Accounts

Manage User Accounts in Exabeam Cloud Connectors

By default, Exabeam Cloud Connectors ship with built-in users, roles, and passwords. Passwords are stored as clear-text.

As a best practice for security, we recommend using an external LDAP/AD for users, roles and passwords management. See Active Directory Authentication.

If AD/LDAP is not available, we recommend that you change the default clear-text based passwords with a more secure hashed passwords. See Replace the Default Clear-Text Passwords Mechanism with Hashed Passwords for Exabeam Cloud Connectors.

To manage user accounts using the built-in users and roles management, see:

Add or Remove a User

To add or remove users, you must have root-level access on the Exabeam Cloud Connectors machine.

SSH into the Linux machine that hosts the Exabeam Cloud Connectors app with an account that has root-level permissions.
SSH to your Exabeam Cloud Connectors machine.
Locate the Exabeam conf files folder.
```
sudo docker volume inspect --format='{{.Mountpoint}}' sk4_conf 
```
For example /var/lib/docker/volume/sk4_conf/_data.
If your Exabeam Cloud Connectors deployment is an OEM edition, you might find the the conf folder in a different location (for example /opt/[partner name]/data/sk4).

Make a backup copy to the client-shiro.ini file in the conf folder:

sudo cp <sk4 conf folder>/shiro/client-shiro.ini<sk4 conf folder>/shiro/client-shiro.ini.orig

Edit the client-shiro.ini file. For example:

sudo vi <sk4 conf folder>/shiro/client-shiro.ini

To remove a user, delete the entry for the account including the username and password from the [USERS] section.
To add a user, add a new row for each user that you want to allow access. Each row will contain the account name, the password, and the role. Refer to the following examples for the available password storage mechanisms (clear-text or hashed).
- Clear-text password mechanism
```
[USERS]
sk4admin = s@mplePW4u$3r, sk4-admin <mynewuser>=<mynewpassword>, sk4-admin
```
  where <mynewuser> and <mynewpassword> are the username and password for the user.
- Hashed password mechanism
  To generate a hashed password, see Generate a Hashed Password for the Exabeam Cloud Connectors Platform.
```
[USERS]
sk4admin =4f553c2977303e6727e4e6686fc16971cced06a2cc66, sk4-admin <mynewuser>=727e4e6686fc16971cced06a2cc6669a73d9f38942cf, sk4-admin
```
  where <mynewuser> and 727e4e6686fc16971cced06a2cc6669a73d9f38942cf are the username and password for the user.
When done editing, save the changes and exit the editor.
Restart the Exabeam Cloud Connectors service.
```
sudo systemctl restart sk4compose
```

Reset a User's Password

To reset a user's password, you must have root-level access on the Exabeam Cloud Connectors machine.

SSH into the Linux machine that hosts the Exabeam Cloud Connectors app with an account that has root-level permissions.
Locate the Exabeam conf files folder.
```
sudo docker volume inspect --format='{{.Mountpoint}}' sk4_conf
```
For example, /var/lib/docker/volume/sk4_conf/_data.
If your Exabeam Cloud Connectors deployment is an OEM edition, you might find the the conf folder in a different location (for example /opt/[partner name]/data/sk4).

Create a backup copy of the client-shiro.ini file in the conf folder.

sudo cp <sk4 conf folder>/shiro/client-shiro.ini <sk4 conf folder>/shiro/client-shiro.ini.ori

Edit the client-shiro.ini file.

sudo vi <sk4 conf folder>/shiro/client-shiro.ini

Under the [USERS] section, locate the account for which you want to supply a new password. There are two password storage mechanisms available: clear-text or hashed.
- Clear-text password mechanism
```
[USERS]
sk4adminuser = <newpassword>, sk4-admin
```
  Set the new password for the user account.
- Hashed password mechanism
  To generate a hashed password, see Generate a Hashed Password for the Exabeam Cloud Connectors Platform.
```
[USERS]
sk4adminuser = 2977303e6727e4e6686fc16971cc, sk4-admin
```
  Set the new hashed password for the user account.
When done editing, save the changes and exit the editor.
Restart the Exabeam Cloud Connectors service.
```
sudo systemctl restart sk4compose
```

Reset a Cloud Connector Account

If needed, you can reset a cloud connector account to delete the previous tasks of the connector and bring the connector back to its initialized state.

The tasks of the connector are the tasks that sync events from the endpoints. If the cloud connector accumulates too many tasks, you can reset the cloud connector. To reset a cloud connector account, perform the following steps:

Log on to the Exabeam Cloud Connector platform with your registered credentials.
Navigate to Settings > Accounts.
Click the account name that you want to reset.
For the Exabeam Cloud Connectors platform version 2.4.206 and later, in the right pane, click RESET.

For the Exabeam Cloud Connectors platform version earlier than 2.4.206, perform the following steps:

Click the account that you want to reset.
In the right pane, copy the cloud connector ID.

On the host computer, in root user, paste the following function in bash:

function reset_connector(){ local IDS_RAW=$1 local IDS="\\'${IDS_RAW}\\'" docker exec --user postgres sk4postgres bash -c "psql -v ids=$IDS -v ep=$EP_NAME -d skyformationdb &lt;&lt; EOF create view def_to_delete (id) as select id from task_definitions where executor in (:ids); create view tasks_to_delete as select id from task_instances where definition_id in (select id from def_to_delete); delete from def_runtime where definition_id in (select id from def_to_delete); delete from task_instances where id in (select id from tasks_to_delete); delete from task_definitions where id in (select id from def_to_delete); drop view if exists tasks_to_delete; drop view if exists def_to_delete; EOF " }

Run the function after adding the connector ID. For example:
```
reset_connector <my-connector-32-char-id-here>
```

Modify Account and Endpoint Sync Frequency

Each account holds multiple endpoints. To change the frequency of an endpoint sync, you must enter the account configuration and configure the event-endpoint-setting for the specific endpoint for which you want to change the frequency.

Log on to the Exabeam Cloud Connectors platform with your registered credentials.
Select Settings > Accounts.
Click the account name that you want to modify.
On the right side panel, select Advanced.
The JSON editor displays.

In the JSON file, search for the event-endpoint-setting field that contains settings for each of the endpoints.

For example, in the following JSON file, the record displays the min-sync-period as 600.

       // removed for brevity     
       "endpoint-name": "cloud-trail",
       "is-active": false,
       "events-sync-target": "local-bus",
       "event-types": [
       // removed for brevity
       ],
    "configuration": {
     "type": "time-series",
     "apiUsageLimit": null,
     "is-auto-abort": false,
     "timeout": 600,
     "max-number-of-open-task": 16,
     "recovery-level": [
        // removed for brevity
     ],
     "additional-properties": [],
     "past-sync-period": 604800,
     "data-availability-delay": 900,
     "min-sync-period": 600,
     "max-sync-period": 3600,
     "data-time-order": "descending",
     "api-usage-limit": null
  }

Based on the type of cloud connector, the JSON file shows the entry min-sync-period or the entry frequency which indicates the minimum time the cloud connector platform syncs events, in seconds.

Edit the minimum sync period based on your requirement. For example, if the JSON record shows "min-sync-period": 600 indicating that the minimum sync period is set to 10 minutes, and you want Exabeam to sync events every minute, update the minimum sync period to 60 by updating the JSON entry to "min-sync-period": 60.
Save the updated JSON file.
Navigate to the Accounts page to stop the account.
Wait for two minutes and start the account to implement the change in the minimum sync period.

Cloud ConnectorsCloud Connectors Troubleshooting

Table of ContentsTable of Contents