PingIntelligence

PingIntelligence Dashboard properties

The Dashboard configuration file (dashboard.properties) is located in the <pi_install_dir>/dashboard/config/ directory.

The following table explains the parameters and provides recommended values.

Parameter Description

ABS IP, port, log level, and JKS password

abs.host

ABS URL

abs.port

ABS port number. The default value is 8080.

abs.ssl

Set the value to enable or disable SSL connection with ABS. Valid values are true and false.

abs.restricted_user_access

Set the value to enable or disable restricted user access to ABS. Valid values are true and false.

abs.access_key

ABS access key.

abs.secret_key

ABS secret key.

abs.query.interval

ABS query polling interval in minutes. The default value is 10 minutes.

abs.query.offset

ABS query offset in minutes. The minimum value is 30 minutes.

Publish to UI, Elasticsearch distribution type, Elasticssearch URL, Elasticsearch username, Elasticsearch password, ILM policy, Kibana version

publish.ui.enable

Set the value to enable or disable publishing of attack information and other metrics to the dashboard. Valid values are true and false.

es.distro.type

Elasticsearch distribution type. Valid values are default and aws.

es.url

Elasticsearch URL.

es.username

The username credential to Elasticsearch.

es.password

The password credentials to Elasticsearch.

es.index.dashboard.activity.ilm.policy

Location of Index Lifecycle Management (ILM) policy. If a policy is provided, it should be a valid JSON file. It is not a mandatory policy. The default directory is <pi_install_dir>/dashboard/config/ directory.

es.index.dashboard.activity.ism.policy

Location of Index State Management (ISM) policy. If a policy is provided, it should be a valid JSON file and es.distro.type should be set to aws. It is not a mandatory policy. The default directory is <pi_install_dir>/dashboard/config/ directory.

kibana.version

Kibana version. The default value is 6.8.1.

Log4j2 configuration properties

publish.log4j2.enable

Set the value to enable publishing attack details to Log4j2. Valid values true or false. By default, the Dashboard provides syslog support.

log4j2.config

Log4j2 configuration file to log attacks to an external service. For example, Syslog. Use com.pingidentity.abs.publish as the logger name in log4j2 configuration.

log4j2.log.level

Log4j2 log level for attack logging. The default value is info.

log4j2.dependencies.dir

The directory for any log4j2 config dependency jar’s. This is useful for third-party log4j2 appenders. The default directory is <pi_install_dir>/dashboard/plugins/.

Log level, Time zone configuration

dashboard.log.level

The applicable log levels. Valid values are all, trace, debug, info, warn, error, fatal, and off. The default value is info.

dashboard.timezone

Set time zone configuration for the Dashboard. Valid values are local or utc.

Dashboard fast forward properties

The properties are only applicable if dashboard is started with the start.sh --fast-forward option.

dashboard.fastforward.earlier_time

The Dashboard fast forward earlier time. The allowed format is YYYY-MM-DDTHH:mm.

dashboard.fastforward.later_time

The Dashboard fast forward later time. The allowed format is YYYY-MM-DDTHH:mm.

dashboard.fastforward.query.range

The Dashboard query range in minutes. It should be multiples of 10. The minimum value is 10.

dashboard.fastforward.query.cooling_period

Cooling period between each query polling batch in seconds. The minimum value is 30 seconds.

The following is a sample dashboard.properties file:

# Dashboard properties file

# ABS
# ABS Hostname/IPv4 address
abs.host=127.0.0.1
# ABS REST API port
abs.port=8080
# ABS SSL enabled ( true/false )
abs.ssl=true
# ABS Restricted user access ( true/false )
abs.restricted_user_access=false
# ABS access key
abs.access_key=OBF:AES:NuBmDdIhJM7KOB3BbXr4db5DfGJcrA==:hUsqFeTUmH5cOjiUPyws9WwTPYw9yAg0C1X1HSmSI30=
# ABS secret key
abs.secret_key=OBF:AES:NuBmDcAhXgsQu8qzJgIo1Mq97B/PVw==:7GpDn83ZAU6GRKYsZe86x0gdnYOZfTbi8rUimDW100o=
# ABS query polling interval (minutes)
abs.query.interval=10
# ABS query offset (minutes. minimum value 30 minutes)
abs.query.offset=30

# UI
# publish attacks+metrics to UI. Valid values true or false
publish.ui.enable=true
# elasticsearch Distribution Type
# valid values are default and aws
es.distro.type=default
# elasticsearch URL
es.url=https://localhost:9200/
# elasticsearch username. User should have manage_security privilege
# If elasticsearch is NOT configured with authentication security, leave this blank
es.username=elastic
# elasticsearch user password
es.password=OBF:AES:NOp0PNQvc/RLUN5rbvZLtTPghqVZzD9V:+ZGHbhpY4HENYYqJ4wn50AmoO6CZ3OcfjqTYQCfgBgc=
# index lifecycle management (ILM) policy,it can be empty
# If a policy is provided, it should be a valid JSON file
es.index.dashboard.activity.ilm.policy=config/ilm.json
# index stae management (ISM) policy,it can be empty
# If a policy is provided, it should be a valid JSON file
es.index.dashboard.activity.ism.policy=config/ism.json
# kibana version
kibana.version=6.8.1

# Log4j2
# publish attacks to Log4j2. Valid values true or false
# By default it provides syslog support
publish.log4j2.enable=false
# log4j2 config file to log attacks to an external service. For example, Syslog
# use com.pingidentity.abs.publish as logger name in log4j2 configuration
log4j2.config=config/syslog.xml
# log4j2 log level for attack logging
log4j2.log.level=INFO
# directory for any log4j2 config dependency jar's.
# useful for third party log4j2 appenders
# it should be a directory
log4j2.dependencies.dir=plugins/

# Log level
dashboard.log.level=INFO

# Timezone configuration
# valid values: local, utc
dashboard.timezone=local

## Fastforward. Only applicable if dashboard is started with 'start.sh --fast-forward'

# earlier time. format YYYY-MM-DDTHH:mm
# E.g 2019-07-12T10:00
dashboard.fastforward.earlier_time=2019-07-12T10:00

# later time. format YYYY-MM-DDTHH:mm
# E.g 2019-11-13T23:50
dashboard.fastforward.later_time=2019-11-13T23:50

# query range in minutes. It should be multiple of 10
# minimum value is 10
dashboard.fastforward.query.range=60

# cooling period between each query polling batch in seconds
# minimum value 30 seconds
dashboard.fastforward.query.cooling_period=60