System Admin Configuration Types
System Admin configurations set values for system administrative settings. The available System Admin configuration types are listed here.
Authentication External
An Authentication External configuration defines values and behavior for a hardware or software system requiring authentication to an external server, such as LDAP or RADIUS.
After changing the Authentication Method on a host, you must delete the host from ArcMC, then re-add it using Node Management.
Note: Authentication External configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.
Parameter |
Data Type |
Description |
---|---|---|
Authentication Method* |
String |
System authentication method. |
Allow Local Password Fallback for Default Admin Only* |
Boolean |
If Yes, the authentication server will fall back to local passwords for authentication for administrators. |
Allow Local Password Fallback for All Users* |
Boolean |
If Yes, the authentication server will fall back to local passwords for authentication for all users. |
LDAP Server Hostname[port]* |
String |
LDAP server hostname and port. |
LDAP Backup Server Hostname [port] |
String |
LDAP backup server hostname and port. |
LDAP Server Request Timeout (seconds) |
Integer |
LDAP server request timeout, in seconds. |
RADIUS Server Hostname[port] |
String |
RADIUS server hostname and port. |
RADIUS Backup Server Hostname[port] |
String |
RADIUS backup server hostname and port. |
RADIUS Shared Authentication Secret |
String |
RADIUS authentication shared secret. |
RADIUS Server NAS IP Address |
String |
RADIUS server Network Access Server IP address . |
RADIUS Request Timeout (seconds) |
Integer |
RADIUS server request timeout, in seconds. |
RADIUS Retry Request |
Integer |
Number of times to retry RADIUS server requests. |
RADIUS Protocol |
String |
Type of RADIUS protocol. |
Authentication Local Password
An Authentication Local Password configuration defines a hardware or software system’s local password options and behavior.
Parameter |
Data Type |
Description |
---|---|---|
Enable Account Lockout* |
Boolean |
If Yes, account lockouts are enabled after an incorrect password entry. |
Lock Out Account after N Failed Attempts* |
Integer |
Number of failed attempts before lockout. |
Remember Failed Attempts For (seconds)* |
Integer |
Time, in seconds, between failed attempts that will trigger a lockout. |
Lockout Account for (minutes)* |
Integer |
Time, in minutes, that the account will be locked out. |
Enable Password Expiration* |
Boolean |
If Yes, password expiration is enabled |
Password Expires in (days)* |
Integer |
Interval, in days, after which a password expires. |
Notify User (Days Before Expiration)* |
Integer |
Days before password expiration that the user is notified. |
Users Exempted from Password Expiration Policy |
List of comma-separated strings |
Comma-separated list of users whose passwords will never expire. |
Enforce Password Strength* |
Boolean |
If Yes, password strength is enforced. |
Minimum Length (characters)* |
Integer |
Minimum number of password characters. |
Maximum Length (characters)* |
Integer |
Maximum number of password characters. |
Numeric [0-9]* |
Integer |
Minimum number of numeric password characters. |
Upper Case [A-Z]* |
Integer |
Minimum number of uppercase password characters. |
Lower Case [a-z]* |
Integer |
Minimum number of lowercase password characters |
Special [1$^*...]* |
Integer |
Minimum number of special password characters. |
Password Must Be At Least* |
Integer |
Minimum number of characters a new password must differ from the user’s previous password. |
Include “Forgot Password” link on Login Screen* |
Boolean |
If Yes, a link is provided where the user can recover a password. |
Authentication Session
An Authentication Session configuration defines values for a hardware or software system’s authentication sessions.
Parameter |
Data Type |
Description |
---|---|---|
Max Simultaneous Logins Per User* |
Integer |
Maximum number of simultaneous logins per user. If Max Simultaneous Logins/User is set to 1, it is required to have at least another admin user, otherwise the admin user will not be able to log in. |
Logout Inactive Session After (seconds)* |
Integer |
Inactivity session timeout, in seconds. |
Disable Inactive Account After (days)* |
Integer |
Number of days of inactivity after which an account will be disabled. |
DNS Configuration
A DNS Configuration defines values for a hardware appliance’s Domain Name Service.
Parameter |
Data Type |
Description |
---|---|---|
Primary DNS* |
String |
Primary DNS server. |
Secondary DNS |
String |
Secondary DNS server. |
DNS Search Domains |
List of comma-separated strings |
Comma-separated list of DNS search domains. |
FIPS Configuration
A FIPS configuration enables or disables FIPS mode on a managed node.
Parameter |
Data Type |
Description |
---|---|---|
Enabled* |
Boolean |
If Yes, FIPS is enabled on the node. |
Network Configuration
A Network Configuration defines values for a hardware appliance’s default gateway setting.
Note: Values for these network settings cannot be changed through ArcSight Management Center: hostname, IP addresses for the network interfaces, static routes, /etc/hosts file, and time settings.
Parameter |
Data Type |
Description |
---|---|---|
Default Gateway* |
String |
Default network gateway. |
NTP Configuration
An NTP Configuration defines values for a hardware appliance’s Network Time Protocol.
Parameter |
Data Type |
Description |
---|---|---|
Enable as NTP Server* |
Boolean |
If Yes, the system is enabled as an NTP server. |
NTP Servers* |
List of comma-separated strings |
Comma-separated list of NTP servers. Required even if Enable as NTP Server is false. |
SMTP Configuration
An SMTP Configuration defines values for a hardware or software system’s Simple Mail Transfer Protocol.
SMTP Configuration provides for authentication and security. This is implemented through the primary STMP server port, primary username, primary password, primary certificate, backup STMP server port, backup username, backup password, and backup certificate fields, along with the primary STMP server, backup STMP server, and outgoing email address fields.
Parameter |
Data Type | Description |
---|---|---|
Primary SMTP Server* | String | Primary SMTP server. |
Secondary SMTP Server | String | Secondary SMTP server. |
Outgoing Email Address* | String | Outgoing email address. |
Enable Auth/TLS | Boolean | Enable/Disable secure authenticated mode of communication with SMTP server |
Primary SMTP Server Port | Integer | Primary SMTP Server Port. Required if Auth/TLS is enabled. |
Primary SMTP Server Username | String | Primary SMTP Server Username. Required if Auth/TLS is enabled. |
Primary SMTP Server Password | String | Primary SMTP Server Password. Required if Auth/TLS is enabled. |
Primary SMTP Server Certificate Content | String | Upload Primary SMTP Server Certificate. Required if Auth/TLS is enabled. |
Secondary SMTP Server Port | Integer | Secondary SMTP Server Port. Required if Auth/TLS is enabled. |
Secondary SMTP Server Username | String | Secondary SMTP Server Username. Required if Auth/TLS is enabled. |
Secondary SMTP Server Password | String | Secondary SMTP Server Password. Required if Auth/TLS is enabled. |
Secondary SMTP Server Certificate Content | String | Upload secondary SMTP Server Certificate. Required if Auth/TLS is enabled. |
SNMP Poll Configuration
An SNMP Poll Configuration defines values for a hardware appliance’s Simple Network Management Protocol monitoring. supports V2c and V3 of SNMP.
Parameter |
Data Type |
Description |
---|---|---|
Status |
Boolean |
If Yes, SNMP polling is enabled. |
Port* |
Integer |
SNMP port. |
SNMP Version* | String | Version of SNMP supported.Valid values are v2c and v3. |
Community String | String | SNMP community string. Required for V2c only. |
Username | String | Authentication username. Required for V3 only. |
Authentication Protocol* | String | Authentication protocol. Valid values are MD5 and SHA. Required for V3 only. |
Authentication Passphrase | String | Authentication passphrase. Required for V3 only. |
Privacy Protocol | String | Privacy protocol. Valid values are DES and AES128. Required for V3 only. |
Privacy Passphrase | String | Privacy passphrase. Required for V3 only. |
System Name | String | Name of the SNMP system. |
Point of Contact | String | Point of contact. |
Location | String | System location. |
SNMP Trap Configuration
An SNMP Trap Configuration defines values for a hardware appliance’s Simple Network Management Protocol notifications. supports V2c and V3 of SNMP.
Parameter |
Data Type |
Description |
---|---|---|
Status |
Boolean |
If Yes, SNMP polling is enabled. |
NMS IP Address | String | IP address of network management server. |
Port* |
Integer |
SNMP port. |
SNMP Version* | String | Version of SNMP supported.Valid values are v2c and v3. |
Community String | String | SNMP community string. Required for V2c only. |
Username | String | Authentication username. Required for V3 only. |
Authentication Protocol* | String | Authentication protocol. Valid values are MD5 and SHA. Required for V3 only. |
Authentication Passphrase | String | Authentication passphrase. Required for V3 only. |
Privacy Protocol | String | Privacy protocol. Valid values are DES and AES128. Required for V3 only. |
Privacy Passphrase | String | Privacy passphrase. Required for V3 only. |