8.2. Configuring the NDR

8.2.1. Introduction

8.2.1.1. The `Assets and users tracking` and `Relationship tracking` functions

The NDR database stores information about:

Alerts displayed in the `Alerts` dashboard (for more information on the dashboard, see Web UI `Alerts` screen)
Alerts displayed in the `Alerts` dashboard (for more information on the dashboard, see Web UI `Assets` screen)
The users displayed in the `Users` dashboard (for more information on the dashboard, see Web UI `Users` screen)

The `Assets and users tracking` and ` Relationship tracking` functions include:

Function	Status	Description	See
`Assets and users tracking`	Activable	Synchronization between the NDR web UI's `Assets` and `Users` dashboards with the data available in Elasticsearch	See Procedure to enable the `Assets and users tracking` and `Relationship tracking` functions.
`Assets and users tracking`	Can disable	The NDR `Assets` and `Users` dashboards are disabled. Data is no longer stored in Elasticsearch.	See Procedure to disable the `Assets and users tracking` and `Relationship tracking` functions.
`Relationship tracking	Activable	synchronization between the NDR `Relations` dashboard in the web UI and the data available in Elasticsearch	See Procedure to enable the `Assets and users tracking` and `Relationship tracking` functions.
`Relationship tracking`	Can disable	The NDR `Relations` dashboard is disabled. Data is no longer stored in Elasticsearch.	See Procedure to disable the `Assets and users tracking` and `Relationship tracking` functions.

The configuration interface is described in the Web UI `Assets` screen.

8.2.1.2. Elasticsearch retention period

The retention time of Elasticsearch depends on the maximum space allocated (in Gb) to store the logs (see the `Admin-GCenter-Configuration` screen of the legacy web UI).
Therefore, the data retention period in Elasticsearch depends on the amount of logs generated by the GCaps.
The retention period of Elasticsearch can be changed: see the Procedure to configure the Elasticsearch retention time.

8.2.2. Prerequisites

User : member of Administrator group

8.2.3. Preliminary operations

Login to GCenter via a browser (see Connecting to the GCenter web interface via a web browser).

8.2.4. Procedure to access the `Data Exports` window for an administrator account

In the navigation bar, successively click on:

The `Admin` button

The `NDR configuration` command

The `NDR configuration` window is displayed.

8.2.5. Procedure to enable the `Assets and users tracking` and `Relationship tracking` functions

Click on the `FEATURES` button (3).
Use the `Assets and users tracking` selector (1) to enable tracking of active assets (`Assets`) and users (`users`).

The functions visible by pressing the `Assets` and `users` buttons in the web UI are now accessible if the license enables it.
Use the `Relationship tracking` selector (2) to enable tracking relations between active devices and view these relations.

The functions visible by pressing the `Relations` button are now accessible if the license enables it.

8.2.6. Procedure to disable the `Assets and users tracking` and `Relationship tracking` functions

Click on the `FEATURES` button (3).
To disable the tracking of relations only, use the `Relationships tracking` selector (2).

The functions visible by pressing the `Relations` button are now inaccessible.
To disable all the functions of the `Assets and users tracking` (1) and `Relationship tracking` (2), use the `Assets and users tracking` selector (1).

The functions visible by pressing the `Assets` and `users` buttons in the web UI are now inaccessible.

8.2.7. Procedure to configure the Elasticsearch retention time

Click on the `RETENTION PERIOD` button (4).
Use the `Synchronize NDR boards with elasticsearch retention` selector to enable synchronizing NDR dashboards with data in Elasticsearch.
Use the `Retention period` field to specify how long data such as alerts, users, and equipment should be retained on disk.