Configuration
Click Configuration to display a menu with the following options:
Auditing
In the web UI, configure system auditing in Configuration > Auditing. The audit configuration is available to administrators or operator roles. Use the audit configuration in the following ways:
Record user actions on the system.
Forward user activity to an external system.
Track changes and view audit logs to ensure no unauthorized changes were made to endpoints in your environment.
Data Retention Policy
The Data Retention Policy is the protocol used for retaining data in your company’s Nuix Adaptive Security instance.
In this window, you can make changes to the existing policy.
The following settings are available in this window:
Enabled: Select the check box to enable this setting. If the check box is not selected, the setting is disabled.
Number of days of data retention: Number of days that data is retained. For example, if 10 is set here, then the last 10 days of data are kept.
Click Save to commit the changes or Cancel to discard the changes.
Federated authentication
Nuix Adaptive Security supports SSO authentication using Microsoft Azure Active Directory. This allows administrators to manage access, define group memberships and roles, enhance security, and monitor user activity.
For more information, see the Nuix Adaptive Security Installation Guide.
Kafka forwarding
Kafka is an open-source stream-processing software platform. Nuix Adaptive Security Kafka forwarding is compatible with Nuix Workstation.
If the Kafka option is clicked, a window with the following options appears:
Enable forwarding selected data to Kafka: Select this option to allow Nuix Adaptive Security to forward selected event data to Kafka.
Enable Event Storage: Select this option to store specific selected events to another storage system instead of the local database.
Bootstrap Servers (comma delimited): List of the servers (and the port) being used by Kafka. If more than one server is being used, the servers are separated by commas.
Message send timeout in milliseconds: Amount of time before a message will stop sending and be considered timed out. This is set to 3000 milliseconds (3 seconds) by default.
Number of send retries: Amount of times Kafka attempts to send a message if it is unsuccessful in getting through during its initial send.
Heartbeat interval in minutes: The heartbeat status is used to detect failures. Set a heartbeat interval in minutes. The default heartbeat is five-minute intervals. A Kafka alert error appears if the heartbeat fails.
Splunk forwarding
Nuix Adaptive Security supports Splunk forwarding by using the API to send alerts and events directly to Splunk. Enable Splunk forwarding in the Nuix Adaptive Security web UI under Configuration>Kafka and Splunk Configuration.
To set up Splunk forwarding, add a Splunk token and a hostname or IP address. The rest of the configuration settings are under General and are shared with Kafka forwarding.
Create an index in Splunk for every view that you are intending to forward to Splunk. The indexes are the topic base name and the view that is forwarded. See the following index list with the default base name of nuix_adaptive:
nuix_adaptive_alerts
nuix_adaptive_clipboard
nuix_adaptive_file
nuix_adaptive_keylog
nuix_adaptive_media
nuix_adaptive_print
nuix_adaptive_process
nuix_adaptive_session
nuix_adaptive_screenshot
nuix_adaptive_url
For more information on how to configure Splunk for Nuix Adaptive Security, see Configure Splunk in the Nuix Adaptive Security Installation Guide.
Kafka and Splunk configuration general settings
The following settings are the general configuration settings for Kafka and Splunk forwarding.
Send all events to a single topic: Select this option to send all events to the same topic when more than one is selected for forwarding.
Topic base name: Name of the category where the records that Kafka is collecting are held.
Event polling interval in milliseconds: Period of time between polling by Kafka. This is set to 30000 milliseconds (30 seconds) by default.
The list of views to forward: Select options from the list of database views. The views include Alerts, Removable Media, File, Session, Print, Process, Keylog, Screenshot, URL, and Clipboard. You can choose multiple views.
Alert categories to exclude when forwarding: Enter the alert category name to be excluded when forwarding to Kafka. Categories must be separated by commas.
Don’t forward events earlier than: Select the date and time stamp to start forwarding events.
Force Adaptive to resend all events: Select this option to resend all event data from Nuix Adaptive Security.
Once these values have been entered, click Submit to set up the configuration.
Public IP
In the web UI, you can change the Nuix Adaptive Security endpoint server’s public IP address in Configuration > Public IP. A reboot is required to activate the new IP address.
Use the following procedure when changing the IP address.
In the web UI, change the IP address.
In the network settings, change the IP address.
Reboot the Nuix Adaptive Security endpoint server.