×
Using the Application Settings Screen

Application Settings Screen

Click on the Administration link in the left-hand menu to expose a link to the Application Settings screen. The applications settings screen provides access to a number of configuration options. The following sections are available for configuration:
Section
Summary

System
Configures the Security Flow System Name or IP Address, Default Timezone, Session Timeout, Flow Message Expiration, and Administrator Email address.

Indicators of Compromise
Configures the number of days until various Indicator of Compromise types reset to an Unknown (5) value.

Email Server (SMTP) Settings
Configures Email Server (SMTP) Settings for sending outbound emails.

SysLog Settings
Configures SysLog Settings for communicating with a remote SysLog server.

Certificate Verification
Enable or disable the verification of TLS/SSL certificates when connecting to services.

Security Flows Webhook
A webhook is used to inject messages into the Security Flow Flows engine using an HTTP operation from an external source, such as a script or external tool. Manage the list of IP addresses or host names allowed to be a source for HTTP requests into a flow and the username/password configuration for submitting an HTTP request.

Security Flows Python Virtual Environment
Manage the list of PyPI, the Python Package Index, packages which are installed.

Authentication Service
Configures Nevelex Labs Security Flow to use built-in, LDAP, or Single Sign-On for user authentication.

LDAP Server
The LDAP Server settings are shown when the Authentication Service is set to LDAP Server.

Single Sign-On (SSO)
The SSO settings are shown when the Authentication Service is set to Single Sign-On (SSO).

DXL Logging
Audits Incident related communication of various activities which occur on a DXL fabric.

Nevelex Labs Logging
Enables or disables verbose Auditing of Incident related communication which occurs on a DXL fabric to and from a Plugin.

Web Server Certificate
Manage the certificates used by Nevelex Labs Security Flow's website.

System Update
Update the Nevelex Labs Security Flow software installation.

Hosts
Manage the /etc/hosts file, a simple text file that associates IP addresses with host names.

High Availability
Allows for the management of high availability settings, such as Warm Standby Mode.

This screen shows the current settings values within the system.

Manage Application Settings

System

Options

Item
Action

Security Flow System Name or IP Address
Configure the name of the Nevelex Labs Security Flow system. This value is used in NL-Waiter nodes in flows and notification links sent out of the system.

Default Timezone
Configure the default timezone of the Nevelex Labs Security Flow system. This value is used within various nodes in the flows and is the default timezone used when creating new users.

Session Timeout
The amount of time before an idle user is logged out.

Flow Message Expiration
Configure the default timeout for messages, "msg" objects, within the flows. This value is used to cleanup reference counts to any blocked or dropped messages which failed to completely traverse the flows.

Allow Report Access in Flows
Allows a Dashboard widget's report to be run from within the flows regardless of the permission normally required to run the report.

Administrator Email address
The system administrator's email address used for notifications about important system events, such as an availability of an upgrade or Plugin Instance failure.

Indicators of Compromise

Options

Item
Action

Domain Trust Level Reset
The number of days before a domain IoC's Trust Level is reset back to Unknown (5). A value of zero (0) days will never reset the Trust Level back to Unknown (5). The NL-* IoC nodes may be configured to override this default.

IP Address Trust Level Reset
The number of days before an IP Address IoC's Trust Level is reset back to Unknown (5). A value of zero (0) days will never reset the Trust Level back to Unknown (5). The NL-* IoC nodes may be configured to override this default.

URL Trust Level Reset
The number of days before a URL IoC's Trust Level is reset back to Unknown (5). A value of zero (0) days will never reset the Trust Level back to Unknown (5). The NL-* IoC nodes may be configured to override this default.

Email Server (SMTP) Settings

Options

Item
Action

Email Server Host
The host name or IP address of the SMTP email server.

Email Server Port
The port of the SMTP email server.

Email Server Username
The username for authenticating with the SMTP email server.

Email Server Password & Password Confirmation
The password for authenticating with the SMTP email server.

Email Server Encryption Type
Type of encryption to use to communicate with the email server: SSL, TLS or none.

SysLog Settings

Options

Item
Action

Enable Remote SysLog
Set to enable logging to a SysLog host.

SysLog Host
The address of the SysLog server in host:port or hostname format.

Certificate Verification

Verify SSL certificates when making requests to external services. Changing this setting will restart all plugin instances. WARNING: Disable at your own risk. Verifying certificates prevents man-in-the-middle attacks (MitM).

Security Flows Webhook

The Nevelex Labs Security Flow system is configured with a default webhook username and password for basic authorization. See the Webhook Injections Screen for more information.

Options

Item
Action

Webhook IPs / Host Names
Set of incoming IP addresses and host names allowed to perform a webhook injection into the flows.

Webhook Username
The basic access authentication username required to access the flows' webhook URI. The URI is defined within the flow by using an http in node.

Security Flows Python Virtual Environment

The NL-Python node allows for the execution of Python 3.6 scripts within a jailed virtual environment. To support running scripts requiring additional packages, this section allows for the installation and removal of packages from PyPI, the Python Package Index.

Options

Item
Action

Python Packages
Set of Python packages, with optional version number, installed within the NL-Python node's virtual environment.

Web Server Certificate

The web server comes with a self-signed certificate for TLS access to Nevelex Labs Security Flow. For the system to function without requiring the user to bypass certificate authentication, certificates from a trusted CA should be installed. The other option is to manually trust the certificates and/or install the certificates as trusted within their browser across all users with access to Nevelex Labs Security Flow.

Options

Item
Action

SSL Certificate
Provides two button options. Generate New Self-Signed Certificate generates a new public/private certificate pair for deployment within the application. Upload New Key Pair provides an upload form for uploading the public certificate and private key.

Authentication Service

By default, the LDAP Server and Single Sign-On (SSO) are disabled and users are managed within Nevelex Labs Security Flow. However, it is strongly recommended that LDAP or SSO be enabled to allow for user authentication to be managed by externally. When either LDAP or SSO is enabled, all user authentication is externally managed except for the default super-user, admin. The roles of the admin user can be reduced to a desired level or the admin user may be disabled.

Options

Item
Action

User Authentication Service
The service used to authenticate users into Security Flow. LDAP or Single Sign-On (SSO) are the recommended options.

LDAP Server

Options

Item
Action

LDAP Hostname
Set the LDAP Hostname URL to use for user lookups.

Port
Port to use when connecting to LDAP server. Defaults to port 389.

LDAP Search DN
Search DN to find the LDAP users or group. For example, cn=Users,dc=yourdomain,dc=com.

LDAP Filter Field
LDAP field which specifies the username. For Active Directory, this is normally sAMAccountName or userPrincipalName. For OpenLDAP, this is normally uid.

LDAP Group DN
Fully-qualified DN of the groupOfNames group. Must be under the LDAP Search DN tree. For example, cn=mygroup,cn=users,dc=example,dc=com.

Encryption Method
Encryption method to use to connect to LDAP server. Supports LDAPS (LDAP over SSL) and StartTLS.

Authentication Method
Authentication method to use to connect to the LDAP server. Simply is the only supported method.

Authentication Bind DN/Username
Bind DN or Username to use to authenticate to LDAP server.

Authentication Password
Password to use to authenticate to LDAP server.

Confirm Authentication Password
Shown in the Edit Settings screen to confirm the Authentication Password.
 

Single Sign-On (SSO)

Used to configure SSO using SAML 2.0. The SSO Identity Provider must include an attribute statement with the following names and types.

Attribute Name Type Description
first_name Basic The user's first name.
last_name Basic The user's last name.
email Basic The user's email address.

Options

Item
Action

SSO Strict
Configures the SSO module to strictly follow the SAML 2.0 standard. Additionally, rejects unsigned or unencrypted messages if configured to be signed or encrypted.

Name ID (username) Format
Specifies the format constraints on the username of the SSO user. Possible values are Unspecified or Email.

Identity Provider Entity ID
Fully specified URI of the Identity Provider's (IdP) entity ID.

Identity Provider SSO Endpoint
Fully specified URI of the Identity Provider's (IdP) SSO endpoint.

Identity Provider SSO Endpoint Binding
Protocol binding used by the Identity Provider's (IdP) SSO endpoint.

Encryption Method
Encryption method to use to connect to LDAP server. Supports LDAPS (LDAP over SSL) and StartTLS.

Technical Contact Name
Metadata supplied to the Identity Provider. The name of the technical contact.

Technical Contact Email
Metadata supplied to the Identity Provider. The email address for the technical contact.

Support Contact Name
Metadata supplied to the Identity Provider. The name of the support contact.

Support Contact Email
Metadata supplied to the Identity Provider. The email address for the support contact.

Organization Name
Metadata supplied to the Identity Provider. The name of the organization.

Organization Display Name
Metadata supplied to the Identity Provider. The display name of the organization.

Organization URL
Metadata supplied to the Identity Provider. The URL for the organization.

DXL Logging

On a DXL fabric, there are events generated by the fabric which may not need to be logged by the flows. These settings will, by default, disable logging of those events when they get fed into or sent out of the NL DXL Event In and NL DXL Event Out nodes. These settings are applied to DXL requests as well.

Options

Item
Action

Audit DXL Broker Client Registry Events
Activate to enable auditing of event messages for DXL Client registrations. This setting applies to DXL topics starting with /mcafee/event/dxl/clientregistry/.

Audit DXL Broker Health
Activate to enable auditing of event messages querying the DXL Broker Health. This setting applies to DXL topics starting with /mcafee/service/dxl/broker/health.

Audit DXL Broker Registry Events
Activate to enable auditing of event messages for DXL Broker registrations. This setting applies to DXL topics starting with /mcafee/event/dxl/brokerregistry/.

Audit DXL Broker Service Registry Events
Activate to enable auditing of event messages for DXL Service registrations. This setting applies to DXL topics starting with /mcafee/event/dxl/svcregistry/.

Nevelex Labs Logging

Options

Item
Action

Audit DXL Plugin Instance Communication
Activate to enable verbose auditing of communication between Nevelex Labs nodes and Plugin Instances. When activated, messages sent to and received from Plugin Instances are included in Incident audit trails.

Audit Nevelex Labs DXL Messages
Activate to enable auditing of message transformations by nodes logging to external services such as McAfee's ESM SIEM.

System Update

Nevelex Labs Security Flow checks twice a day for the system updates. This setting sections allows for the downloading and installation of an update. NOTE: During an update any event driven messages and in-flow messages may be lost. Any information which is polled from external sources will not be lost. For example, email flow sources will not lose any incoming messages because they are polled.

Options

Item
Action

Download Update Version
When a download is available, a download button is enabled for downloading the newer software version from Nevelex Labs. While downloading, the button will be visible, but disabled.

Install Update Version
After the newer software version has been downloaded and is ready for install, an install button is enabled for installing the new version of Nevelex Labs Security Flow. During the installation/upgrade process the system will be unusable. In the unlikely event of an upgrade failure, the system will revert to the software version running prior to an upgrade.

Hosts

Displays the user defined mappings in the /etc/hosts file, a simple text file that associates IP addresses with host names.

High Availability

Options

Item
Action

Enter Warm Standby Mode
Warm Standby Mode deactivates most services within this Security Flow instance. A minimal UI is left operational to reactivate this instance. Entering Warm Standby mode disables all Security Flows.

Application Settings Edit Screen

Click the Edit Settings button to edit the application settings.

Nevelex Labs, Main Office

Metro Office Park
2950 Metro Drive, Suite 104
Bloomington, MN 55425
Phone: +1 952-500-8921

©Nevelex Labs, LLC. 2018-2021, All Rights Reserved.

EULA