PingIntelligence

PingIntelligence Dashboard engine

When you install the PingIntelligence Dashboard, the on-prompt installation steps asks for configuration values, including access and secret key, ABS and ASE URL, and so on.

These values after installation are populated in the <pi_install_dir>/dashboard/config/dashboard.properties file. To change these values, you can stop the Dashboard engine, edit the dashboard.properties file and then start the Dashboard engine. See Starting and stopping thePingIntelligenceDashboard for more information on how to start and stop each component individually.

# Dashboard properties file

# ABS
# ABS Hostname/IPv4 address
abs.host=127.0.0.1
# ABS REST API port
abs.port=8080
# ABS SSL enabled ( true/false )
abs.ssl=true
# ABS Restricted user access ( true/false )
abs.restricted_user_access=true
# ABS access key
abs.access_key=OBF:AES:NuBmDdIhQeNlRtU8SMKMoLaSpJviT4kArw==:HHuA9sAPDiOen3VU+qp6kMrkgNjAwnKO6aa8pMuZkQw=
# ABS secret key
abs.secret_key=OBF:AES:NuBmDcAhQeNlPBDmyxX+685CBe8c3/STVA==:BIfH+FKmL5cNa1DrfVuyc5hIYjimqh7Rnf3bv9hW0+4=
# ABS query polling interval (minutes)
abs.query.interval=10
# ABS query offset (minutes. minimum value 30 minutes)
abs.query.offset=30

# UI
# publish attacks+metrics to UI. Valid values true or false
publish.ui.enable=true
# elasticsearch URL
es.url=https://localhost:9200/
# elasticsearch username. User should have manage_security privilege
es.username=elastic
# elasticsearch user password
es.password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=
# kibana version
kibana.version=6.8.1

# Log4j2
# publish attacks to Log4j2. Valid values true or false
# By default it provides syslog support
publish.log4j2.enable=false
# log4j2 config file to log attacks to an external service. For example, Syslog
# use com.pingidentity.abs.publish as logger name in log4j2 configuration
log4j2.config=config/syslog.xml
# log4j2 log level for attack logging
log4j2.log.level=INFO
# directory for any log4j2 config dependency jar's.
# useful for third party log4j2 appenders
# it should be a directory
log4j2.dependencies.dir=plugins/

# Log level
dashboard.log.level=INFO

The following table describes all the parameters in the dashboard.properties file.

Parameter Description

ABS

abs.host

IP address of the ABS server.

Two options exist to choose an ABS server:

  • Utilize an existing ABS server.

  • For production deployments, Ping Identity recommends dedicating an exclusive ABS reporting node.

abs.port

REST API port number of the ABS host. See abs.properties.

The default value is 8080.

abs.ssl

Setting the value to true ensures SSL communication between ABS and dashboard engine.

abs.restricted_user

When set to true, Elasticsearch uses the restricted user header (configured in the pingidentity/abs/mongo/abs_init.js file) to fetch the obfuscated values of OAuth token, cookie, and API keys. When set to false, the admin user header is used to fetch the data in plain text. For more information on admin and restricted user headers, see ABS users for API reports.

abs.access_key

Access key from ABS. See pingidentity/abs/mongo/abs_init.js. Make sure to enter the access key based on the value set in the previous variable. For example, if abs.restricted_user is set to true, then enter the access key for restricted user. If abs.restricted_user is set to false, then use the access key for the admin user.

abs.secret_key

Secret key from ABS. See pingidentity/abs/mongo/abs_init.js. Make sure to enter the secret key based on the value set in the previous variable. For example, if abs.restricted_user is set to true, then enter the secret key for restricted user. If abs.restricted_user is set to false, then use the secret key for the admin user.

abs.query.interval

Polling interval to fetch data from ABS. The default is 10 minutes.

abs.query.offset

The time required by ABS to process access logs and generate result. The minimum and default value is 30 minutes.

UI

publish.ui.enable

Set to true to display the PingIntelligence Dashboard. The Dashboard displays attack and metrics data. Set to false if you do not want to display the Dashboard.

es.url

Elasticsearch URL.

es.username

Elasticsearch username.

es.password

Elasticsearch password.

kibana.version

Kibana version. The default is 6.8.1.

dashboard.log.level

Log level for the Dashboard.

The default log level is INFO. Another log level is DEBUG.

Log4j

publish.log4j2.enable

Set to true to send attack data to the syslog server. Set to false to disable sending attack data to syslog server.

The Dashboard and Syslog cannot be disabled together.

log4j2.config

The log4j2 config file that logs the attack data.

log4j2.log.level

Log level for log4j.

The default log level is INFO.

log4j2.dependencies.dir

The directory for any log4j configuration dependency. Make sure that it is a directory.