nevisDetect plug-ins

The nevisDetect plug-ins are dynamically loaded by the nevisDetect Core component. Upon loading, and for each plug-in, the system automatically reads several attributes from the file /var/opt/nevisdetect/core/conf/plugins.properties. The table below lists these attributes. Since there are multiple plug-ins, each attribute name is made unique by a counter. The value of the counter itself has no meaning. In the table, we use <n> to denote that:

Attribute	Description
plugin.<n>.class	The full qualified Java class name of the plug-in.
plugin.<n>.jar	The path of the jar file containing the plug-in class.
plugin.<n>.configuration	The path of the configuration of the plug-in class.

See also the following example:

# test plugin 1
plugin.1.class=ch.nevis.nevisDetect.core.test.TestPlugin
plugin.1.jar=/var/opt/nevisdetect/core/plugins/nevisdetect-core-tests.jar
plugin.1.configuration=/var/opt/nevisdetect/core/plugins/test-plugin-1.properties

# behaviosec plugin
plugin.2.class=ch.nevisDetect.plugin.behaviosec.BehavioSecPlugin
plugin.2.jar=/var/opt/nevisdetect/core/plugins/behaviosec-plugin.jar
plugin.2.configuration=/var/opt/nevisdetect/core/plugins/behaviosec-plugin.properties

BehavioSec plug-in

The table below lists the plug-in specific attributes of the BehavioSec plug-in. You specify these attributes in the file behaviosec-plugin.properties.

Name	Type/unit	Example	Default	Description
colorCodes	list of string tuples	BehavioSecTransaction:#FF8000,BehavioSecSession:#FFFF00,BehavioSecRisk:#FF4D00	BehavioSecTransaction:#FF8000,BehavioSecSession:#FFFF00,BehavioSecRisk:#FF4D00	Defines the HTML color codes of the BehavioSec risk scores. The risk scores will be shown in these colors in the nevisDetect web application.
riskScores	list of strings	BehavioSecTransaction,BehavioSecSession,BehavioSecRisk	BehavioSecTransaction,BehavioSecSession,BehavioSecRisk	Defines the plug-in risk scores that will be extracted/converted from the response of the BehavioSense service.
proxy	DNS name/port	adnprox01.zh.adnovum.ch:3128		Specifies the outbound proxy. This attribute is optional.
dashboard	URL			Specifies the URL of the BehavioSense dashboard.
url	URL			Specifies the URL of the BehavioSense service.
http.client.connectTimeout	int/msec		500	The timeout for establishing a TCP connection.
http.client.keyStore	file	file:/var/opt/neviskeybox/default/nevisdetect/behaviosec_keystore.jks		The Java keystore file used for establishing the TLS connection.
http.client.keyStorePassword	string			The passphrase for the keystore.
http.client.trustStore	file	file:/var/opt/neviskeybox/default/nevisdetect/behaviosec_truststore.jks		The Java truststore file used for establishing the TLS connection.
http.client.trustStorePassword	string			The passphrase for the truststore.
finalizeSession	boolean		true	Defines whether to call finalizeSession if the session is terminated. The default is "true".
training.operatorFlags	integer		0	Sets the operator flags for the call to the BehavioSense service in the training mode..
detection.operatorFlags	integer		0	Sets the operator flags for the call to the BehavioSense service in the detection mode.
reportFlag	integer		0	Sets the report flag for the call to the BehavioSense service.
riskScoreIgnoreFlags	boolean		true	Defines if the following BehavioSec flags in the response are influencing the risk score:diError, pdError, isBot, tabAnomaly, pocAnomaly, numpadAnomaly, ipChanged, deviceChanged, isDataCorrupted, isSessionCorrupted, isReplay. If the attribute is set to "true", the above flags are ignored (that is, the flags will not influence the risk score).
uniqueLoginId	boolean		false	Defines whether to send the loginId (instead of the uniqueId) to the BehavioSec plug-in. Set to "true" only if the loginId is unique.
supportedMimeTypes	list of strings		application/behaviosec	The MIME type(s) of the part of a multi-part HTTP request that contains BehavioSec data.

nevisAdapt plug-in

See chapter nevisAdapt plug-in for details on the configuration.

Proxy plug-in

The table below lists the plug-in specific attributes of the Proxy plug-in. You specify these attributes in the file proxy-plugin.properties.

Name	Type/unit	Example	Description
colorCodes	list of string tuples	colorCodes=CyberDetectionTCP:#DF01D7, CyberDetectionTLS:#AF01D8	Defines the HTML color codes of plug-in's risk scores. The risk scores will be shown in these colors in the nevisDetect web application.
description.1description.2...	string	description.1= Adapter for passing request to the cyber detection service © Company description.2= support by [email protected]	Use this attribute to add a description of the plug-in. The attribute is optional.
name	string	CyberDetection	Specifies the name of the plug-in.
riskScores	list of strings	riskScores=CyberDetectionTCP, CyberDetectionTLS	Specifies a list of the risk scores delivered by the plug-in.
serviceMapping	list of string tuples	requestData: /service/processRequestData, terminateSession: /service/processSessionTermination, getVersion: /getVersion	Defines a list of supported methods and their mapping. The following methods are allowed: requestData, terminateSession, getVersion. The syntax of this attribute is: <method-name>:<path>
url	URL		Defines the URL of the service.
http.client.connectTimeout	int/msec	500	The timeout for establishing a TCP connection.
http.client.retryTimeout	int/msec	5000	The retry timeout in case of a connection error or an HTTP error code.
http.client.keyStore	file	file: /var/opt/neviskeybox/default/ nevisdetect/thirdparty_keystore.jks	The Java keystore file used for establishing the TLS connection.
http.client.keyStorePassword	string		The passphrase for the keystore.
http.client.trustStore	file	file: /var/opt/neviskeybox/default/ nevisdetect/thirdparty_truststore.jks	The Java truststore file used for establishing the TLS connection.
http.client.trustStorePassword	string		The passphrase for the truststore.