12.10. Application Options

This page describes the web application settings.

12.10.1 Customize

To access this select Customize → App Settings

12.10.2 UI

Option Default Value Description
Google API Key Google map API key. You need this to view the Geo map
Explore Flows Max Items 2000 When retrieving flows stop when these many flows are reached. All flow based calculations will be done using these many flows. The next parameter Explore Flows Show In Tables specifies how many of these will show up in raw flow tables on the web UI.
Flows shown in tables 500 Show these many ‘top flows’ in raw flow tables.
User Password Minimum length 6 Minimum characters you can use in user password
Log Level INFO Filter expression for viewing log files , includes expressions like :
# DEBUG
# ERROR
# INFO

12.10.3 Proxy Settings

Web Trisul needs to reach out to the internet for two things.

  1. to download latest threat feeds for the BadFellas plugin
  2. to install Trisul Apps which are hosted on Github

If your Trisul-Hub node does not have internet access you need to configure a proxy server.

Option Default Value Description
Proxy Server IP Address of the proxy server
Proxy Server User Name Specify the Username if required by the proxy
Proxy Server User Password Specify the Password if required by the proxy

Test it

  • Login as admin
  • Go to Webadmin > Manage > Apps
  • If you get a list of packages without the error “Check your internet connection error”, the connection is working.

12.10.4 Packet Inspection

Option Default Value Description
Deep Packet Inspection limit 21600 Secs Time limit for deep packet inspection
Deep packet inspection content limit 100 M Maximum number of bytes to be retrieved as a result of the packet retrieval _Pull packets operation

12.10.5 Web Server

Option Default Value Description
Idle timeout 15 Time set to logged webtrisul when idle
Server port 3000 The webserver port. This setting is used by some cron tasks (like report mailers). If you move the default nginx port make sure you reflect that change here.
Web Server Security NONE Used by report jobs. Is web server using SSL?

12.10.6 Schedule and Email reports

Automatically email scheduled reports YES Global setting that controls if scheduled reports are mailed out
Automatically email threshold crossing alert summaries No Global setting that controls if TCA reports are mailed out
Business Hour 00:00:00-23:59:59 Business hours time used to restrict default report generation time window for each day

12.10.7 Chart

Option Default Value Description
Conversation Chart Ring items 10 Number of peers to be shown in the conversation ring. This chart appears in the Tools → Investigate IP Activity analysis
Matrix Chart items 10 No of items to be plotted in the conversation matrix. This appears in Tools → Explore Flows
Chart Effects - Special effects for charts
Show data value tooltips 0 Show timeseries data point as a tooltip

12.10.8 Dashboard and modules

Default items in Top-N Dashboards 10 All Top-N starts show these many by default, with a “More” button to expand.
Show module description Yes A description if shown below each module to help you understand what is being shown. If you are a power user and would like to hide this text, then set this to False
Show help tips for menu items Yes A tooltip is shown for menu items to help you learn about the various options. You can turn these off if you are already familiar with the UI