Security hardening
EventLog Analyzer provides numerous security settings to strengthen account security. The Security Hardening feature enables you to configure and manage all these settings in one place.
The dashboard lists the available security settings with a corresponding security score that is calculated based on the importance of the enabled configuration(s).
To manage individual settings, click the option against the target security setting and make the required changes. Once the process is complete, the option will have a green tick next to it, as shown in the image above.
A description for each setting is provided below:
- Enforce HTTPS* - Enabling this setting helps establish a secure connection between the web browsers used to access EventLog Analyzer and the EventLog Analyzer server.
- Change Default Admin Password* - Change the default admin password within 30 days of signing up. Choose a unique password that fits the application's complexity requirement.
- Enforce Two Factor Authentication* - Add a second layer of security and prevent unauthorized access to EventLog Analyzer.
- Enable CAPTCHA - Include CAPTCHA as a security measure in the login process to secure the account from brute force attacks. You can choose whether to show CAPTCHA always or only after a certain number of invalid login attempts.
- Block Invalid Login Attempts - Block a particular user from accessing the account after a specific number of failed login attempts.
- Automatic update for critical security fixes - Automatically install updates for highly critical security issues.
* - The highlighted settings are mandatory for EventLog Analyzer. The others are enabled by default in the application. You can turn them off manually to match your preference.
To ensure that you don't miss configuring any important security settings, EventLog Analyzer sends the following alerts:
- Licensed users will receive a popup after every successful login to complete the mandatory security configurations.
- Admin accounts will be prompted to change the default admin password.
- A security alert will be displayed in the notification center until the security score reaches 100%.
Note: The security settings alerts will also be included under the License tab and will be emailed to you along with product downtime and start-up emails.