You can change the default settings in ABS by editing the abs-defaults.yml file.
The following table lists the variables that you can set for ABS.
Variable | Description |
---|---|
|
Port for ABS to ASE and REST API to ABS communication. The default value is 8080. |
|
MongoDB username and password. The default username is
|
|
If you are running all the PingIntelligence components on the same instance, keep the MongoDB cache size to a maximum of 25% of the system memory. If you are running MongoDB on a separate instance, keep the MongoDB cache size to a maximum of 40% of the system memory. |
|
Default value is |
|
Set it to Note:
Make sure |
|
Name of the MongoDB replica set. Default name is
|
|
The number of hours that you want to train the AI model before it moves to the prediction mode. Default value is 24 hours. |
|
Memory size in MB allocated to run machine learning jobs. Recommended to be at least 50% of system memory. |
|
The access key and secret for the admin user. For more information on different ABS users, see ABS users. Note:
":" (colon) is a restricted character and not allowed in access key and secret key. |
|
The access key and secret for the restricted user. For more information on different ABS users, see ABS users. Note:
":" (colon) is a restricted character and not allowed in access key and secret key. |
|
The password of the Java Keystore (JKS). The default password is
|
|
Configure the following settings:
|
|
The default value for CLI admin is |
|
Sets the mode in which AI engine sets the thresholds for the AI models.
If set to |
|
ABS consumer user in Kafka. Default: |
|
ABS producer user in Kafka. Default: |
|
ABS group in Kafka. Default: |
|
ABS consumer user password. Default: |
|
ABS producer user password. Default: |
|
Minimum number of insync replicas for data in Kafka. |
|
ABS transaction topic in Kafka. |
|
ABS attack topic in Kafka. |
|
ABS anomalies topic in Kafka. |
|
Number of partitions for topics. |
|
Replication factor for topics. |
|
Retention period of data on topics. |
|
Pre-existing Kafka |
|
Pre-existing Kafka truststore password in
|
|
API Publish service port. Default: |
|
API Publish service JKS password. You can change the password for the JKS file. It will be generated during installation. |
|
Mongodb Server Certificate Verification for API Publish service. Default: |
|
Alias for API Publish service SSL JKS file. Default: |
|
API Publish service database name. Default: |
|
API Publish service metadatabase name. Default: |
|
API Publish service CLI password. Default: |
|
API Publish service new admin password. Default: |
Make sure to take a backup of the abs-defaults.yml file on a secure machine after the automated installation is complete.
The following is a sample abs-defaults.yml
file.
---
abs:
# Define ports for the PingIntelligence ABS
# Make sure ports are not same for single server installation
management_port: 8080
# Mongo DB User and password
mongo_username: absuser
mongo_password: abs123
# Define cache size for MongoDB (% of total RAM).
# MongoDB will be configured to use this percentage of host memory.
mongo_cache_size: 25
# Communication between mongo and ABS
mongo_ssl: true
# Mongo DB Server Certificate Verification
# Set to true if Mongo DB instance is configured in SSL mode and you want to do the server certificate verification
# By default ABS will not verify the MongoDB server certificate
mongo_certificate_verify: false
# Mongo replica set name
mongo_replica_set: absrs01
# When kafka is set to false in config/hosts, this url will be used
# Give the host:port combination of mutiple kafka server in comma seperated.
# Make sure kafka_server_url is accessible from ansible management host, dataengine, and abs nodes.
#This will be used via dashboard dataengine module too.
kafka_server_url: kafka_1:9093
# When kafka is set to false in config/hosts, this passoword for jks will be used
#This will be used via dashboard dataengine module too.
kafka_custom_truststore_password: custom
# Duration of initial training period (units in hours)
# This value will be set in the mongo nodes
attack_initial_training: 24
# Memory for webserver and streaming server (unit is in MB)
system_memory: 4096
# Access keys and secret keys to access ABS
access_key: abs_ak
secret_key: abs_sk
access_key_ru: abs_ak_ru
secret_key_ru: abs_sk_ru
# Password for ABS keystore
jks_password: abs123
#Users in Kafka for abs
consumer_user: abs_consumer
producer_user: abs_producer
abs_groupid: pi4api.abs
# Kafka Consumer Producer Password
consumer_authentication_password: changeme
producer_authentication_password: changeme
#Kafka Relicas
min_insync_replicas: 1
#topics to be created in kafka
transactions_topic: pi4api.queuing.transactions
attacks_topic: pi4api.queuing.ioas
anomalies_topic: pi4api.queuing.anomalies
#Topic partition ,replication_factor and retention_period(in milli seconds)
#These will be used when install_kafka is true and topics are created as part of deployment.
topic_partitions: 1
replication_factor: 1
retention_period: 172800000
# Configure Email Alert. Set enable_emails to true to configure
# email settings for ABS
enable_emails: false
smtp_host: smtp.example.com
smtp_port: 587
sender_email: sender@example.com
email_password: password
receiver_email: receiver@example.com
# CLI admin password
current_admin_password: admin
new_admin_password: admin
poc_mode: false
api_publishing_service:
# Define ports for the PingIntelligence API Publish Service
# Make sure ports are not same for single server installation
management_port: 8050
# Password for APIPublish keystore
jks_password: api123
# Mongo DB Server Certificate Verification
# Set to true if Mongo DB instance is configured in SSL mode and you want to do the server certificate verification
# By default apipublish will not verify the MongoDB server certificate
mongo_certificate_verify: false
server_ssl_key_alias: pingidentity
# MongoDB Database names
data_dbname: abs_data
meta_database: abs_metadata
# MongoDB authentication
# If authentication is not enabled in MongoDB, set the mongo_auth_mechanism to NONE
# The supported MongoDB authentication mechanisms are DEFAULT and PLAIN.
# If authentication mechanism is DEFAULT, provide MongoDB username and password for mongo_username
# and mongo_password. If authentication mechanism is PLAIN, provide external
# LDAP username and password in mongo_username and mongo_password.
mongo_authentication_mechanism: DEFAULT
# CLI admin password
current_admin_password: admin
new_admin_password: admin
To change the default system memory in theabs.properties
file of ABS: