nevisDetect plug-ins
The nevisDetect plug-ins are dynamically loaded by the nevisDetect Core component. Upon loading, and for each plug-in, the system automatically reads several attributes from the file /var/opt/nevisdetect/core/conf/plugins.properties
. The table below lists these attributes. Since there are multiple plug-ins, each attribute name is made unique by a counter. The value of the counter itself has no meaning. In the table, we use <n>
to denote that:
Attribute | Description |
---|---|
plugin.<n>.class | The full qualified Java class name of the plug-in. |
plugin.<n>.jar | The path of the jar file containing the plug-in class. |
plugin.<n>.configuration | The path of the configuration of the plug-in class. |
See also the following example:
# test plugin 1
plugin.1.class=ch.nevis.nevisDetect.core.test.TestPlugin
plugin.1.jar=/var/opt/nevisdetect/core/plugins/nevisdetect-core-tests.jar
plugin.1.configuration=/var/opt/nevisdetect/core/plugins/test-plugin-1.properties
# behaviosec plugin
plugin.2.class=ch.nevisDetect.plugin.behaviosec.BehavioSecPlugin
plugin.2.jar=/var/opt/nevisdetect/core/plugins/behaviosec-plugin.jar
plugin.2.configuration=/var/opt/nevisdetect/core/plugins/behaviosec-plugin.properties
BehavioSec plug-in
The table below lists the plug-in specific attributes of the BehavioSec plug-in. You specify these attributes in the file behaviosec-plugin.properties
.
Name | Type/unit | Example | Default | Description |
---|---|---|---|---|
colorCodes | list of string tuples | BehavioSecTransaction:#FF8000,BehavioSecSession:#FFFF00,BehavioSecRisk:#FF4D00 | BehavioSecTransaction:#FF8000,BehavioSecSession:#FFFF00,BehavioSecRisk:#FF4D00 | Defines the HTML color codes of the BehavioSec risk scores. The risk scores will be shown in these colors in the nevisDetect web application. |
riskScores | list of strings | BehavioSecTransaction,BehavioSecSession,BehavioSecRisk | BehavioSecTransaction,BehavioSecSession,BehavioSecRisk | Defines the plug-in risk scores that will be extracted/converted from the response of the BehavioSense service. |
proxy | DNS name/port | adnprox01.zh.adnovum.ch:3128 | Specifies the outbound proxy. This attribute is optional. | |
dashboard | URL | Specifies the URL of the BehavioSense dashboard. | ||
url | URL | Specifies the URL of the BehavioSense service. | ||
http.client.connectTimeout | int/msec | 500 | The timeout for establishing a TCP connection. | |
http.client.keyStore | file | file:/var/opt/neviskeybox/default/nevisdetect/behaviosec_keystore.jks | The Java keystore file used for establishing the TLS connection. | |
http.client.keyStorePassword | string | The passphrase for the keystore. | ||
http.client.trustStore | file | file:/var/opt/neviskeybox/default/nevisdetect/behaviosec_truststore.jks | The Java truststore file used for establishing the TLS connection. | |
http.client.trustStorePassword | string | The passphrase for the truststore. | ||
finalizeSession | boolean | true | Defines whether to call finalizeSession if the session is terminated. The default is "true". | |
training.operatorFlags | integer | 0 | Sets the operator flags for the call to the BehavioSense service in the training mode.. | |
detection.operatorFlags | integer | 0 | Sets the operator flags for the call to the BehavioSense service in the detection mode. | |
reportFlag | integer | 0 | Sets the report flag for the call to the BehavioSense service. | |
riskScoreIgnoreFlags | boolean | true | Defines if the following BehavioSec flags in the response are influencing the risk score:diError , pdError , isBot , tabAnomaly , pocAnomaly , numpadAnomaly , ipChanged , deviceChanged , isDataCorrupted , isSessionCorrupted , isReplay . If the attribute is set to "true", the above flags are ignored (that is, the flags will not influence the risk score). | |
uniqueLoginId | boolean | false | Defines whether to send the loginId (instead of the uniqueId ) to the BehavioSec plug-in. Set to "true" only if the loginId is unique. | |
supportedMimeTypes | list of strings | application/behaviosec | The MIME type(s) of the part of a multi-part HTTP request that contains BehavioSec data. |
nevisAdapt plug-in
See chapter nevisAdapt plug-in for details on the configuration.
Proxy plug-in
The table below lists the plug-in specific attributes of the Proxy plug-in. You specify these attributes in the file proxy-plugin.properties
.
Name | Type/unit | Example | Description |
---|---|---|---|
colorCodes | list of string tuples | colorCodes=CyberDetectionTCP:#DF01D7, CyberDetectionTLS:#AF01D8 | Defines the HTML color codes of plug-in's risk scores. The risk scores will be shown in these colors in the nevisDetect web application. |
description.1description.2... | string | description.1= Adapter for passing request to the cyber detection service © Company description.2= support by [email protected] | Use this attribute to add a description of the plug-in. The attribute is optional. |
name | string | CyberDetection | Specifies the name of the plug-in. |
riskScores | list of strings | riskScores=CyberDetectionTCP, CyberDetectionTLS | Specifies a list of the risk scores delivered by the plug-in. |
serviceMapping | list of string tuples | requestData: /service/processRequestData, terminateSession: /service/processSessionTermination, getVersion: /getVersion | Defines a list of supported methods and their mapping. The following methods are allowed: requestData , terminateSession , getVersion . The syntax of this attribute is: <method-name>:<path> |
url | URL | Defines the URL of the service. | |
http.client.connectTimeout | int/msec | 500 | The timeout for establishing a TCP connection. |
http.client.retryTimeout | int/msec | 5000 | The retry timeout in case of a connection error or an HTTP error code. |
http.client.keyStore | file | file: /var/opt/neviskeybox/default/ nevisdetect/thirdparty_keystore.jks | The Java keystore file used for establishing the TLS connection. |
http.client.keyStorePassword | string | The passphrase for the keystore. | |
http.client.trustStore | file | file: /var/opt/neviskeybox/default/ nevisdetect/thirdparty_truststore.jks | The Java truststore file used for establishing the TLS connection. |
http.client.trustStorePassword | string | The passphrase for the truststore. |