System Configuration Best Practices
Topics
Security Best Practices
Access Control:
Apply principle of least privilege
Conduct quarterly access reviews
Use time-limited elevated access for emergencies
Monitor for privilege escalation attempts
Authentication:
Enable multi-factor authentication for administrators
Enforce strong password policies
Monitor failed login attempts
Implement account lockout policies
Session Management:
Configure appropriate session timeouts
Monitor concurrent sessions
Log all session activities
Implement geographic restrictions if needed
Operational Best Practices
User Lifecycle:
Standardize onboarding procedures
Implement automated offboarding
Maintain current department assignments
Regular cleanup of dormant accounts
Role Management:
Use predefined roles when possible
Document custom role purposes
Regular role effectiveness reviews
Avoid excessive role proliferation
Monitoring:
Set up alerts for unusual access patterns
Monitor API key usage
Track role assignment changes
Regular audit log reviews
Performance Optimization
User Database:
Regular database maintenance
Optimize queries for user lookups
Monitor authentication response times
Plan for user growth
Session Storage:
Allocate sufficient Redis memory
Monitor session storage performance
Implement session cleanup procedures
Plan for concurrent user loads
Troubleshooting
Common Issues
Authentication Failures:
grep "authentication failed" /var/log/energylogserver/auth.log
curl "https://els-console:9200/api/v1/users/username" \
-H "Authorization: Bearer API_KEY"
grep "password policy" /var/log/energylogserver/auth.log
Session Issues:
redis-cli info memory
redis-cli keys "session:*" | wc -l
grep "session timeout" /var/log/energylogserver/session.log
grep "concurrent session limit" /var/log/energylogserver/session.log
Role Assignment Problems:
curl "https://els-console:9200/api/v1/roles" \
-H "Authorization: Bearer API_KEY"
curl "https://els-console:9200/api/v1/users/username/roles" \
-H "Authorization: Bearer API_KEY"
grep "permission denied" /var/log/energylogserver/auth.log
Diagnostic Commands
User Account Diagnostics:
curl "https://els-console:9200/api/v1/users" \
-H "Authorization: Bearer API_KEY" | jq '.[]'
curl "https://els-console:9200/api/v1/users?status=locked" \
-H "Authorization: Bearer API_KEY"
curl "https://els-console:9200/api/v1/users?last_login_before=30d" \
-H "Authorization: Bearer API_KEY"
Role and Permission Diagnostics:
curl "https://els-console:9200/api/v1/roles?include_permissions=true" \
-H "Authorization: Bearer API_KEY"
curl "https://els-console:9200/api/v1/users/username/effective_permissions" \
-H "Authorization: Bearer API_KEY"
Migration and Upgrade Notes
Version Considerations
When upgrading Energylogserver SIEM, user management changes include:
From Previous Versions:
User “logserver” replaced with “admin” (handled automatically in upgrade)
Enhanced role granularity (existing roles mapped automatically)
Improved session management (existing sessions remain valid)
API key format updates (existing keys remain functional)
Post-Upgrade Verification:
Test user authentication
Verify role assignments
Check API functionality
Validate session management
Review audit log continuity
Migration from Legacy Systems
Data Export/Import:
curl "https://old-siem:9200/api/v1/users/export" > users_backup.json
curl -X POST "https://els-console:9200/api/v1/users/import" \
-H "Authorization: Bearer API_KEY" \
-H "Content-Type: application/json" \
-d @users_backup.json
Role Mapping:
Map legacy roles to Energylogserver equivalents
Review and adjust permissions as needed
Test functionality with mapped roles
Update documentation for new role structure
This streamlined approach to user management provides essential functionality while avoiding duplication of authentication methods covered in the Configuration chapter. Focus remains on practical user lifecycle operations, role management, and compliance requirements specific to security operations teams.