System Configurations

Prev Next

This section plays a critical role in ensuring that the information system is properly configured, secure, and efficient. This section covers several areas, including Snowflake configuration, retention policies, entity resolution, etc. In DataBee, you can select the Snowflake data lake to store and analyze large volumes of data. This section provides a detailed guide on configuring the Snowflake data lake in DataBee. The retention policy section involves defining the retention policies for the search history stored in the system.

Click on the settings icon at the top right corner of the portal, and from the dropdown menu select System.

Data Lakes- Snowflake Configuration

You can load and search your security data into a cloud-based data warehousing platform like Snowflake using DataBee. On the left panel, click the Data Lakes button.

Select the Snowflake button, which takes you to the "Snowflake Configuration" page. You can create a new Snowflake connection in DataBee by entering the details for the following connection parameters.

  • Account Identifier: your account identifier e.g., companyname.us-east-1.

  • Username: your Snowflake username for authentication (The database name is case sensitive).

  • Database: database to use for backend storage.

  • Warehouse: Compute resource cluster to use for this application.

  • Role: user account role to use when interacting with the Snowflake cluster.

  • Private Key: the private key for key pair authentication.

  • Private Key Password: Snowflake password for the key pair authentication.

Snowflake Case Sensitivity

Many of these fields are required to be uppercase in Snowflake. If you run into issues connecting, try with an uppercase Username, Database, Warehouse, and Role.

Broken Connection

If any of these fields are changed in Snowflake (ex., a user is renamed), then the DataBee connection will break. Any changes to the Snowflake identifiers also require updating this connection in the DataBee UI.

Click on the Test Connectivity button to ensure that DataBee can successfully connect to your Snowflake account. If the test is successful, click on the Submit button to save the Snowflake connection details in DataBee.

system-configurations-image-swcrjhi2

Data Collectors

Refer to Configure Data Collector in DataBee for a step-by-step guide.

HTTP Collector

Data can be sent to the DataBee platform using the following endpoint. From the left sidebar, select HTTP Collector. Click on the Copy to clipboard button to copy the ‘Endpoint URL’.

Retention Policy

The system configuration section of DataBee allows you to set the retention policy for your search history. This policy determines how long your search history will be stored in the system before it is automatically deleted. You can configure the retention policy based on a specific number of days.

Select the Retention button, which takes you to the “Retention Policies” page. Here, you can enter the number of days you want to retain the user Search History. Click on the Submit button to configure your retention policy.

Entity Resolution

The system configuration section of DataBee allows you to set configuration options to customize Entity Resolution to your organization if you have the Security Threats or the Security Hygiene package. Entity Resolution should be enabled and configured after completion of feed configuration to ensure accuracy. Entity Resolution allows you to exclude feeds from its learnings with the “Provider Exclusion List”. Feeds can be prioritized for Entity Resolution in the “Provider Priority” by selecting a provider from the list, then dragging it into the desired order. These inputs are leveraged directly by Entity Resolution when collisions or conflicting information are present. Entity Resolution allows for configuration of age out by 3 primary types of entities: Virtual Devices, Physical Devices, and Users. Virtual Devices take their definition from the Device Type ID in the OCSF framework, which includes, for example, cloud assets and virtual machines. All other device types are considered Physical Devices for consistency. Internal CIDRs and Internal Hostnames can be provided. CIDRs should be inputted in the format of X.X.X.X/Y in a comma-separated list. Providing the CIDR Blocks assigned to your organization allows Entity Resolution to track external IPs as internal assets from a variety of sources. Providing Internal Hostnames allows for more accurate identification of assets.

Select the Entity Resolution button, which takes you to the “Entity Resolution” page. Here, you can configure the “Provider Exclusion List”, “Provider Priority”, Age Out by entity type, and provide internal CIRD Blocks. Click on the Submit button to configure your entity resolution.

Refer Entity Resolution Configuration for more details.

Content Delivery

Refer to Content Delivery for details on this topic.

DataBee BeeKeeper

For detailed instructions, refer to DataBee BeeKeeper Setup in the DataBee UI.