This guide provides our recommendations and best practices for the Administrator who is configuring Unomaly for a team or organization. After reading this guide, you should understand how to get data into Unomaly, manage the systems, and set up user accounts for your team or organization.
Securing the Unomaly instance
Most administrating and troubleshooting tasks on Unomaly require you to work from the console menu, a command line interface available on each Unomaly instance. After installing Unomaly, you need to use the console menu to configure the new instance. Afterwards, you will need to use the console menu to update the license and automatically update Unomaly. For security reasons, we recommend that you restrict access to the console menu and change the password. See "The Unomaly console menu".
Getting data into Unomaly
Getting data into Unomaly means configuring the systems you want to monitor to send their logs to the Unomaly instance. The data can be forwarded directly from physical and virtual systems or log aggregators and other third party systems. See “Data inputs overview”.
Unomaly tracks the systems that send data to it in the Systems view. This view also indicates which systems are active (currently sending data), in training (active and still being learned), or disabled (currently not being analyzed). In a brand new Unomaly installation, the systems will be in training for at least two weeks, though the length of time can vary depending on the quality of the data. When you add new systems to existing installations, you can expect a shorter training period. See “How Unomaly learns behavior”
Unomaly processes all events in real time as the data arrives, regardless of the format or structure of the data. If Unomaly is not parsing the data and displaying the events correctly, it might be an issue with tokenization. If you need to customize the way that Unomaly tokenizes data, contact Unomaly Support for help.
Managing systems and groups
The Systems view enables you to track all the systems that have sent data or currently send their data to the Unomaly instance. Because a single Unomaly instance can manage data from hundred of systems, it’s important to organize the systems into groups and subgroups.
When creating groups, the best practice is to choose a name that describes the common characteristics of the systems you will add to the group. Group names cannot include spaces. The following are examples of groups:
- Systems of similar type, such as
- Systems that fulfill a service or function, such as
- Systems that are related or share ownership, such as
- Systems that share physical locations, such as
Each system can be in more than one group, so you can have different levels of granularity. This can be important when you need to define conditions and actions based on systems and groups. See “Create groups of systems”.
Inviting colleagues to use Unomaly
Unomaly supports three different roles when setting up user accounts: Administrator, Standard User, and Limited User. These roles allow you to invite team members to access the Unomaly instance while restricting what actions they can perform. See “Add and edit accounts”.
- Administrators can access everything. As an administrator, you can change settings on the instance, add and edit systems, invite new users, and so on.
- Standard Users have the privileges of an administrator, except that they cannot add, edit, or remove user accounts.
- Limited Users can view systems, learnings, and situations. They cannot change system settings or access user settings.
Unomaly supports configuring multiple authentication providers. By default, Unomaly uses its built-in user database to authenticate users. This means that users will log in with the username and password you configure. Other options include:
- (Recommended) Enabling SAML authentication for single sign-on with your existing identity provider, such as Google, Okta, and Microsoft AD FS.
- Configuring Unomaly to authenticate against LDAP directories, such as Microsoft Active Directory (AD) or OpenLDAP.
Now that you’ve set up your data and teams in Unomaly, the next steps include:
- Creating filtered views to save shortcuts to the situations you want to see most.
- Defining actions for Unomaly to notify you and your team when certain events are seen or conditions are met.
- Defining the workflows that make it possible for your team and organization to always stay ahead of incidents.
Did this article help you?
Thank you for the feedback!