Proofpoint | ObserveIT On-Premises Insider Threat Management

Configuring System Settings

This topic describes how ObserveIT administrators can configure specific system settings that are used throughout the Web Console.

To configure system settings in the Web Console

  1. Navigate to Configuration > SettingsSystem Settings.

    The System Settings page opens.

  2. Configure your system settings by defining the relevant options, as follows:

    General Settings

    • Default OS type for searching: Select the type of operating system on which to perform search operations in the Web Console. Options are: Windows/Mac (default) or Unix.

    • Week begins on: Specify the first day of the week for the generation of reports, alerts, and data in the User Activity Profile graph. Default value is Monday.

    • Allow LDAP local groups: Enable/disable the use of Active directory groups of the type "LOCAL-RESOURCE-GROUP". By default, this check box is unselected.

    • Display configurable message in offline mode: Enable/disable a message (configurable in a Offline Recording Policy) to be displayed upon each login in offline mode. By default, this setting is disabled.

    Security Settings

    • Maximum allowed login attempts: Specify the maximum number of login attempts allowed before temporary user lockout. Default value is 999.

    • Minutes to lock out user: Specify the number of minutes during which a user cannot log in after the maximum number of login attempts was exceeded. This setting is disabled by default; that is, set to 0.

    • Web Console session timeout: Specify the number of minutes of inactivity after which Web Console sessions will automatically be terminated. Default value is 60.

    Website Categorization

    • Enable Website Categorization module: Enable/disable the mechanism that detects the category of websites based on their URLs, and that allows alerts to be triggered upon browsing to websites from specific categories. By default, this setting is enabled.

    • Cache categories of web pages for WC-based recording by: When Enable Website Categorization is checked (enabled), users can choose how the agent should handle the cache of websites and their categorization. Select Domain Name to cache all website addresses that fall under that domain name. For example, www.yahoo.com will include www.yahoo.com/finance and any other address under the domain. Select Full URL to cache the exact full URL only and no other addresses under that domain name.

    • Note: If you disable this setting when the Website Categorization module is installed, the following message will be displayed: By unchecking this option, the Website Categorization module will not be used anymore. It is highly recommended to manually uninstall it in order to save system resources (memory, CPU, disk space).

    • Failover mode when categorization service is not responding: When an endpoint is not connected to the network/ObserveIT server, website categorization can't be performed when a user browses to a new URL and no alert can be triggered. When the agent is able to connect, any recorded activity is scanned for alert triggers and alerts are issued. This option allows users to choose how the agent should handle activity recording. Select Dynamic to record activity based on the list of included/excluded websites in the Application Recording Policy. Select Record to record all activity. Select Do Not Record to prevent recording of any activity while the agent is not connected to the ObserveIT server.

    Optional Screens and Features

    • Show Inventory and Software screens (Endpoint Diary): Display or hide the Inventory and Software views in the Endpoints Diary. These screens list the hardware resources and the software currently installed on specific endpoints. By default, this setting is disabled (i.e., the screens are not displayed).

    • Show advanced tracked file control and diagnostic screens (Endpoints): Display advanced track file control and diagnostic screen from Configuration > Endpoints. Tracked File Control allows you to view and control tracked files per endpoint. File Activity Exclusions screen allows you to exclude file activity originating from other endpoints.

    • Allow deletion of session data: Enable/disable the deletion of session screenshots and metadata. By default, this check box is unselected (disabled).

    • Do not send Web Console analytics data anonymously: Disable/enable the sending of analytics data about usage of the Web Console, such as, which pages were viewed, which on-screen controls were clicked, and so on. By default, this setting is disabled (i.e., anonymous usage analytics data is being collected).

    • Show standby mode option in Recording Policy of Windows: Allow windows Agents to work in standby mode and check every few minutes whether the Group membership has changed in way that a user will have to be recorded.

    • Show Linux Desktop UI parameters in Recording Policy: Show Recording Policy settings required for Linux Desktop UI Monitoring.

  3. Click Save to activate your newly-configured settings.

    Any changes you make when configuring system settings can be viewed for auditing purposes in the Audit > Configuration Changes tab of the Web Console. For further details, see Auditing Configuration Changes.

version 7.12.2

Copyright © 2021 ObserveIT a division of Proofpoint