Changing ABS default settings
You can change the default settings in ABS by editing the abs-defaults.yml
file.
Make a backup of the |
The following is a sample abs-defaults.yml
file.
--- abs: # Define ports for the PingIntelligence ABS # Make sure ports are not same for single server installation management_port: 8080 # Mongo DB User and password mongo_username: absuser mongo_password: abs123 # Define cache size for MongoDB (% of total RAM). # MongoDB will be configured to use this percentage of host memory. mongo_cache_size: 25 # Communication between mongo and ABS mongo_ssl: true # Mongo DB Server Certificate Verification # Set to true if Mongo DB instance is configured in SSL mode and you want to do the server certificate verification # By default ABS will not verify the MongoDB server certificate mongo_certificate_verify: false # Mongo replica set name mongo_replica_set: absrs01 # When kafka is set to false in config/hosts, this url will be used # Give the host:port combination of mutiple kafka server in comma seperated. # Make sure kafka_server_url is accessible from ansible management host, dataengine, and abs nodes. #This will be used via dashboard dataengine module too. kafka_server_url: kafka_1:9093 # When kafka is set to false in config/hosts, this passoword for jks will be used #This will be used via dashboard dataengine module too. kafka_custom_truststore_password: custom # Duration of initial training period (units in hours) # This value will be set in the mongo nodes attack_initial_training: 24 # Memory for webserver and streaming server (unit is in MB) system_memory: 4096 # Access keys and secret keys to access ABS access_key: abs_ak secret_key: abs_sk access_key_ru: abs_ak_ru secret_key_ru: abs_sk_ru # Password for ABS keystore jks_password: abs123 #Users in Kafka for abs consumer_user: abs_consumer producer_user: abs_producer abs_groupid: pi4api.abs # Kafka Consumer Producer Password consumer_authentication_password: changeme producer_authentication_password: changeme #Kafka Relicas min_insync_replicas: 1 #topics to be created in kafka transactions_topic: pi4api.queuing.transactions attacks_topic: pi4api.queuing.ioas anomalies_topic: pi4api.queuing.anomalies discovery_topic: pi4api.queuing.apis #Topic partition ,replication_factor and retention_period(in milli seconds) #These will be used when install_kafka is true and topics are created as part of deployment. topic_partitions: 1 replication_factor: 1 retention_period: 172800000 # Configure Email Alert. Set enable_emails to true to configure # email settings for ABS enable_emails: false smtp_host: smtp.example.com smtp_port: 587 sender_email: sender@example.com email_password: password receiver_email: receiver@example.com # CLI admin password current_admin_password: admin new_admin_password: admin poc_mode: false api_publishing_service: # Define ports for the PingIntelligence API Publish Service # Make sure ports are not same for single server installation management_port: 8050 # Password for APIPublish keystore jks_password: api123 # Mongo DB Server Certificate Verification # Set to true if Mongo DB instance is configured in SSL mode and you want to do the server certificate verification # By default apipublish will not verify the MongoDB server certificate mongo_certificate_verify: false server_ssl_key_alias: pingidentity # MongoDB Database names data_dbname: abs_data meta_database: abs_metadata # MongoDB authentication # If authentication is not enabled in MongoDB, set the mongo_auth_mechanism to NONE # The supported MongoDB authentication mechanisms are DEFAULT and PLAIN. # If authentication mechanism is DEFAULT, provide MongoDB username and password for mongo_username # and mongo_password. If authentication mechanism is PLAIN, provide external # LDAP username and password in mongo_username and mongo_password. mongo_authentication_mechanism: DEFAULT # CLI admin password current_admin_password: admin new_admin_password: admin
ABS variable settings
The following table lists the variables that you can set for ABS.
Variable | Description | ||
---|---|---|---|
|
Port for ABS to ASE and REST API to ABS communication. The default value is 8080. |
||
|
MongoDB username and password. The default username is |
||
|
If you are running all the PingIntelligence components on the same instance, keep the MongoDB cache size to a maximum of 25% of the system memory. If you are running MongoDB on a separate instance, keep the MongoDB cache size to a maximum of 40% of the system memory. |
||
|
Default value is |
||
|
Set it to
|
||
|
Name of the MongoDB replica set. Default name is |
||
|
The number of hours that you want to train the AI model before it moves to the prediction mode. Default value is 24 hours. |
||
|
Memory size in MB allocated to run machine learning jobs. Recommended to be at least 50% of system memory. |
||
|
The access key and secret for the admin user. For more information on different ABS users, see ABS users.
|
||
|
The access key and secret for the restricted user. For more information on different ABS users, see ABS users.
|
||
|
The password of the Java KeyStore (JKS). The default password is |
||
|
Configure the following settings:
|
||
|
The default value for command-line interface (CLI) admin is |
||
|
Sets the mode in which the artificial intelligence (AI) engine sets the thresholds for the AI models. If set to |
||
|
ABS consumer user in Kafka. Default: |
||
|
ABS producer user in Kafka. Default: |
||
|
ABS group in Kafka. Default: |
||
|
ABS consumer user password. Default: |
||
|
ABS producer user password. Default: |
||
|
Minimum number of insync replicas for data in Kafka. |
||
|
ABS transaction topic in Kafka. |
||
|
ABS attack topic in Kafka. |
||
|
ABS anomalies topic in Kafka. |
||
|
ABS discovery topic in Kafka. |
||
|
Number of partitions for topics. |
||
|
Replication factor for topics. |
||
|
Retention period of data on topics. |
||
|
Pre-existing Kafka |
||
|
Pre-existing Kafka truststore password in |
||
|
API Publish service port. Default: |
||
|
API Publish service JKS password. You can change the password for the JKS file. It will be generated during installation. |
||
|
Mongodb Server Certificate Verification for API Publish service. Default: |
||
|
Alias for API Publish service SSL JKS file. Default: |
||
|
API Publish service database name. Default: |
||
|
API Publish service metadatabase name. Default: |
||
|
API Publish service CLI password. Default: |
||
|
API Publish service new admin password. Default: |
Changing the ABS default system memory
About this task
To change the default system memory in the abs.properties
file of ABS:
Steps
-
Go to the
software
directory. -
Untar the ABS binary by entering the following command:
# tar –zxvf pi-api-abs-5.0.tar.gz
-
Edit the
config/abs.properties
file to change the default value ofsystem_memory
to 50% of host memory.# vi pingidentity/abs/config/abs.properties
Example:
If host ABS system has 16 GB of memory, set the value to
8192
MB. -
Save the file.
-
Tar the ABS binary and save it with the same file name (
pi-api-abs-5.0.tar.gz
) in thesoftware
directory by entering the following command:# tar -czf pi-api-abs-5.0.tar.gz pingidentity/abs