×
Using the Application Settings Screen

Application Settings Screen

Click on the Administration link in the left-hand menu to expose a link to the Application Settings screen. The applications settings screen provides access to a number of configuration options. The following sections are available for configuration:
Section
Summary

System
Configures Security Flow System Name or IP Address, Default Timezone, Session Timeout, Flow Message Expiration, and Administrator Email address.

Email Server (SMTP) Settings
Configures Email Server (SMTP) Settings for sending outbound emails.

SysLog Settings
Configures SysLog Settings for communicating with a remote SysLog server.

Certificate Verification
Enable or disable the verification of TLS/SSL certificates when connecting to services.

Security Flows Webhook
A webhook is used to inject messages into the Security Flow Flows engine using an HTTP operation from an external source, such as a script or external tool. Manage the list of IP addresses or host names allowed to be a source for HTTP requests into a flow and the username/password configuration for submitting an HTTP request.

Security Flows Python Virtual Environment
Manage the list of PyPI, the Python Package Index, packages which are installed.

LDAP Server
Configures Nevelex Labs Security Flow to use an LDAP server for user authentication.

DXL Logging
Audits Incident related communication of various activities which occur on a DXL fabric.

Nevelex Labs Logging
Enables or disables verbose Auditing of Incident related communication which occurs on a DXL fabric to and from a Plugin.

Web Server Certificate
Manage the certificates used by Nevelex Labs Security Flow's website.

System Update
Update the Nevelex Labs Security Flow software installation.

Hosts
Manage the /etc/hosts file, a simple text file that associates IP addresses with host names.

High Availability
Allows for the management of high availability settings, such as Warm Standby Mode.

This screen shows the current settings values within the system.

System

Options

Item
Action

Security Flow System Name or IP Address
Configure the name of the Nevelex Labs Security Flow system. This value is used in NL-Waiter nodes in flows and notification links sent out of the system.

Default Timezone
Configure the default timezone of the Nevelex Labs Security Flow system. This value is used within various nodes in the flows and is the default timezone used when creating new users.

Session Timeout
The amount of time before an idle user is logged out.

Flow Message Expiration
Configure the default timeout for messages, "msg" objects, within the flows. This value is used to cleanup reference counts to any blocked or dropped messages which failed to completely traverse the flows.

Administrator Email address
The system administrator's email address used for notifications about important system events, such as an availability of an upgrade or Plugin Instance failure.

Email Server (SMTP) Settings

Options

Item
Action

Email Server Host
The host name or IP address of the SMTP email server.

Email Server Port
The port of the SMTP email server.

Email Server Username
The username for authenticating with the SMTP email server.

Email Server Password & Password Confirmation
The password for authenticating with the SMTP email server.

Email Server Encryption Type
Type of encryption to use to communicate with the email server: SSL, TLS or none.

SysLog Settings

Options

Item
Action

Enable Remote SysLog
Set to enable logging to a SysLog host.

SysLog Host
The address of the SysLog server in host:port or hostname format.

Certificate Verification

Verify SSL certificates when making requests to external services. Changing this setting will restart all plugin instances. WARNING: Disable at your own risk. Verifying certificates prevents man-in-the-middle attacks (MitM).

Security Flows Webhook

The Nevelex Labs Security Flow system is configured with a default webhook username and password for basic authorization. See the Webhook Injections Screen for more information.

Options

Item
Action

Webhook IPs / Host Names
Set of incoming IP addresses and host names allowed to perform a webhook injection into the flows.

Webhook Username
The basic access authentication username required to access the flows' webhook URI. The URI is defined within the flow by using an http in node.

Security Flows Python Virtual Environment

The NL-Python node allows for the execution of Python 3.6 scripts within a jailed virtual environment. To support running scripts requiring additional packages, this section allows for the installation and removal of packages from PyPI, the Python Package Index.

Options

Item
Action

Python Packages
Set of Python packages, with optional version number, installed within the NL-Python node's virtual environment.

DXL Logging

On a DXL fabric, there are events generated by the fabric which may not need to be logged by the flows. These settings will, by default, disable logging of those events when they get fed into or sent out of the NL DXL Event In and NL DXL Event Out nodes. These settings are applied to DXL requests as well.

Options

Item
Action

Audit DXL Broker Client Registry Events
Activate to enable auditing of event messages for DXL Client registrations. This setting applies to DXL topics starting with /mcafee/event/dxl/clientregistry/.

Audit DXL Broker Health
Activate to enable auditing of event messages querying the DXL Broker Health. This setting applies to DXL topics starting with /mcafee/service/dxl/broker/health.

Audit DXL Broker Registry Events
Activate to enable auditing of event messages for DXL Broker registrations. This setting applies to DXL topics starting with /mcafee/event/dxl/brokerregistry/.

Audit DXL Broker Service Registry Events
Activate to enable auditing of event messages for DXL Service registrations. This setting applies to DXL topics starting with /mcafee/event/dxl/svcregistry/.

Nevelex Labs Logging

Options

Item
Action

Audit DXL Plugin Instance Communication
Activate to enable verbose auditing of communication between Nevelex Labs nodes and Plugin Instances. When activated, messages sent to and received from Plugin Instances are included in Incident audit trails.

Audit Nevelex Labs DXL Messages
Activate to enable auditing of message transformations by nodes logging to external services such as McAfee's ESM SIEM.

Web Server Certificate

The web server comes with a self-signed certificate for TLS access to Nevelex Labs Security Flow. For the system to function without requiring the user to bypass certificate authentication, certificates from a trusted CA should be installed. The other option is to manually trust the certificates and/or install the certificates as trusted within their browser across all users with access to Nevelex Labs Security Flow.

Options

Item
Action

SSL Certificate
Provides two button options. Generate New Self-Signed Certificate generates a new public/private certificate pair for deployment within the application. Upload New Key Pair provides an upload form for uploading the public certificate and private key.

LDAP Server

By default, the LDAP Server is disabled and users are managed within Nevelex Labs Security Flow. However, it is strongly recommended that LDAP be enabled to allow for user authentication to be managed by your existing LDAP/LDAPS server. When LDAP is enabled, all user authentication is externally managed except for the default super-user, admin. The roles of the admin user can be reduced to a desired level.

Options

Item
Action

LDAP Enabled
Enables the use of an external LDAP server.

LDAP Hostname
Set the LDAP Hostname URL to use for user lookups.

Port
Port to use when connecting to LDAP server. Defaults to port 389.

LDAP Search DN
Search DN to find the LDAP users or group. For example, cn=Users,dc=yourdomain,dc=com.

LDAP Filter Field
LDAP field which specifies the username. For Active Directory, this is normally sAMAccountName or userPrincipalName. For OpenLDAP, this is normally uid.

LDAP Group DN
Fully-qualified DN of the groupOfNames group. Must be under the LDAP Search DN tree. For example, cn=mygroup,cn=users,dc=example,dc=com.

Encryption Method
Encryption method to use to connect to LDAP server. Supports LDAPS (LDAP over SSL) and StartTLS.

Authentication Method
Authentication method to use to connect to the LDAP server. Simply is the only supported method.

Authentication Bind DN/Username
Bind DN or Username to use to authenticate to LDAP server.

Authentication Password
Password to use to authenticate to LDAP server.

Confirm Authentication Password
Shown in the Edit Settings screen to confirm the Authentication Password.
 

System Update

Nevelex Labs Security Flow checks daily for the system updates. This setting sections allows for the downloading and installation of an update. NOTE: During an update any event driven messages and in-flow messages may be lost. Any information which is polled from external sources will not be lost. For example, email flow sources will not lose any incoming messages because they are polled.

Options

Item
Action

Download Update Version
When a download is available, a download button is enabled for downloading the newer software version from Nevelex Labs. While downloading, the button will be visible, but disabled.

Install Update Version
After the newer software version has been downloaded and is ready for install, an install button is enabled for installing the new version of Nevelex Labs Security Flow. During the installation/upgrade process the system will be unusable. In the unlikely event of an upgrade failure, the system will revert to the software version running prior to an upgrade.

Hosts

Displays the user defined mappings in the /etc/hosts file, a simple text file that associates IP addresses with host names.

High Availability

Options

Item
Action

Enter Warm Standby Mode
Warm Standby Mode deactivates most services within this Security Flow instance. A minimal UI is left operational to reactivate this instance. Entering Warm Standby mode disables all Security Flows.

Application Settings Edit Screen

To change the auditing or LDAP settings click the Edit Settings button in the upper right-hand corner. Clicking on this button will bring up the Edit Settings screen.

On the Application Settings Edit Screen each of the Boolean settings can be toggled off or on. Other values are typed in by the user per the definitions supplied above.

Once selections are made on this screen, the user must click on the Save button in the lower right-hand corner to have the settings take affect or cancel to abort. Either selection will return the user to the Applications Settings screen.

Nevelex Labs, Main Office

Metro Office Park
2950 Metro Drive, Suite 104
Bloomington, MN 55425
Phone: +1 952-500-8921

©Nevelex Labs, LLC. 2018-2021, All Rights Reserved.

EULA