Managing Settings

Stellar Cyber Academy icon Learn more at Stellar Cyber Academy.

The following link takes you to a course on the Stellar Cyber Academy technical training portal where you can learn more about this topic by watching the suggested lessons.

(2024) ADMIN - Admin Essentials for Tenants Users and System (03h:46m)

Explore how to configure custom-branded logos for the Stellar Cyber Platform UI and tenant reports. Understand the steps to upload logos for partner and customer-specific branding.

Watch a demonstration of creating and applying custom-branded logos for tenant-specific reports and platform UI customization in Stellar Cyber.

The first time you access a link on the portal during a session, you must log in to access content.

You must have the Super Admin role with Root scope assigned to your account to use this feature.

Use the System | ORGANIZATION MANAGEMENT | Settings page to manage global settings for Stellar Cyber. You can make changes in each section independently; each section has its own Submit button. You can also make changes per tenant. Tenant configurations take precedence over the global configuration.

Use this page to understand how to:

Web Server Settings

This section controls the web server, providing the following controls:

  • HTTP Port – You can use a non-standard HTTP port to access the Stellar Cyber server by substituting it for the default of 80 here. However, Stellar Cyber redirects this to the HTTPS port automatically.

  • HTTPS Port – You can use a non-standard HTTPS port to access the Stellar Cyber server by substituting it for the default of 443 here.

  • Session Idle Timeout – Set the number of minutes until the Stellar Cyber session times out. You can specify a timeout value between 3 - 1440 minutes. If you specify a timeout outside of these limits, the timeout reverts to its default value of 60 minutes.

Select Submit to save these settings and immediately make them active. You will be logged out and the UI will restart.

Data Processor Settings

This section lets you apply the certificates uploaded in the System | Saved Objects | Certificates page to the Data Processor. There are separate fields that let you apply different certificates to Stellar Cyber components as follows:

  • Server Certificates – Server certificates are used to validate communications between clients and Stellar Cyber. Refer to Generating Server Certificates for information on how to create a server certificate in both Linux and Windows.

    You can apply different Server Certificates to the following Stellar Cyber components in the Data Processor Settings panel:

    • UI Server Certificate – Secures communications between clients and the user interface.

    • Receiver Certificate – Secures communications between clients and receivers on the DP. Data sent from sensors and log sources are sent to receivers on the DP.

    • Sensor Upgrade Server Certificate – Secures device upgrades in deployments that do not use SSL inspection on the DP firewall.

    • CM Certificate – Secures communications between clients and the CM service on the DP.

  • CA Certificate – CA certificates are used to enable upgrades of Stellar Cyber DPs and sensors behind firewalls that use SSL inspection. Make sure you choose the CA certificate used by the SSL inspection service on the firewall protecting the DP.

    Note that it is possible that the DP might be behind a different firewall than sensors. Make sure you assign the CA certificate from the correct firewall to the DP.

    Sensors behind firewalls using an SSL inspection service also require a CA certificate. You assign certificates to sensors using the Apply CA Certificate button in the System | DATA SOURCE MANAGEMENT | Sensors | Sensors page.

If you cannot access the Stellar Cyber user interface after applying a server certificate to the DP, it's likely that the certificate was not in PEM format. You can address this from the CLI of the Data Lake Master host:

  1. Open an SSH connection to the Data Lake Master host.

  2. Run the following command:

    unset server_cert

The DP user interface should become available again after a few minutes. Refresh your browser if necessary.

Authentication Settings

This section allows you to configure Local or SSO authentication. With local authentication, you log in directly to Stellar Cyber and user credentials are managed locally by Stellar Cyber. SSO authentication logs you in to Stellar Cyber automatically, using the IdP provider you configured. The first time you log in, your SSO login appears. After you log in to your SSO service, the SSO automatically logs you in to Stellar Cyber the next time you access the page (assuming you are logged in to the SSO service). To log out of Stellar Cyber, log out of your SSO.

For detailed procedures to configure Local and SSO authentication, including overrides for tenants, refer to the following topics:

A Global selection of Authentication and Authorization applies to all users (root, partner, and tenant), so the option to change authentication method for a specific tenant is not applicable when the Global method is set to Authentication and Authorization. You cannot log in to Tenant SSO when Global SSO is set to Authentication and Authorization. If you want to use SSO but also allow local users and tenant override, you must set the Global authentication method either to Local or to use the IdP with Authentication Only.

Global Settings

This section provides the following controls:

  • Publicly Accessible Authority – Specify the publicly accessible IP address or hostname of the DP here (the same IP address users enter in their browser to access the Stellar Cyber user interface).

    You must enter the IP address of the Data Processor here so that links in notification emails sent from the System Action Center work correctly. You can enter it as an IP address, hostname, or a URL (for example, www.mydp.com, 10.36.200.43, or https://10.36.200.43).

  • Title – Supply an optional title for Stellar Cyber web pages. The name you supply here appears in browser tabs instead of the default title of "Stellar Cyber."

  • System Timezone – Set your timezone relative to UTC and to your most common operational timezone. Stellar Cyber adds the timezone in the alert descriptions of the Login Time Anomaly.

  • System Logo / System Logo (Light theme)

    Use these options to upload a logo to use in the UI (top left corner), on the login page, and on reports. You can upload separate logos for use in both the dark and light themes.

    Stellar Cyber Academy icon See the top of this page for recommended lessons about this section at Stellar Cyber Academy.

    • When you select Submit, the logo is immediately visible in the UI.

    • Select Delete to replace the uploaded logo with the default Stellar Cyber logo.

    • The System Logo replaces a Tenant Logo uploaded when adding or editing a Tenant Group.

    • To completely rebrand Stellar Cyber (removing "Powered by Stellar Cyber", adding your custom login screen, and customizing the menu, contact technical support.

  • Favicon – Upload a logo to be used as a shortcut icon for Stellar Cyber.

  • Login Message – Supply an optional text message to display to users in a popup window upon login to Stellar Cyber. If you leave this field empty, Stellar Cyber does not display a login message. Note that this is a global message that appears to all tenants on each login.

  • DHCP Lease Period (Hours) – Specify the period of your DHCP lease. Stellar Cyber uses this period to release IP addresses from the asset IDs, preventing the accumulation of multiple asset IDs for a single asset (due to changing IP addresses). If you leave this blank, Stellar Cyber might merge data for two different assets (because they have the same IP address), or split data for a single asset (because Stellar Cyber thinks the IP address was released and assigned to another asset). You can also set a custom DHCP lease period for each tenant under System | ORGANIZATION MANAGEMENT | Tenants.

    To keep Stellar Cyber from releasing the IP address of an asset, set it to static on the Asset Analytics | IP Identified Assets page.

  • Enable AI Investigator – Toggles the AI Investigator feature on or off for your organization. When the feature is off, all related user interface controls are hidden. When the feature is on, users have access to AI-powered threat investigation.

Select Submit to save these settings and immediately make them active.

Tech Support Settings

You can have your sensors collect logs to help troubleshoot sensor performance. The logs contain detailed information that is not exposed on the user interface.

At the top you can see the current size of the tech support logs. You can configure:

  • Current Usage – Displays the total memory currently in use for Tech Support logs.

  • Collect Logs From Sensor – Enabled by default. Clear this to stop collecting logs from your sensors.

  • Days to store logs – Number of days to store the logs.

  • Store Logs in the Cloud – Send the logs to our cloud service instead of to your DP. We can then access the logs from the cloud instead of accessing your DP.

  • Support Portal URL – Point the Support Portal entry in the menu to a custom location instead of Stellar Cyber's support portal.

  • Collect Usability Data for Product Analytics – This setting allows Stellar Cyber to perform usage analytics, such as access to documentation pages. The setting is on by default, but can be disabled for your environment, if needed.

Select Submit to save these settings and immediately make them active.

System Notifications

You can configure Stellar Cyber to send notifications for these system events:

  • License Expiring – Send notifications every day starting 10 days before a license expires.

  • License Expired – Send notifications every day after a license expires. You have a grace period of 30 days in which to renew. After 30 days, data ingestion ceases and you can no longer access Stellar Cyber.

  • Metadata Limit Exceeded – Send notifications every day that your data ingestion exceeds your licensed limit.

  • Data Storage Reaching Capacity – Send notifications every 30 days when your disk storage approaches 80% of capacity. When disk storage reaches 80% of capacity, Stellar Cyber automatically deletes older raw data to keep space available for new data and security events.

  • Recipients – Choose notification recipients from the drop-down list. You can configure additional recipients on the System | Recipients page.

Windows Agent Sensor Settings

This section provides the following controls for Windows Server Sensors (agents):

  • Auto Authorization – Enable this to automatically authorize Windows Server Sensors. This is useful when you're using a virtualized desktop infrastructure, but it also works with any Windows Server Sensor.
  • Auto Purge Period (days) – Enable this to automatically purge Windows Server Sensors. This is also useful when using a virtualized desktop infrastructure because the sensors are temporary.

Select Submit to save these settings and immediately make them active.

Advanced Settings

This section provides a single control:

  • Shutdown System – Select to shut down the Stellar Cyber Data Processor. This is useful to gracefully shut the system down to prepare for maintenance or reconfiguration.

When you shut Stellar Cyber down, any active Photon sensors in the network buffer data so that data collection continues while the Data Processor is unavailable.