- 6 minutes to read
Global Settings include options that have impact system-wide.
To open Global Settings, from the top right corner of any screen, click . The System Settings screen opens. Then click the "Global Settings" tab.
Global Settings consist of the following options, none of which are selected by default:
GUI SSL Settings
- Override Default SSL Settings - Check this checkbox in order to replace the default self-signed SSL certificate presented when accessing the Axonius GUI.
- Site Hostname - The hostname of the certificate. This must match a value defined in the certificates Common Name or Subject Alternative Name.
- Certificate File - The public certificate (PEM format)
- Private Key File - The private key certificate (PEM format)
- Private Key Passphrase - The password for the Private Key File, if it is password-protected.
SSL Trust & CA Settings
- Use Custom CA Certificate - Check this checkbox to be able to upload Certificate Authority (CA) certificates files that will be used when Verify SSL is enabled for an adapter connection. The CA certificates provided here will be used in combination with the Mozilla CA Certificate List to verify that the certificate presented by the host defined in the adapters connection is valid.
Proxy Enabled - Check this checkbox to use a proxy for the Axonius machine, if a proxy service exists in your environment.
- Once enabled, you need to configure the proxy address and port (default is 8080), and username and password as optional fields for proxy services, if required.
- Choose whether to verify the SSL certificate of the server. By defualt, verify SSL checkbox is selected.
Send Emails - Check this checkbox to use an Email server. A configured Email server is a prerequisite before you can configure an email notification as part of a configured Enforcement Set or configuring a report to be sent via mail.
- Once enabled, you need to define the Email Host name and Port. User name and password are optional.
- Configure if the connection will be unencryped, verified or unverified. If you select the 'Verified' or 'Unverified' options, you need to provide the SSL CA, certificate and private key files.
- Define the 'Sender Address' for all mails sent by Axonius.
Use Syslog - Check this checkbox to use a Syslog server.
Once enabled, define Syslog Host name and Port (optional) and you can use an SSL connection and certificates.
This setting must be enabled in order to utilize the Send to Syslog System action.
If this setting is enabled, the following log entries are sent to the configured Syslog server:
- Sent on success or failure of each login attempt.
- Entries will include the supplied user name and the result.
- Discovery cycle phase
Sent on the beginning and ending of each discovery cycle phase.
- Adapter connection failures
- Sent when an adapter connection fails to connect using the supplied configuration.
- Entries will include the adapter name, ID of the node running the adapter, and connection error.
- Adapter connection fetches
- Sent when a fetch is finished if the "Notify on Adapters" setting is enabled.
- Entries will include the number of assets fetched and how long the fetch took.
- Adapter connection asset cleanup
- Sent when an adapter decides to remove assets due to the configuration defined in Advanced Settings.
- Entries will include the number of assets removed.
- For more details see: Adapter Advanced Settings.
HTTPS Logs Settings
Use HTTPS Logs - Check this checkbox to use an HTTPS logs server,
Once enabled, define HTTPS Logs Host name, Port (optional) and the HTTP Proxy name (optional).
This setting must be enabled in order to utilize the Send to HTTPS Log System action.
If this setting is enabled, the log entries described in the Syslog Settings are sent to the configured HTTPS logs system.
Use Jira - Check this checbox to use a Jira server. This is a prequisite to configure an Enforcement Set with a 'Create Jira Issue' action.
To integrate Axonius with Jira, you need to do the following :
- Create a user in your Atlassian site with access to Jira. The user should be part of the most basic group which is jira-software-users.
- Log in to Jira using the created user and generate an API token.
For cloud based Atlassian sites, use the following URL to generate an API token: https://id.atlassian.com/manage/api-tokens#
- Under the Global Settings, specify the Jira domain, username and password.
Choose whether to verify the SSL certificate of the server. By defualt, verify SSL checkbox is selected.
- Notify On Adapters Fetch - Check this checkbox to generate a system notification, notify Syslog (if enabled) or notify HTTPS Log System (if enabled) every time a discovery cycle for specific adapter starts and when it ends.
- Adapters Errors Mail Address - Configure a comma-separated list of email addresses to receive an email when there is a connection issue with any of the adapter servers.
- Correlate Users by Email Prefix - Axonius correlates users based on several criteria, including the user name and email address.
Check this checkbox to correlate users by email prefix only, instead of correlating users by the entire email address. For example, in the email address JohnDoe@CompanyDomain.com, “JohnDoe” is the email prefix.
- Correlate Microsoft Active Directory (AD) and Microsoft SCCM data based on Distinguished Names - Check this checkbox to correlate devices by the LDAP object distinguished name.
- Correlate CSV Adapter only if Full Hostnames are Equal - If enabled, Axonius only correlates assets from a CSV adapter connection if the full hostname in the CSV matches the full hostname of an asset in Axonius.
Static Analysis Settings
- Fetch Software Vulnerabilities Even when the Vendor Name is Unknown - Check this checkbox to fetch vulnerabilities even if the software vendor name is unknown. By default, this options is unselected, and Axonius will fetch vulnerabilities only if they include both software and vendor names.
- Maximum Adapters to Execute Asynchronously - Define the number of adapters that - as part of discovery cycle - will be executed to fetch asset information in parallel. Default value is 20.
- Socket Read-Timeout in Seconds - Define the number of seconds to wait for any initial or existing connection response before reporting a connection timeout. Default value is 5 seconds.
Getting Started with Axonius Settings
- Enable Getting Started with Axonius Checklist - Check this checkbox to enable and display the Getting Started with Axonius checklist.
- Remote Support - Allow Axonius to remotely connect to the instance using a Chef agent. Remote support is required to provide continuous updates, maintenance, and troubleshooting. It is strongly recommended to keep this enabled to have the best customer experience.
If you turn remove support off, you can still allow Axonius to remotely connect to the instance for a predefined number of hours.
- Anonymized Analytics – Anonymized analytics data will be sent to Axonius. This kind of data consists of errors and exceptions, usage alerts, and more. It is strongly recommended to keep this enabled to have the best customer experience.
- Remote Access – Remote Access allows Axonius to keep the system updated by providing continuous updates and to speed-up issue resolution time.