On the SETTINGS page you can adjust several settings that affect system behavior. Some of these settings are very important for proper system behavior, therefore we adivse every administrator to familiarize themselves with all the various options.
General settings
Change Cases Warning
OTbase Inventory comes with an integrated change management workflow, but you are not forced to actually use it. This setting specifies what happens when a user opens an existing device in Edit mode (assuming proper access rights).
When the radio button is set to "warn", the user will see a pop-up dialog warning that the device is not a member of an existing change case. The warning can be ignored by clicking "OK". When the radio button is set to "prevent", the user will not be able to change any variables for the device before first opening a change case. When the radio button is set to "ignore", the user can make changes and won't get a dialog box.
The proper setting for this parameter depends mostly on whether you use OTbase's change management workflow or not. If you don't, the proper setting is "ignore".
Device Removal
OTbase allows you to save information about decommissioned devices. If you want to take advantage of this feature, the "Decommission" radio button needs to be set to "yes". Then, when you remove a device from the device inventory, it will not be completely removed from the database, but will be put in the "decommissioned" status. You are able to see decommissioned devices by checking the respective box in the Scope selector. The stage of decommissioned devices will be shown as "DEC".
Note that decommissioned devices to consume license space. If you don't want to save information about decommissioned devices, just set the "Decommission" button to "no, delete immediately".
Local Admins
OTbase collects information about local administrators for Windows systems. You can easily use this information for compliance checking, for example if your company only allows for certain accounts to be admins. If you want to take advantage of this feature, set the "Compliance" button to "Yes".
REST
This setting allows you to turn the REST API on or off.
SMTP
OTbase Inventory supports email notifications. If you want to use this feature, you must tell OTbase about your SMTP server (the corporate server that actually sends email; your IT department maintains this information).
Health events trigger threshold
OTbase supports various means to track the health of your OT systems in terms of CPU, memory, HDD usage, and network reachability. In this area you can define individual thresholds for these parameters that make the most sense for your environment.
Appearance
The appearance tab lets you change various aspects of the user interface.
Login background image (wallpaper)
With "Login background image" you can set the wallpaper that is used for the login screen. If you hover over the existing image, you'll notice a red "X" pop up in the upper right corner of the image. Press this "X" to remove the current image. You can then upload a new image either via a file picker or from the clipboard. For best visually pleasing results we recommend to use a black-and-white image.
Custom help links
In the upper right corner of OTbase Inventory you find a question mark that acts as a link to the product documentation. You can change the target of this link in the middle column. If you add new links to the table, they will be offered to the user via a pop-up menu. This option is useful if you have internal documentation for OTbase that you want to make available to users. You may also disable the link to the product documentation by unchecking the box "OTbase Help Center".
User notification
The User Notification allows you to notify users of an upcoming system shutdown, for example when you intend to install a new product version. This will allow everyone to finish their work and log off rather than being kicked out of the system.
Login/session parameters
LDAP
OTbase supports user authentication via LDAP. If you want to take advantage of this feature, specify details of your LDAP server in this area.
Landing page
This drop-down menu allows you to set the page that users see after login. You can choose any page from the main menu, but note that some pages (such as ADMINISTRATION) are usually not accessible by all users.
Login authentication
Here you can specify if two-factor authentication shall be used. If set to yes, users attempting to log in will be sent an access code by email. Note that users who don't have a stored email address in their profile will no longer be able to log in.
Logout timeout
This is the default inactivity timeout after a session will be terminated automatically. Users can modify this parameter in their personal settings.
OAuth2
Here you can specify your settings for OAuth2 authentication if you are using the REST API.
Open ID Connect / OIDC
Here you can configure the settings for SSO via Open ID Connect / Entra. For more details on this setting check the Guide.
Metadata settings
OTbase automatically enriches your asset information with additional data, called metadata. This includes vulnerability information and general product information such as product lifecycle and latest firmware version.
CVE Auto Import Settings
For automatic CVE downloads from NIST (nvd.nist.gov) you have to activate the download function and also specify a time of day as well as the desired download interval (daily, every other day, every five days). When you have made your selection click on Save to save your settings. -- If you have checked this box, OTbase will also download KEV data from cisa.gov. KEV data inform you for which vulnerabilities there are known exploits. You can obtain an API key from NIST, which will speed up the downloads. If you don't provide an API key, downloads still function but perform slower (usually not a problem because the download takes place in the background anyway).
If you also check "Security update information from microsoft.com" OTbase will also download security patch data from Microsoft. This enables OTbase to determine if a particular vulnerability is already fixed for a given device.
Product Data Update
Automatic product data updates include product catalog descriptions, product lifecycle information, information about current firmware version, and more. When activated, OTbase Inventory will download curated product metadata from Langner once per week.
In order to assure that metadata for your installed products are provided, you must check the box labeled "Upload product catalog to Langner".
If you don't check the box, you may not get full coverage for your products.
The upload only contains product names and installation numbers. Installation numbers help Langner to identify vendors products that are installed in substantial numbers and therefore warrant more effort for metadata collection.
If you want to see which data is uploaded, just do an Excel export of your product catalog. The data you see there is what is uploaded.
URLs
In order for OTbase Inventory to be able to pull metadata, you must make sure that the following URLs are accessible via HTTPS from the host where Inventory is running:
Logging
You can create a system log that contains status messages for system events such as CVE downloads, and user events such as a manual configuration change of a device. The log can be written either to a Syslog server or to file. When writing to file please note that the log will be kept on your OTbase Inventory server (usually a Linux system); you will not be able to see log entries in the web frontend.
In order to active logging, go to MAINTENANCE/Logging and select the log method of your choice.
If you select logging to file, log entries will be written (appended) to the file ot-base.log, which is placed into a new exported folder named log. By default, you will find this file in the folder /var/ot-base. Content will look like this:
Email templates
OTbase supports email notifications for various types of events, and here is whare you configure them. Note that you must first have set your SMTP settings properly ("General" tab) for this functionality to work.
You can define as many templates as you like, for various event types, and for various user groups. In the right pane you can configure the event type, recpients, and most importantly, the type of report that shall be sent. The report that you select will be appended to the email as a PDF document.
Device categories
OTbase supports several dozen device types (such as PLC, RTU, Robot). In the device categories tab you can group these device types into categories, which can also be used for filtering in the various inventory tables. After installing OTbase, you will find a default grouping as shown. If you don't like this grouping, you can move devices types to other categories, using drag-and-drop.
The other setting you can apply here is to assing color codes to device types and device categories. Just select any of the entries in the left pane, and you'll be able to change the color code in the right pane. The color code for device types can be inherited from their category, or it can be assigned individually.
Comments
0 comments
Please sign in to leave a comment.