8.2. Configuring the NDR
8.2.1. Introduction
8.2.1.1. The `Assets and users tracking` and `Relationship tracking` functions
the various alerts on the network classified by risk score and type.
the active equipment management interface presents a list of the various equipment present on the network classified by risk score.
The different alerts present on the network and displayed in the
`Alerts`dashboard classified by risk score (for more information on the dashboard, see WebUI `Alerts` screen)The different assets present on the network and displayed in the
`Assets`dashboard classified by risk score (for more information on the dashboard, see WebUI `Assets` screen)The different users present on the network and displayed in the
`Users`dashboard classified by risk score (for more information on the dashboard, see WebUI `Users` screen)
The `Assets and users tracking` and ` Relationship tracking` functions include:
Function |
Status |
Description |
See |
|---|---|---|---|
|
Activable |
Synchronization between the NDR WebUI's |
See Procedure to enable the `Assets and users tracking` and `Relationship tracking` functions. |
|
Can disable |
The NDR |
See Procedure to disable the `Assets and users tracking` and `Relationship tracking` functions. |
|
Activable |
synchronization between the NDR |
See Procedure to enable the `Assets and users tracking` and `Relationship tracking` functions. |
|
Can disable |
The NDR |
See Procedure to disable the `Assets and users tracking` and `Relationship tracking` functions. |
8.2.1.2. Elasticsearch retention period
8.2.2. Links associated
8.2.3. Prerequisites
User: member of Administrator group
8.2.4. Preliminary operations
Login to GCenter via a browser (see Connecting to the GCenter web interface via a web browser)
8.2.5. Procedure to access the `Data Exports` window for an administrator account
In the navigation bar, successively click on:
The
`Administration`menu`Global settings export`command in the`System`categoryThe`Global settings`screen is displayed.
8.2.6. Procedure to enable the `Assets and users tracking` and `Relationship tracking` functions
- Use the
`Assets and users tracking`selector (4) to enable tracking of active assets (`Assets`) and users (`users`).The functions visible by pressing the`Assets`and`users`buttons in the WebUI are now accessible if the license enables it. - Use the
`Relationship tracking`selector (10) to enable tracking relations between active devices and view these relations.The functions visible by pressing the`Relations`button are now accessible if the license enables it. Click on the
`Save changes`button (13).
8.2.7. Procedure to disable the `Assets and users tracking` and `Relationship tracking` functions
- To disable the tracking of relations only, use the
`Relationships tracking`selector (10).The functions visible by pressing the`Relations`button are now inaccessible. - To disable all the functions of the
`Assets and users tracking`(4) and`Relationship tracking`(10), use the`Assets and users tracking`selector (1).The functions visible by pressing the`Assets`and`users`buttons in the WebUI are now inaccessible. Click on the
`Save changes`button (13).
8.2.8. Procedure to configure the Elasticsearch retention
In the navigation bar, successively click on:
The
`Administration`menu`Retention policy`command in the`Data`categoryThe`Retention policy`window is displayed.
Configure the Elasticsearch retention with
`Data retention`cursor (5) of the`Elasticsearch max data retention (in Go)`zone (2).Use the selector (7) of the
`Synchronize NDR boards with elasticsearch retention`zone (6) to enable synchronizing NDR dashboards with data in Elasticsearch.Click on the
`Save changes`button (9).