On the SETTINGS page, you can adjust several settings that affect the system's behavior. Some of these settings are very important for proper system behavior, therefore we advise every administrator to familiarize themselves with all the various options.
General settings
Change Cases Warning
OTbase Inventory comes with an integrated change management workflow. This setting specifies what happens when a user opens an existing device in Edit mode (assuming proper access rights).
When the radio button is set to warn, the user will see a pop-up dialog warning that the device is not a member of an existing change case. The warning can be ignored by clicking OK. When the radio button is set to prevent, the user will not be able to change any variables for the device before first opening a change case. When the radio button is set to ignore, the user can make changes and won't get a dialog box.
The proper setting for this parameter depends mostly on whether you use OTbase Inventory's change management workflow or not. If you don't, the proper setting is ignore.
Device Removal
OTbase allows you to save information about decommissioned devices. If you want to take advantage of this feature, the Decommission radio button needs to be set to yes. Then, when you remove a device from the device inventory, it will not be completely removed from the database, but will be put in the decommissioned status. You are able to see decommissioned devices by checking the respective box in the Scope selector. The stage of decommissioned devices will be shown as DEC.
Note: that decommissioned devices to consume license space. If you don't want to save information about decommissioned devices, just set the Decommission button to no, delete immediately.
Local Admins
OTbase collects information about local administrators for Windows systems. You can easily use this information for compliance checking, for example if your company only allows for certain accounts to be admins. If you want to take advantage of this feature, set the Compliance button to Yes.
REST
This setting allows you to turn the REST API on or off.
SMTP
OTbase Inventory supports email notifications. If you want to use this feature, you must tell OTbase about your SMTP server (the corporate server that actually sends email; your IT department maintains this information).
Health events trigger threshold
OTbase supports various means to track the health of your OT systems in terms of CPU, memory, HDD usage, and network reachability. In this area you can define individual thresholds for these parameters that make the most sense for your environment.
Appearance
The appearance tab lets you change various aspects of the user interface.
Login background image (wallpaper)
With Login background image you can set the wallpaper that is used for the login screen. If you hover over the existing image, you'll notice a red X pop up in the upper right corner of the image. Press this X to remove the current image. You can then upload a new image either via a file picker or from the clipboard. For best visually pleasing results we recommend to use a black-and-white image.
Custom help links
In the upper right corner of OTbase Inventory you find a question mark that acts as a link to the product documentation. You can change the target of this link in the middle column. If you add new links to the table, they will be offered to the user via a pop-up menu. This option is useful if you have internal documentation for OTbase that you want to make available to users. You may also disable the link to the product documentation by unchecking the box "OTbase Help Center".
User notification
The User Notification allows you to notify users of an upcoming system shutdown, for example when you intend to install a new product version. This will allow everyone to finish their work and log off rather than being kicked out of the system.
Login/session parameters
LDAP
OTbase supports user authentication via LDAP. If you want to take advantage of this feature, specify details of your LDAP server in this area.
Landing Page
This drop-down menu allows you to set the page that users see after login. You can choose any page from the main menu, but note that some pages (such as ADMINISTRATION) are usually not accessible by all users.
Login Authentication
Here you can specify if two-factor authentication shall be used. If set to yes, users attempting to log in will be sent an access code by email. Note that users who don't have a stored email address in their profile will no longer be able to log in.
Logout Timeout
This is the default inactivity timeout after a session will be terminated automatically. Users can modify this parameter in their personal settings.
OAuth2
Here you can specify your settings for OAuth2 authentication if you are using the REST API.
OpenID Connect / OIDC
Here you can configure the settings for SSO via Open ID Connect / Entra. For more details on this setting check the Guide.
Metadata
OTbase automatically enriches your asset information with additional data, called metadata. This includes vulnerability information and general product information such as product lifecycle and latest firmware version.
CVE Auto Import Settings
For automatic CVE downloads from NIST (nvd.nist.gov) you have to activate the download function and also specify a time of day as well as the desired download interval (daily, every other day, every five days). When you have made your selection click on Save to save your settings. -- If you have checked this box, OTbase Inventory will also download KEV data from cisa.gov. KEV data inform you of which vulnerabilities there are known exploits. You can obtain an API key from NIST, which will speed up the downloads. If you don't provide an API key, downloads still function but perform slower (usually not a problem because the download takes place in the background anyway).
If you also check Security update information from microsoft.com, OTbase Inventory will also download security patch data from Microsoft. This enables OTbase Inventory to determine if a particular vulnerability is already fixed for a given device.
Product Data Update
Automatic product data updates include product catalog descriptions, product lifecycle information, information about current firmware version, and more. When activated, OTbase Inventory will download curated product metadata from Langner once per week.
In order to assure that metadata for your installed products are provided, you must check the box labeled Upload product catalog to Langner.
If you don't check the box, you may not get full coverage for your products.
The upload only contains product names and installation numbers. Installation numbers help Langner to identify vendors products that are installed in substantial numbers and therefore warrant more effort for metadata collection.
If you want to see which data is uploaded, just do an Excel export of your product catalog. The data you see there is what is uploaded.
URLs
In order for OTbase Inventory to be able to pull metadata, you must make sure that the following URLs are accessible via HTTPS from the host where Inventory is running:
Proxy Settings
If you are using a proxy to connect to the Internet, you can specify the required proxy settings in this area.
Logging
You can create a system log that contains status messages for system events such as CVE downloads, and user events such as a manual configuration change of a device. The log can be written either to a Syslog server or to file. When writing to file please note that the log will be kept on your OTbase Inventory server (usually a Linux system); you will not be able to see log entries using the web user interface.
In order to active logging, go to MAINTENANCE, click the Logging tab and select the log method of your choice.
If you select logging to file, log entries will be written/appended to the file ot-base.log, which is placed into a new exported folder named log. By default, you will find this file in the folder /var/ot-base. It's contents will similar to this:
Email Templates
OTbase Inventory supports email notifications for various types of events, and here is where you configure them.
Note: that you must first have set your SMTP settings properly ("General" tab) for this functionality to work.
You can define as many templates as you like, for various event types, and for various user groups. In the right pane you can configure the event type, recipients, and most importantly, the type of report that shall be sent. The report that you select will be appended to the email as a PDF document.
Device categories
OTbase Inventory supports several dozen device types (such as PLC, RTU, Robot). In the Device Categories tab you can group these device types into categories, which can also be used for filtering in the various inventory tables. After installing OTbase Inventory, you will find the default grouping as shown above. If you don't like this grouping, you can move devices types to other categories, using drag-and-drop.
The other setting you can apply here is to assigning color codes to device types and device categories. Just select any of the entries from the left pane, and you'll be able to change the color code in the right pane. The color code for device types can be inherited from their category, or it can be assigned individually.
Comments
0 comments
Please sign in to leave a comment.