5. Configuring NP-Connect and Notifications

You are here:
< All Topics

Overview

Once logged in, users will have access to the NP-Live home page on which they can manage their workspaces. A demo workspace should have been automatically created to enable them to explore the various features of NP-Live.  Using the +New function, the user can create an empty workspace to manually import files or setup automated connectors.  To manually import files, simply drag and drop the required files onto the topology map and they will automatically be loaded.  Alternatively, the user can select the +Import Data function from the main menu, and select manual import.

Once one or more workspaces have been created, the user can configure automated imports through NP-Connect, as well as automated reporting through the Notification Manager. NP-Connect can be accessed through the main menu (+Import Data) and then New Connector to setup a connector group

The configuration steps for NP-Connect are:

  • Setup up connector group
  • Configure device or device manager connector
  • Assign workspace
  • View results.

NP-Connect

NP-Connect is a lightweight standalone application designed to automate the secure retrieval of configuration files from firewalls, routers, switches, and network device configuration managers. NP-Connect hosts one or more connectors that securely retrieves configuration files at a specific frequency. By default, NP-Connect is accessible through HTTPS on port TCP/8443 of the NP-Live server and is isolated for security reason.

Configuring NP-Connect

NP-Connect is used to automate the fetching of data from devices and Network Management Systems.  Proper setup of NP-Connect is required to ensure continuous compliance and security monitoring.

The first time an administrator accesses NP-Connect from NP-Live (+Import Data -> New connector -> Manage connectors with NP-Connect), they are required to define a Connector group name and a secure passphrase. The Connector group name will be used to create the encrypted connector file store. Connector information is encrypted at rest and in transit using a passphrase protected PGP key. Only system administrators know the passphrase and the passphrase is never stored. Once initiated, NP-Connect runs in the background collecting network information.  If NP-Connect is restarted, the administrator has to re-authenticate to re-activate the process. Users can create multiple connector groups and each will require their own login.

To add a new connector, select “+Add new connector”  button and a list of available Devices and Network management System connectors is presented. Upon selecting the Device or Network Management System to add, the user is requested to fill in connection information. The user must enter a Connector name (no spaces), host name, and credentials.  The user can then verify the credentials are correct with the “Test access” button.  Additional information may also be required based on the connector selected.  Finally, a refresh schedule can be selected and a list of workspace the user wishes the device to be added can be input. The user can then test the connector or add the connector to complete the operation.

Note:  Workspaces must be added to the connector for data to be transferred and displayed in the workspace.  If workspaces are added after a connector is setup, data will not be sent to the workspace until the next scheduled import and a configuration change is identified.  Creating workspaces before connectors facilitates faster visualization of data.

Once the connector is added, a tile is added to the NP-Connect home page.  From the tile, the user can run the connector, pause the connector, edit the connector, copy the connector or delete the connector.  To delete the connector group, the user can select delete from the top right drop down.

In some instances, the Linux distribution is preventing NP-Connect (Docker) from initiating connections to outside devices. The solution is to update the firewall settings on the Linux distribution using the following commands:
# firewall-cmd –zone=public –add-masquerade –permanent
# firewall-cmd –reload
# systemctl restart docker

Configuring Read-only Access to Cisco

The NP-Live Connector for Cisco uses a read-only SSH connection to collect the output of the show running-config command. It is best practice to create a dedicated read-only user on your Cisco devices when configuring NP-Connect. Here are the commands to only give the minimum permissions needed for this user:

conf t
aaa authorization command LOCAL
privilege show level 2 mode exec command running-config
privilege cmd level 2 mode exec command terminal
username $USERNAME password $PASSWORD priv 2
end

NP-Live Connector for Forescout

The NP-Live Connector for Forescout 8.1 and later enables integration between CounterACT and NP-Live such that network device configuration files managed by CounterACT can be automatically imported into NP-Live and aggregated into specific workspaces. Currently, Cisco switches are supported through the Forescout Switch Plugin.

  • Download the Forescout Extended Module for NP-Live from https://updates.forescout.com.
  • Start your Forescout Console and login into Enterprise Manager.
  • Then open “Options”, select “Modules”, and install the fpi.
  • Detailed instruction can be Found Here.

To request additional support for this connector or to request support for other devices, please contact support@network-perception.com.

NP-Connect + Samba (SMB) Access Error

When connecting NP-Connect to a Windows Server using SMB, an error message may occur.

This error can be caused by two communication scenarios between Linux and Window.  Either SMB encryption is enabled on the Server or SPN target name validation level is enabled (or both).  To check which of these features is causing the issue, Run PowerShell on the Windows Server as administrator and run the following command: Get-SmbServerConfiguration

If EncryptData = True, it can be disabled using: Set-SmbServerConfiguration -EncryptData 0

If SmbServerNameHardeningLevel is set to any value other than the default of 0 run: Set-SmbServerConfiguration -SmbServerNameHardeningLevel 0 to restore the default.

Configuring Notification Manager

Notification manager is used to configure services and rules for generating and sending system notifications about Workspaces.  Before rules can be configured in notification manger, the administrator is required to configure at least one notification service.  Services include: e-mail, STIX/TAXII, SIEM (Syslog), and select ticketing systems.

  • SMTP configuration requires a server IP address, communication port, user id and password.  Note that a firewall port may need to be opened for NP-Live to communicate with your SMTP server.
  • Syslog configuration requires a server IP address and a communication port.
  • ServiceNow configuration requires a server address, user name and password.
  • TAXII configuration requires a server address, server port, data path and a destination collection name.

Notification Rules

NP-Live can automatically send reports by email for changes and activities impacting your workspaces. Select the system menu (top right corner) and then “Notification management” to setup rules. Rules can be set to precisely choose which activities and events to include in notifications.  When configuring the notification rule, the user will select a service to deliver the notification to, the workspace to be monitored and frequency the report should be delivered. After that, the criterion for generating the report is selected with the ability to trigger on keywords, sanitize the output and save he report for future viewing.

Next: Workspaces, Reports and Dashboards

Once configured, please proceed to the Workspaces, Reports and Dashboards section of the Knowledge Base to continue with you NP-Live onboarding journey.

Table of Contents