Server Settings

Under server settings, you can configure the Mail Server, SMS Server and other Product Notification Settings. The configured SMS Server and Mail Server will be used for sending alerts and notifications from Log360 UEBA.

• Mail Settings
• SMS Settings
• Notification Settings

Mail Settings

Follow the steps below to set up the mail server for Log360 UEBA.

Mail Server configuration using SMTP mode

• Navigate to Settings → Server Settings → Mail Settings.
• Select SMTP mode and enter the Mail Server name and Port, and specify the From Address and Admin Mail Address.
• Choose the protocol that will be used to establish a secure connection from the Secure Connection dropdown.
• Select the authentication type from the options provided:
• Basic authentication
• OAuth authentication
• Basic authentication
• Enter the Username and Password to access the mail server.
• If your mail server does not require authentication, leave the fields empty.
• You can have Log360 UEBA send a test email by clicking the Test Mail button.
• OAuth authentication
• Select your mail provider from the available options: Microsoft or Google.
• If your mail provider is Microsoft, provide the Username, Tenant ID, Client ID, and Client Secret in the respective fields. In Log360 UEBA, the Azure Cloud is considered the default Azure environment. You can modify the Azure environment setting by clicking the Choose the appropriate Azure environment link.
Note:
• To learn how to find your Azure Tenant ID, Client ID, and Client Secret, click here.
• To learn how to find your Google Client ID, and Client Secret, click here.
• Click Save Settings.

Mail Server configuration using API mode

• Navigate to Settings → Server Settings → Mail Settings.
• Select API mode and choose the Mail Provider from the available options: Microsoft or Google.
• Specify the From Address and Admin Mail Address.
• If your mail provider is Microsoft, provide the Tenant ID, Client ID, and Client Secret in the respective fields. In Log360 UEBA, the Azure Cloud is considered the default Azure environment. You can modify the Azure environment setting by clicking the Choose the appropriate Azure environment link.
Note: To learn how to find your Azure Tenant ID, Client ID, and Client Secret, click here.
• If your mail provider is Google, upload the JSON private key file.
Note: To learn how to get your JSON private key file, click here.
• Click Save Settings.

Steps to find your Azure Tenant ID, Client ID, and Client Secret for SMTP mail server configuration

• Log in to portal.azure.com.
• Under Azure services, click App registrations → New registration.
• Provide a Name of your choice and select the Supported account types. (Leave it as default).
• In the Redirect URI field, select web & paste the following OAuth link: https://identitymanager.manageengine.com/api/public/v1/oauth/redirect (or) You can also add the localhost redirect API in the following syntax.
  protocol://localhost:port_number/context_if_any/RestAPI/WC/OAuthSetting For example, http://localhost:8096/RestAPI/WC/OAuthSetting. If you have only added localhost as the redirect URI, you must access the product using localhost to configure mail server.
• In the next page, you will find the application details. Copy the Client ID & Tenant ID.
• From the left pane, click Certificates & secrets → New client secret.
• Provide a Description for the client secret, and in the Expires field, choose the validity of the client secret and click Add.
• The client secret will be generated. Copy the string displayed under Value.
• Click Save setting and complete the authorization prompt.

Steps to find your Google Workspace Client ID, and Client Secret for SMTP mail server configuration

• Log in to console.developers.google.com.
• In the dashboard, click Create to create a new project if there is no existing project or select any existing project and click New Project.
• Enter the Project Name. In the Location field, click Browse and select the parent organization. Click Create.
• In the left pane of the displayed project details page, click APIs & Services → Library.
• From the available list of APIs, select Gmail API and click Enable. You can make use of the search option to find the API quickly.
• In the left pane, click OAuth consent screen and choose the User Type. If you don't have a Google workspace account, choose External User.
• Provide the Application Name, Application Logo, and the support email of your help desk, developer information, and click Save & continue.
• Click Add or Remove Scopes, choose Gmail API (https://mail.google.com/), and click Update. Then, click Save & Continue.
• Add a test user and click Save & continue.
• In the left pane, click Credentials → Create Credentials → OAuth Client ID.
• Select the application type as Web Application. Provide a name of your choice.
• In the Authorized Redirect URIs, paste the following OAuth link:
  https://identitymanager.manageengine.com/api/public/v1/oauth/redirect (or) You can also add localhost redirect API in the following pattern. protocol://localhost:port_number/context_if_any/RestAPI/WC/OAuthSetting For example, http://localhost:8096/RestAPI/WC/OAuthSetting. If you have only added localhost as the redirect URI, you must access the product using localhost to configure the mail server.
• Click Save.
• Click DOWNLOAD JSON to download the file containing the authorization server details. Copy the Client ID and Client Secret displayed on the screen.

Steps to find your Azure Tenant ID, Client ID, and Client Secret for API mail server configuration

• Log in to portal.azure.com.
• Under Azure services, click App registrations → New registration.
• Enter a Name of your choice and choose the Supported account types. (If you’re unsure about the supported account types, select Accounts in the organizational directory only).
• In the left pane, click API Permission → Add a permission.
• Click Microsoft Graph → Application permission.
• Search Mail and select the permission Mail.Send. Click Add Permission.
• Click Grant admin consent.
• Copy the Client ID & Tenant ID displayed.
• In the left pane, click Certificates & secrets → New client secret.
• Provide a Description for the client secret. In the Expires field, choose the validity of the client secret and click Add.
• The client secret will be generated. Copy the string displayed under Value.

Steps to download JSON private key for API mail server configuration

• Log in to console.developers.google.com.
• Open the Service accounts page.
• Click Create Project. Enter the project name, organization and location. Click Create.
• Click + Create service account button from the top row.
• Under Service account details, type a name, ID, and description for the service account, then click Create and continue.
• If required, you can also select the IAM roles to be granted to the service account using the Grant this service account access to project option.
• Click Continue
• If required, you can add the users or groups that are allowed to use and manage the service account.
• Click Done.
• Click the email address for the service account you created.
• Click the Keys tab.
• In the Add key dropdown list, select Create new key.
• Select key type as JSON.
• Click Create.

Your new public/private key pair will be generated and downloaded to your machine. Please keep the private key safe as this will be the only copy, and you cannot generate the same private key again.

Once you have downloaded the JSON private key, you’ll have to enable Gmail API service and provide domain-wide authority to the service account.

Enable Gmail API service

• Login to console.developers.google.com.
• Select the project from the dropdown menu.
• Click + Enable APIS and Services.
• Select Gmail API and click Enable.

Delegating domain-wide authority to the service account

• Log in to the Google Workspace domain's Admin console as a super administrator.
• Navigate to Main menu → Security → Access and data control → API Controls.
• In the Domain wide delegation pane, select Manage Domain Wide Delegation.
• Click Add new.
• In the Client ID field, enter the service account's Client ID. You can find your service account's client ID on the Service accounts page.
• In the OAuth scopes (comma-delimited) field, enter the list of scopes that your application should be granted access to. For example, if your application needs domain-wide full access to the Google Mail API, enter: https://mail.google.com.
• Click Authorize.

Your application now has the authority to make API calls as users in your domain (to "impersonate" users). When you prepare to make authorized API calls, specify the user to impersonate as.

SMS Settings

Follow the steps below to set up the SMS server for Log360 UEBA. You can configure Log360 UEBA to use your own GSM modem or your custom SMS gateway.

Configuring SMS Server using GSM Modem

• Navigate to Settings → Server Settings → SMS Settings
• Select GSMModem from the SMS Provider drop down box.
• Specify the Modem Port Number.
• Click Save Settings.

Steps involved in configuring the modem port & modem speed:

• Connect your GSM Modem to the Serial Communication Port.
• Only a serial cable must be used for connectivity.
• The port number for Window Devices will be comX. Eg. com7 or com8.
• Enter the Port Number to which the modem is connected :eg.(COM 1).

Requirements for Establishing SMS Server Connection:

• Modem/mobile must have GSM functionality with a provision to insert the SIM card.
• Should support 7-bit (GSM default alphabet), 8-bit and Unicode (UCS2) encoding.
• Make sure the GSM modem configured with Log360 UEBA is not used by any other application.
• If you experience any issue in sending SMS notifications through GSM modem, please restart Log360 UEBA and try again.
• Matching these criteria allows Log360 UEBA to support your modem/ mobile phone.

Configuring SMS Server using Custom SMS Provider

You can configure you own custom SMS gateway provided that the gateway is HTTP, SMTP, or SMPP based. Please follow the steps given below:

• HTTP-based SMS Provider
• SMTP-based SMS Provider
• SMPP-based SMS Provider

HTTP-based SMS provider:

• Navigate to Settings → Server Settings → SMS Settings
• Select Custom from the SMS Provider drop down box.
• Select HTTP from the Send SMS via drop down box.
• Select whether you want to use Post or Get HTTP method for sending SMS.
• Enter the HTTP URL of your SMS gateway provider.
Note: Only HTTPS URLs are supported.
• Enter the HTTP Parameters specific to your SMS provider.
Note:
• Separate the HTTP parameters by an ampersand (&) sign.
• Example format: userName=xxx&password=yyy&mobileNumber=%mobNo&message=%message%.
• You can use the following parameters:
• userName = the parameter which is used to denote the API authentication username.
• xxx = API authentication username.
• password = the parameter which is used to denote the API authentication password.
• yyy = API authentication password.
• mobileNumber = recipient parameter.
• %mobNo% = this macro denotes the user's mobile number.
• message = message parameter.
• %message% = this macro denotes the SMS message content.
• More HTTP Parameters - If you SMS provider requires more parameters like unicode and apiID, include them as well using the '&' sign.
• Specify the response you get from your provider to determine whether the SMS has been sent successfully.
• Click Advanced Settings. Enter the HTTP Request Headers specific to your SMS provider.
• Select the option Convert Message into Unicode to send SMS in Unicode format.
• Click Save Settings.

SMTP-based SMS provider:

• Navigate to Settings → Server Settings → SMS Settings
• Select Custom from the SMS Provider drop down box.
• Select SMTP from the Send SMS via drop down box.
• In the From Address field enter an email address from which you want to send the SMS. Eg: noreply@adselfserviceplus.com
• In the To Address field enter the %mobNo% macro followed by the email of your provider. For example: %mobNo%@clickatell.com. Refer your SMS provider to know the exact values.
• Enter the details required in the Subject field. Generally, it would be either mobile number or message depending upon your SMS provider.
• Enter the details required in the Content field. This also depends on your SMS provider. Please refer them to know the exact values.
• Select the Use default mail settings checkbox if want to use the default mail server configured under the Mail Settings tab.
• If you dont want to use the default mail settings, unselect the checkbox.
• Enter the name or IP address of the “SMTP Server” and its Port number.
• Enter the username and password of the SMTP server.
• Select the Connection security protocol to use from the available options: SSL, TLS or none.
• Click Save Settings.

SMPP-based SMS provider:

• Navigate to Admin → General Settings → Server Settings.
• Select Custom from the SMS Provider drop down box.
• Select SMPP from the Send SMS via drop down box.
• Enter the SMPP Server Name and its SMPP Server Port.
• Enter the Username and Password of the SMPP server.
• Click Advanced Settings.
• Enter the SMPP Source Address and ESME System Type.
• Select the Source Address’s TON (type of number).
• Select the Source Address’s NPI (Numeric Plan Indicator).
• Select the Destination Address’s TON.
• Select the Destination Address’s NPI.
• Click Save Settings.

Notification Settings

Users can enable alerts for critical product notifications to be sent to the Admin.

• Navigate to Settings → Server Settings → Notification settings.
• Enable the Licence Expiry Notification and Application Downtime Notification options, if you wish to receive emails informing you of these events.
• To be notified about low free space, select the corresponding checkbox and specify the threshold value below which you want to be notified.
• Click Save.