Skip to main content

Cyware Fusion and Threat Response

Configure General Settings

In the general settings of the application, you can configure the logo, general user account settings, Google Recaptcha, tenant settings, email settings, date and time settings, cost configurations, and more. For more information on how to configure email and proxy servers, see Configure Email Server and Configure Proxy Server.Configure Email Server

Before You Start

Ensure you have the Create/Update permissions for Configurations.

Steps

To configure the general settings, follow these steps:

  1. Go to Admin Panel > Configurations > Basic Configuration.

  2. Select the required configuration, and click Edit.

Tenant Settings

Enter the following details to configure the tenant settings:

  • Tenant Name: Enter a name for the Respond application. This helps you identify the parent and child tenants.

  • Tenant Code: View the tenant code that you have configured while deploying the Respond application or while creating a tenant. You cannot modify the tenant code.

  • Domain: View the domain details of the tenant. The domain changes if the tenant code is modified.

  • SSL/TLS: Enable SSL/TLS to secure information exchange between the parent and child tenants. By default, this option is unselected.

  • Data Flow: Enable Data Flow to enable your security service provider to monitor your incident data using the MSSP dashboard of the parent Respond instance. By default, this option is disabled.

  • Logo: Upload a logo for both light and dark modes that appears on the top-left corner of the application. Ensure that the logo size is within 160*38 px with a transparent background in .png format. The Cyware logo is the default logo.

Configure Error Email IDs

Notice

This functionality is available only for applications that are not deployed on the Cyware Cloud. For applications deployed on the Cyware Cloud, application error reports are sent to Cyware Support.

During an application error, enter the email IDs of the recipients to receive error reports from Respond. To receive the error reports on multiple email IDs, enter the comma-separated values of the email IDs without spaces. For example:

user1@sampledomain.com,user2@sampledomain.com

Note

The email server in Respond must be configured to receive error reports.

Timeout

To enhance application security, configure the Inactivity Timeout and Login Session Timeout settings of the application.

  • Inactivity Timeout: This is the duration of user inactivity before their session expires. The default inactivity timeout is set to 3 hours. Administrators can configure the inactivity timeout within a range of 1 hour to 8760 hours.

  • Login Session Timeout: This is the duration before the user is automatically logged out of the Respond instance. The default value for the login session timeout is 70 days. Administrators can configure the login session timeout within the range of 1 day to 365 days.

Cost Configurations

To calculate the cost of an incident or action, configure the cost details.

  • Currency for Cost Tracking: Select the currency that you want to use for the cost tracking of incidents and actions.

  • User Costing Model: Enter a frequency to calculate the cost, such as hourly, weekly, or monthly, and enter the working hours of your users. The default value is set to hourly.

Google Recaptcha

Enable Google Recaptcha and enter the Google Secret Key and Site Key to register the application with the Google reCAPTCHA service. Google reCAPTCHA helps in identifying malicious traffic, reducing the risk of bots accessing the application without user interaction. To generate the site key and secret key, see Google reCAPTCHA documentation.

Automatic Account Deactivation

Enter a duration in days between 1 and 3650 days to keep user accounts active without signing in to the application. User accounts are automatically deactivated after this duration expires. For example, 90 days.

Date and Time

You can configure the date and time settings, which will be displayed in the timestamp of all application-related activities. Administrators also have the option to enable or disable users from modifying these settings.

The administrator can configure the following settings:

  • Time Zone: Select one of the following time zone settings to reflect in the timestamps across the application for all users:

    • User Local Time Zone: Displays the timestamps as per the web browser time zone of the users. This option is selected by default.

    • Admin Specified Time Zone: Select a time zone to be displayed in the timestamps for all users. For example, (UTC -08:00) America/Los_Angeles.

  • Date Format: Select a date format for the timestamps. The default date format is Mth d, yyyy. For example, Dec 25, 2023.

  • Time Format: Select a time format for the timestamps for all users. For example, 24 Hours. The default time format is 12 Hours (AM/PM).

  • Allow Users to Override Date and Time Settings: Choose one of the following preferences:

    • If this option is enabled, users can adjust their preferred date and time settings in My Profile, overriding the administrator's configurations. This option is enabled by default. Users who haven't overridden the admin settings will receive a notification when the administrator updates the date and time configuration. For more information, see My Profile.

    • If this option is disabled, then the administrator-configured settings are applied to all users, and users cannot update their preferred date and time settings. All users will receive a notification when the administrator updates the date and time settings.

Data Update Permission

Configure the permissions around which users can update incidents, actions, enhancements, and PIRs data on the Respond platform and the Respond open API. If you choose to allow only the assigned user to update the records using either the Respond platform or Respond OpenAPI, all users of the assigned group can update the Assigned Group and Assigned User fields.

Process Intel

Administrators can choose to process threat intel automatically from incident details in Respond (CFTR) and send it to Intel Exchange (CTIX) for ingestion and enrichment, by turning on the Process Intel toggle. This feature scans all text fields for indicators of compromise (IOCs) and automatically links them with the incident in Connect the Dots > Threat Intel.

The extracted IOCs are enriched in Intel Exchange and are then updated in Respond. If a new IOC is added to Respond that is not present in Intel Exchange, the IOC is automatically added to Intel Exchange in Threat Data.

Note

To enable threat intel processing from specific incident fields, you must select Process Intel in Admin > Form Management > Incident Workflows > Field Settings. For more information, see Configure Process Intel.Configure Process Intel