System Settings
The System Settings allow you to edit the Event Alerts settings, add or remove Webhooks and manage Events Data Storage.
Event Alerts
This feature allows you to enable and disable, as well as adjust the event alert settings (notification interval/frequency, event threshold, and type of notification) per severity level. This means that event alerts can be triggered with a more or less threshold sensitivity and more or less frequently (notification interval) so that you can manage the timeliness of notifications and the number of notifications received.
Each rule’s severity will dictate which of the severity notification configurations will be applied to that rule.
If there is an error running the event notification task at the scheduled notification interval (such as events cannot be read from the event datastore) an error notification will be sent by the configured notification method.
The following parameters are individually configurable at each severity level:
- Enable/Disable
- Notification Interval
- Event Threshold
- Notification Methods (webhook, email)
Enable/Disable
This enables or disables the event notifications for each severity level. When disabled, no event notifications for that severity will be sent via email or webhook.
Notification Interval
This setting adjusts the time period during which a set event threshold will apply for each event severity.
Event Threshold
This sets the minimum number of events required to trigger a notification.
Examples
Example 1
- Low Severity is configured with a threshold of 10
- Low Severity is configured with a Notification Interval of 1 hour
- Rule A is configured with a Severity of Low
- Rule A triggers 8 times within 1 hour (the Notification Interval).
Because the threshold is 10 events within that hour, and only 8 are triggered, there will be no event notifications.
Example 2
- Low Severity is configured with a threshold of 10
- Low Severity is configured with a Notification Interval of 1 hour
- Rule A is configured with a Severity of Low
- Rule A triggers 12 times within 1 hour (the Notification Interval).
Because the threshold is 10 events within that hour, and 12 events are triggered (2 more than the Event Threshold), then 2 Event Notifications will be generated.
Note that the thresholds apply on a per rule basis. In the above Example 1, if Rule B were set with a severity of Low and it triggered 3 times within the same time interval that Rule A triggered 8 times, the Threshold is not met. It must be 10 times for each rule in order to trigger the notification: it is not an aggregate across all Low Severity rules.
Example 3
- Low Severity is configured with a Notification Interval of 1 hour
- The event datastore becomes unreachable
Since the events cannot be read to determine if an event notification should be sent, an error notification will be generated every hour (the Notification Interval). This error notification is intended to communicate that it cannot be determined if there are event notifications that should be sent. The error notification should not be relied on for monitoring event datastore availability. Should that be necessary, it is recommended specialist tools are used for that purpose.
Notification Methods
Webhooks and emails can be selected here. In this case, if either is selected, it will apply to the webhooks and emails that were set up above.
Server Configuration
Portal Public URLs
The User Address and Agent Address can be configured to control the URLs used in emails, webhooks linking back to the Portal and for generated Agent configuration.
The default for both set of URLs is:
- host:
localhost - port:
8443
User Address
The host and port used in generated emails to link back to the Portal. This may be the same as the Portal, or a load balancer, if applicable.
Agent Address
The host and port used in generated Agent configuration, see Application configured waratek.properties
Change the Default Settings of User Address and Agent Address
- Click the Settings icon
in the side navigation - Select the System Settings from the pop-up menu
- Click the Server Configuration tab and go to the section of Portal Public URLs
- Change the address and port in the section of User Address and/or Agent Address
- Click Save Changes to save changes
Mail Server
To allow the Portal send emails a Mail Server must be configured. Emails are used for event alerts, forgot password, multi-factor authentication and account unlock emails.
Configuring a Mail Server
- Click the Settings icon in the side navigation
- Select System Settings from the pop-up menu
- Click the Server Configuration tab and scroll to the Mail Server section
- Click slider to enable emails and complete the form
- Optionally, after filling the information in the form, click Test Configuration to send a test email using the configured settings
- Click Save Changes to confirm the change
LDAP Server
See Integrating with LDAP/LDAPS server section in the Integrations section of the Installation Guide for more details.
Webhooks
Webhooks provide a mechanism whereby a server-side application can notify a client-side application when a new event has occurred on the server.
Webhooks operate on the concept of event reaction, and thus avoids the need for constant polling of the server-side application by the client-side application. Thus, rather than the client-side application constantly polling the server-side application to check for new events, the server-side application calls the client-side application (by invoking a client-provided webhook URL) anytime the server-side has something new to report to the client. Thus, with webhooks, you can get push notifications when certain events happen on the server. You do not need to poll the API anymore to see if these events have happened. You can subscribe to an event with webhooks.
Set Up the Webhooks
- Click the Settings icon in the side navigation
- Select the System Settings from the pop-up menu
- Select the Webhooks tab
- Click the Add Webhook
- Fill in the required information for each field
- There is an option to Test Connection before completion
- Click Save to create the new Webhook
Event Storage
This page contains settings relating to events storage. This feature can be useful when you would prefer to only retain event data for a specific number of days. Once events have been deleted, they cannot be recovered.
The event purging task runs every day at 4am local time by default. When the event purging setting is enabled and the task runs, events older than the number of days specified will be deleted.
Note that if 0 days is specified, only the current day’s events will be preserved when the task runs. If the task runs at 4am then events between 12am and 4am will be preserved. All other events will be deleted.
If 1 day is specified, the current and previous day’s events will be preserved. All other events will be deleted.
SAML
This section provides settings related to SAML integration.
For information on using this section, please see the Integrating with SAML section of the Installation Guide