Settings Tab

In the Settings tab, you can configure password complexity for internal NetWitness users and set system-wide security parameters. You can also restrict access to incidents in the Respond view.

Password complexity requirements apply only to internal users and are not enforced for external users. External users rely on their own methods and systems to enforce password complexity.

Workflow

netwitness_settingstabworkflow.png

What do you want to do?

Role I want to ... Show me how
Admin Configure password complexity Configure Password Complexity
Admin Configure system-level security settings Configure System-Level Security Settings
Admin Restrict access to incidents.

Configure System-Level Security Settings

Admin (Optional) Configure external authentication (Optional) Configure External Authentication

Related Topics

Quick Look

To access this view, go to netwitness_adminicon_25x22.png (Admin) > Security and click the Settings tab.

122_SettingsTabPassSecSett_1122.png

SettingsTabPamAdSett.png

The Settings tab includes the following sections.

1 Password Settings
2 Security Settings
3 PAM Authentication
4 Active Directory Configurations
5 Restrict Access To Incidents

Password Settings

The Password Policy section enables you to configure password complexity requirements for internal NetWitness users when they set their passwords.

Option Description
Password will expire after <n> days The default number of days before a password expires for all internal NetWitness users. A value of zero (0) disables password expiration. For new installations, the default value is 30. For upgrades, the previous value will migrate automatically to the upgraded installation.
Users will be notified <n> days prior to password expiring The number of days before the password expiration date, to notify a user that their password is about to expire. Users receive a one-time email on the specified date before their passwords expire. They also see a Password Expiration Message dialog when they log on to NetWitness. The minimum value is 1 day.
Minimum Password Length Specifies a minimum password length requirement for NetWitness user passwords. A minimum password length prevents users from using short passwords that are easy to guess.
Uppercase Specifies a minimum number of uppercase characters for the password. This includes European language characters A through Z, with diacritic marks, Greek characters, and Cyrillic characters. For example:
  • Cyrillic uppercase: Д Ц
  • Greek uppercase: Π Λ
Lowercase Specifies a minimum number of lowercase characters for the password. This includes European language characters a through z, sharp-s, with diacritic marks, Greek characters, and Cyrillic characters. For example:
  • Cyrillic lowercase: д ц
  • Greek lowercase: π λ
Decimal Digits Specifies a minimum number of decimal characters (0 through 9) for the password.
Special (~!@#$%^&*_-+=`|'(){}[]:;<>,".?/) Specifies a minimum number of special characters for the password:
~!@#$%^&*_-+=`|'(){}[]:;<>,".?/
Non-Latin Alphabetic Specifies a minimum number of Unicode alphabetic characters that are not uppercase or lowercase. This includes Unicode characters from Asian languages. For example:
  • Kanji (Japanese): 頁 (leaf) 枒 (tree)
Password May Not Contain Username Specifies that a password cannot contain the case-insensitive username of the user.
Force all internal users to change their passwords on the next login Forces all internal users to change their passwords the next time they log on to NetWitness instead of when they create or change their passwords. Note that this setting is checked by default.
Apply Password strength settings take effect when NetWitness users create or change their passwords. If Force all internal users to change their passwords on the next login is selected, all internal users must change their password the next time they log on to NetWitness.

Security Settings

The Security Settings section enables you to configure global security settings for NetWitness users.

Option Description
Lockout Period Number of minutes to lock a user out of NetWitness after the configured number of failed logins is exceeded. The default value is 20 minutes.
Max Login Failures The maximum number of unsuccessful login attempts before a user is locked out. The default value is 5
Session Timeout The maximum duration of a user session before timing out in minutes. The default value is 600. If the value is 0, there is no maximum time for a session. If the value is a positive integer, the session times out when the configured time has elapsed. The user must log in again.
Idle Period Number of minutes of inactivity before a session times out. The default value is 10. If the value is 0, the session will not timeout.
Usernames are case sensitive Select this option if you want the Username field on the NetWitness login screen to be case sensitive. For example, if usernames are case sensitive, you could use admin to log on to NetWitness, but you could not use Admin. This is a mandatory field.
Password Enter the password if you want to add or edit the Active Directory Security Settings. This is a mandatory field.
Apply Makes the settings become effective immediately.

PAM Authentication

The PAM Authentication section enables you to configure NetWitness to use Active Directory or PAM to authenticate and test external user logins.

Option Description
Enable PAM Authentication Allows NetWitness to use Pluggable Authentication Modules (PAM) to authenticate external user logons.
Apply Makes the PAM configuration settings become effective in the next logon.
Test Prompts for a username and password, then tests the currently enabled PAM authentication method.

Active Directory Configurations

The Active Directory Configuration section enables you to configure NetWitness to use Active Directory to authenticate external user logins.

Option Description
Enabled Enables Active Directory authentication for NetWitness users.
Domain Domain name where the Active Directory Service is located.
Host Host name or IP address where the Active Directory Service is located.
Port Port on the host that is used for Active Directory Service authentication.
SSL Indicates whether the Active Directory Service uses Secure Sockets Layer (SSL). To enable SSL so that your Active Directory Service can communicate with NetWitness version 11.1 and later, you must upload an Active Directory server certificate.
Username Mapping Indicates the Active Directory search field to use for username mapping. You can specify userPrincipalName (UPN) or sAMAccountName.
Follow Referrals Indicates whether NetWitness will follow LDAP referrals made by Active Directory.
Username Username of the user that binds to the Active Directory Service while searching Active Directory groups. This is usually a service account that has permissions to query the domain and validate user accounts and group membership. This credential is not used for any other purpose.
Password Password of the user that binds to the Active Directory Service while searching Active Directory groups. This is usually a service account that has permissions to query the domain and validate user accounts and group membership. This credential is not used for any other purpose.

Restrict Access to Incidents

By default, analysts can view all of the incidents, alerts, and tasks in the Respond view. If you have sensitive or restricted information that should not be shared, you can restrict what analysts and other users can see in the Respond view.

Option Description
Do not restrict access to incidents Enables analysts to view all of the incidents, alerts, and tasks in the Respond view. This is the default setting.
Restrict access to incidents for all users, except for users with the roles listed below Restricts what analysts and other users can see in the Respond view. Analysts can only see incidents assigned to them as well as the alerts and tasks associated with those incidents.
(List of user roles whose access to incidents is not restricted.) When you select to restrict access to incidents, this list shows the user roles that do not have restricted access to incidents. You can adjust this list of user roles independently from your restriction selection. For example, you can add and adjust the list of non-restricted user roles before you make the selection to restrict access to incidents.
Apply Changes take effect on the next log in to NetWitness Platform.