This guide provides our recommendations and best practices for the Administrator who is configuring Unomaly for a team or organization. After reading this guide, you should understand how to get data into Unomaly, manage the systems, and set up user accounts for your team or organization.

Securing the Unomaly instance

Most administrating and troubleshooting tasks on Unomaly require you to work from the console menu, a command line interface available on each Unomaly instance. After installing Unomaly, you need to use the console menu to configure the new instance. Afterwards, you will need to use the console menu to update the license and automatically update Unomaly. For security reasons, we recommend that you restrict access to the console menu and change the password. See "The Unomaly console menu".

Getting data into Unomaly

Getting data into Unomaly means configuring the systems you want to monitor to send their logs to the Unomaly instance. The data can be forwarded directly from physical and virtual systems or log aggregators and other third party systems. See “Data inputs overview”.

Unomaly tracks the systems that send data to it in the Systems view. This view also indicates which systems are active (currently sending data), in training (active and still being learned), or disabled (currently not being analyzed). In a brand new Unomaly installation, the systems will be in training for at least two weeks, though the length of time can vary depending on the quality of the data. When you add new systems to existing installations, you can expect a shorter training period. See “How Unomaly learns behavior”

Unomaly processes all events in real time as the data arrives, regardless of the format or structure of the data. If Unomaly is not parsing the data and displaying the events correctly, it might be an issue with tokenization. If you need to customize the way that Unomaly tokenizes data, contact Unomaly Support for help.

Managing systems and groups

The Systems view enables you to track all the systems that have sent data or currently send their data to the Unomaly instance. Because a single Unomaly instance can manage data from hundred of systems, it’s important to organize the systems into groups and subgroups.

When creating groups, the best practice is to choose a name that describes the common characteristics of the systems you will add to the group. Group names cannot include spaces. The following are examples of groups:

  • Systems of similar type, such as webserver and firewall
  • Systems that fulfill a service or function, such as Customer_portal
  • Systems that are related or share ownership, such as IBM_systems
  • Systems that share physical locations, such as Europe and Americas

Each system can be in more than one group, so you can have different levels of granularity. This can be important when you need to define conditions and actions based on systems and groups. See “Create groups of systems”.

Inviting colleagues to use Unomaly

Unomaly supports three different roles when setting up user accounts: Administrator, Standard User, and Limited User. These roles allow you to invite team members to access the Unomaly instance while restricting what actions they can perform. See “Add and edit accounts”.

  • Administrators can access everything. As an administrator, you can change settings on the instance, add and edit systems, invite new users, and so on.
  • Standard Users have the privileges of an administrator, except that they cannot add, edit, or remove user accounts.
  • Limited Users can view systems, learnings, and situations. They cannot change system settings or access user settings.

Unomaly supports configuring multiple authentication providers. By default, Unomaly uses its built-in user database to authenticate users. This means that users will log in with the username and password you configure. Other options include:

Next steps

Now that you’ve set up your data and teams in Unomaly, the next steps include: