Modify the default configurations

You can modify default settings as an admin in Exposure Analytics.

Turn on or turn off enrichment rules for entity discovery

To turn on or turn off the enrichment rules for all entity discovery, follow these steps:

  1. Select Configure and then All configurations.

  2. In the Exposure analytics section, select Configuration settings and then Default configurations.

  3. Turn on or turn off Enrichment rules.

Allow or disallow editing field priorities

To allow or disallow users to edit field priorities, follow these steps:

  1. Select Configure and then All configurations.

  2. In the Exposure analytics section, select Configuration settings and then Default configurations.

  3. Turn on or turn off Edit field priorities.

Turn on or turn off ephemeral asset or user discovery

Ephemeral assets and users are short-lived entities that appear briefly in your environment and might not persist beyond a set period of time.

When you turn on ephemeral detection in Exposure Analytics, the app labels any newly discovered assets or users as ephemeral for the time window you define.

For example, if you turn on ephemeral assets and set the discovery time window to less than 5 days, then an asset discovered for the first time on day 1 is considered an ephemeral asset until it's discovered again past day 5.

To update ephemeral asset and user settings, follow these steps:

  1. Select Configure and then All configurations.

  2. In the Exposure analytics section, select Configuration settings and then Default configurations.

  3. Select Edit for Ephemeral assets and users.

  4. Turn on or turn off the options for Asset and User.

  5. Enter a number of days for Seen for less than.

  6. (Optional) Deselect the check box for Apply to all asset types and Appy to all user types to make particular asset and user types ephemeral.

  7. Select Update.

Turn on compatibility with federated transparent mode

Turn on Exposure Analytics compatibility with federated search provider transparent mode.
Note: Only turn on this setting if you've already configured Federated Search in the Splunk platform.
To turn on the setting, follow these steps:
  1. Select Configure and then All configurations.

  2. In the Exposure analytics section, select Configuration settings and then Default configurations.

  3. Select the toggle switch for Federated transparent mode compatibility to turn it on.

Edit data source indexes

Data source indexes are what the data models use for entity discovery sources.

To edit the indexes for each processing type, follow these steps:

  1. Select Configure and then All configurations.

  2. In the Exposure analytics section, select Configuration settings and then Default configurations.

  3. Select Edit for Data source indexes.

  4. To add indexes for a processing type, enter a comma separated list of indexes for that processing type.

  5. Select Update.

Edit asset types

Exposure Analytics includes several predefined asset types, but you can also add your own additional asset types or modify the predefined ones to better support your organization's asset discovery and analysis.

Exposure Analytics includes the following asset types:

  • Server
  • Workstation
  • Network
  • VOIP
  • IoT
  • OT
  • Mobile
  • Uncategorized
    Note: You can't modify the Uncategorized asset type. Uncategorized assets are assets that have been discovered, but don't yet have a known asset type. Uncategorized assets can change to a different

    predefined

    asset type as Exposure Analytics receives more information about the asset.
Follow these steps:
  1. Select Configure and then All configurations.

  2. In the Exposure analytics section, select Configuration settings and then Default configurations.

  3. Select Edit for Asset types.

  4. To add a new asset type, select Add asset type.

    1. Enter a name for the asset type.

    2. Select an icon to represent the asset type.

  5. To return to the default asset types, select Reset to defaults.

  6. To remove an asset type, select Remove.

  7. Select Update.

Edit user types

Exposure Analytics includes a few predefined user types. You can modify these user types or add your own additional ones. User types fall under two categories: Human or non-human. Human identities are tied to individual users. Non-human users can span multiple systems, and they might be shared amongst several users. If compromised, they can expose a large portion of your environment.

The following are the default human users:

  • User: Standard accounts for employees or contractors.

  • Admin: Privileged accounts for individuals who need special permissions.

The following are the default non-human users:

  • Service: Accounts used by applications or systems. For example, a service account might be deployed on every company laptop.

  • Key: Credentials that can be copied and shared to connect to APIs.

To edit user types, follow these steps:

  1. Select Configure and then All configurations.

  2. In the Exposure analytics section, select Configuration settings and then Default configurations.

  3. Select Edit for User types.

  4. To add a new asset type, select Add user type.

    1. Enter a name for the user type.

    2. Select an icon to represent the user type.

  5. To return to the default user types, select Reset to defaults.

  6. To remove an user type, select Remove.

  7. Select Update.