS: This setting helps to establish secure connections with Log360 UEBA. On clicking Enable, you will be redirected to the Connection setting page where you will have to configure the Advanced setting under HTTPS connection.
• Enable CAPTCHA: You can add a CAPTCHA to the login page using this setting. Users will be prompted to enter a CAPTCHA after a specific number of failed login attempts. On clicking Configure, you will be redirected to the CAPTCHA settings under Logon settings.
• Block Invalid Login Attempts: This setting allows you to block a particular user after a specific number of failed login attempts by the user. On clicking Enable, you will be redirected to the Block Users setting under Logon settings.