PingIntelligence

Configure dashboard engine

When you install the PingIntelligence Dashboard, the on-prompt installation steps asks for configuration values including, access and secret key, ABS and ASE URL and so on. These values after installation are populated in the <pi_install_dir>/dashboard/config/dashboard.properties file. To change these values, stop the dashboard engine, edit the dashboard.properties file and then start the dashboard engine. See, Start and stop Dashboard on how to start and stop each component individually.

# Dashboard properties file

# ABS
# ABS Hostname/IPv4 address
abs.host=127.0.0.1
# ABS REST API port
abs.port=8080
# ABS SSL enabled ( true/false )
abs.ssl=true
# ABS Restricted user access ( true/false )
abs.restricted_user_access=true
# ABS access key
abs.access_key=OBF:AES:NuBmDdIhQeNlRtU8SMKMoLaSpJviT4kArw==:HHuA9sAPDiOen3VU+qp6kMrkgNjAwnKO6aa8pMuZkQw=
# ABS secret key
abs.secret_key=OBF:AES:NuBmDcAhQeNlPBDmyxX+685CBe8c3/STVA==:BIfH+FKmL5cNa1DrfVuyc5hIYjimqh7Rnf3bv9hW0+4=
# ABS query polling interval (minutes)
abs.query.interval=10
# ABS query offset (minutes. minimum value 30 minutes)
abs.query.offset=30

# UI
# publish attacks+metrics to UI. Valid values true or false
publish.ui.enable=true
# elasticsearch URL
es.url=https://localhost:9200/
# elasticsearch username. User should have manage_security privilege
es.username=elastic
# elasticsearch user password
es.password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=
# kibana version
kibana.version=6.8.1

# Log4j2
# publish attacks to Log4j2. Valid values true or false
# By default it provides syslog support
publish.log4j2.enable=false
# log4j2 config file to log attacks to an external service. For example, Syslog
# use com.pingidentity.abs.publish as logger name in log4j2 configuration
log4j2.config=config/syslog.xml
# log4j2 log level for attack logging
log4j2.log.level=INFO
# directory for any log4j2 config dependency jar's.
# useful for third party log4j2 appenders
# it should be a directory
log4j2.dependencies.dir=plugins/

# Log level
dashboard.log.level=INFO

The following table describes all the parameters in the dashboard.properties file:

Parameter Description

ABS

abs.host

IP address of the ABS server

Two options exist to choose an ABS server: 1) Utilize an existing ABS server. 2) For production deployments, Ping Identity recommends dedicating an exclusive ABS reporting node.

abs.port

REST API port number of the ABS host – See abs.properties

Default value is 8080

abs.ssl

Setting the value to true ensures SSL communication between ABS and dashboard engine.

abs.restricted_user

When set to true, Elasticsearch uses the restricted user header (configured in pingidentity/abs/mongo/abs_init.js file) to fetch the obfuscated values of OAuth token, cookie and API keys. When set to false, the admin user header is used to fetch the data in plain text. For more information on admin and restricted user header, see ABS users for API reports

abs.access_key

Access key from ABS – See pingidentity/abs/mongo/abs_init.js. Make sure to enter the access key based on the value set in the previous variable. For example, if abs.restricted_user is set to true, then enter the access key for restricted user. If abs.restricted_user is set to false, then use the access key for the admin user.

abs.secret_key

Secret key from ABS – See pingidentity/abs/mongo/abs_init.js. Make sure to enter the secret key based on the value set in the previous variable. For example, if abs.restricted_user is set to true, then enter the secret key for restricted user. If abs.restricted_user is set to false, then use the secret key for the admin user.

abs.query.interval

Polling interval to fetch data from ABS. The default is 10 minutes

abs.query.offset

The time required by ABS to process access logs and generate result. The minimum and default value is 30-minutes.

UI

publish.ui.enable

Set it to true to display PingIntelligence Dashboard. The Dashboard displays attack and metrics data. Set it to false, if you do not want to display the Dashboard.

es.url

Elasticsearch URL

es.username

Elasticsearch username

es.password

Elasticsearch password.

kibana.version

Kibana version - default is 6.8.1

dashboard.log.level

Log level for Dashboard

Default log level is INFO. Another log level is DEBUG

Log4j

publish.log4j2.enable

Set it to true to send attack data to syslog server. Set it to false to disable sending attack data to syslog server.

Dashboard and Syslog cannot be disabled together.

log4j2.config

The log4j2 config file which logs the attack data.

log4j2.log.level

Log level for log4j.

Default log level is INFO.

log4j2.dependencies.dir

The directory for any log4j configuration dependency. Make sure that it is a directory.