Sophie Admin Guide Version 2.5 Confidential & Privileged Sophie Admin Guide V2.5 Page 1 of 95 Confidential & Privileged The Programs (which include both the software and documentation) contain proprietary information of Loom Systems; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent and other intellectual property law. Reverse engineering of the Programs is prohibited. The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. Loom Systems does not warrant that this document is error-free. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written approval of Loom Systems. The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be licensee’s responsibility to take all appropriate fail-safe, backup, redundancy and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and Loom Systems disclaims liability for any damages caused by such use of the Programs. This software documentation may provide access to or information about content, products, and services from third parties. Loom Systems is not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Loom Systems. Loom Systems and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Loom Systems. Confidential & Privileged Sophie Admin Guide V2.5 Page 2 of 95 Table of Contents Overview of the Admin guide .............................................................................................................. 5 Configuring General Settings in Sophie ............................................................................................... 6 Configuring Timezone settings ......................................................................................................... 6 Configuring System settings ............................................................................................................. 7 Configuring Storage Settings ............................................................................................................ 7 Managing Users in Sophie .................................................................................................................... 8 Creating new users ........................................................................................................................... 9 Editing user information ................................................................................................................ 11 Impersonating a user ..................................................................................................................... 14 Deleting a user ............................................................................................................................... 15 Federating External Databases ...................................................................................................... 16 Configuring Identity Providers ....................................................................................................... 19 Role-based Access Control in Sophie ................................................................................................. 20 Example of Groups ......................................................................................................................... 21 Alerts and Correlations .................................................................................................................. 21 Creating groups .............................................................................................................................. 21 Connecting to Data Input sources ...................................................................................................... 25 Functional areas on the Data Inputs screen .................................................................................. 25 Connecting to a new Data Input source ........................................................................................ 26 Manipulating raw data by using the Pre-processor function ........................................................ 26 Mapping a Data Input Source to a Source Type ............................................................................ 27 Defining the Structure of a Data Input ........................................................................................... 29 Configuring the Data Input ............................................................................................................ 30 Pausing, Stopping and Restarting Data Input connection ............................................................. 32 Disabling and Enabling a Data Input source connection ............................................................... 32 Deleting a Data Input source connection ...................................................................................... 32 Assigning User Groups to Data Inputs ........................................................................................... 32 Description of Data Input sources ................................................................................................. 33 Confidential & Privileged Sophie Admin Guide V2.5 Page 3 of 95 Working with Source Types ............................................................................................................... 69 Functional areas of the Source Types screen ................................................................................ 69 Customizing the Structure of the Source Type .............................................................................. 70 Classifying Properties ..................................................................................................................... 75 Creating Clusters by using Regular Expressions (RegEx): ............................................................... 76 Defining Keywords ......................................................................................................................... 80 Exporting a Source Type................................................................................................................. 82 Deleting a Source Type .................................................................................................................. 82 Importing a Source Type ................................................................................................................ 83 Service Mappings ........................................................................................................................... 83 Administering Sophie ......................................................................................................................... 85 Enabling various Sophie features ................................................................................................... 85 Defining Replacement by using regular expressions ..................................................................... 90 Defining TimeStamp formats ......................................................................................................... 92 Viewing Diagnostics ....................................................................................................................... 93 Confidential & Privileged Sophie Admin Guide V2.5 Page 4 of 95 Overview of the Admin guide As a Sophie administrator, you can perform several administrative functions to effectively manage your data and Sophie. To perform the administrative functions, you must have Admin privileges in Sophie. This user guide provides the information about such administrative functions for Sophie. Topic Description Configuring General Settings in This topic describes the methods perform the following tasks: Sophie • Configuring Timezone settings • Configuring System settings • Configuring Storage Settings Managing Users in Sophie This topic describes the methods perform the following tasks: • Creating new users • Editing user information • Impersonating a user • Unlocking users • Deleting a user • Federating External Databases • Configuring Identity Providers Role-based Access Control in Sophie This topic provides the details about RBAC and Groups in Sophie: • Example of Groups • Top alerts and Correlations • Creating groups Connecting to Data Input sources This topic describes the methods perform the following tasks: • Functional areas on the Data Inputs screen • Connecting to a new Data Input source • Manipulating raw data by using the Pre-processor function • Mapping a Data Input Source to a Source Type • Defining the Structure of a Data Input • Configuring the Data Input • Configuring the Data Input • Pausing, Stopping and Restarting Data Input connection • Disabling and Enabling a Data Input source connection • Deleting a Data Input source connection • Assigning User Groups to Data Inputs • Description of Data Input sources Confidential & Privileged Sophie Admin Guide V2.5 Page 5 of 95 Configuring General Settings in Sophie As a Sophie administrator, you can configure the general settings: • Time zone settings • System settings • Storage settings Configuring Timezone settings Sophie sets the time zone and URL automatically upon creating your instance. Changing the time zone will affect how alerts and logs are presented at the incidents and analytics screens respectively. You can configure your time zone and server URL by: 1. Login to Sophie as an Administrator. 2. From the bottom left corner, click the settings icon; then from the Settings menu, click General. 3. On the General screen, configure the following settings: a. Select a Time zone from the drop-down. b. In the Server Base URL box, enter the base URL for your Sophie server. 4. Click Save. Confidential & Privileged Sophie Admin Guide V2.5 Page 6 of 95 Configuring System settings 1. Login to Sophie as an Administrator. 2. From the bottom left corner, click the settings icon; then from the Settings menu, click General > System. Several settings are available for you to configure. 3. To edit the value, click Edit in front of the required setting. 4. In the Edit Setting screen, enter the value and click Save. See the following example: Configuring Storage Settings You can configure the period for which Sophie retains the data. You can also see the current size of the Sophie database tables. 1. Login to Sophie as an Administrator. 2. From the bottom left corner, click the settings icon; then from the Settings menu, click General > Storage. Confidential & Privileged Sophie Admin Guide V2.5 Page 7 of 95 3. Under Default retention settings, define the default period for retaining each type of data. Click the Retention period value, update and save the new value. 4. Under Sources retention overrides, define the retention period overriding the default setting for each application. Click the Retention period value, update and save the new value. 5. To view the current database table size, expand Database table sizes. Managing Users in Sophie Sophie administrators can create and manage Sophie accounts for other users. This topic provides the following information about user management in Sophie: Confidential & Privileged Sophie Admin Guide V2.5 Page 8 of 95 • Creating new users • Editing user information • Impersonating a user • Unlocking users • Deleting a user Creating new users 1. Log in to Sophie as an Administrator. 2. From the bottom left corner, click the settings icon; then from the Settings menu, click Manage Users. 3. On the Users screen, click Add Users. 4. On the Add Users screen, enter the user information in the various fields. Notes: • The fields marked with an * (asterisk) are mandatory. • Hover over the (?) icon to see tooltips for a particular field. Confidential & Privileged Sophie Admin Guide V2.5 Page 9 of 95 5. The Required User Actions field requires you to select the action for verifying user account. Select an option from the following: • Verify Email – sends an email to the user to verify their email address. • Update Profile – requires users to update their personal information. • Update Password – requires users to update their password. • Configure OTP – requires the setup of the mobile password generator. 6. Click Save. 7. Assign a password for the new user through the Credentials screen. Confidential & Privileged Sophie Admin Guide V2.5 Page 10 of 95