The user asked how to restrict access to the DEX portal - the solution provided is to use the SAML login and configure the service provider to only allow access from certain clients or IP addresses. This can be done with the Azure login option, and IP restrictions are on their way to DEX, estimated to be available in early Q1 2024.
Read the entire article here...
Security Related Training & Support Archives
Security training and support-related archives from inside the ControlUp Community on Slack.
Limiting the Number of Connections in ControlUp Real Time Console
A new user asked if there was a way to limit the number of connections in the ControlUp Real Time Console that a given user can have to the client machines. The suggestion was to use the Solve console, which the user said might not offer the same 'Incidents view'. However, the Audit Log from the Solve console can show all the triggers that were fired and actions ran, as well as limit the 'Connect to Windows Machine' permission. It was suggested to explain the resource constraints to the help desk team and rely on their own principles of self-control. There is no way to detect if too many connections are open, and the Security Policy is all or nothing.
Read the entire article here...
Read the entire article here...
Troubleshooting an Elevated Child Process Error in ControlUp
A user experienced issues running a script through ControlUp Console, getting an error message about an elevated child process. Dennis suggested it may be due to User Access Control being enabled, however it was not enabled. A further suggestion was to try the script locally with the quiet switch, however it was reported that this made no difference. Dennis explained that the difference was that a hidden window was created in the non-interactive window session.
Read the entire article here...
Read the entire article here...
Solving Issues with the ControlUp Monitors Role
A user was experiencing issues with their security policy graying out the ControlUp Monitors role, preventing access to agents. KB article on security best practises was suggested, along with adding the service account to an appropriate role. It was noted that 8.8 On-Prem was released, containing the bugfix, and that the user would be sent a download link. Release notes were also provided.
Read the entire article here...
Read the entire article here...
Locked Out of ControlUp Solve Portal Despite Permissions
A user was locked out of their Solve and DEX portals due to a permissions issue. After being granted all necessary permissions, they still couldn't access Solve from the console. It was established that the user needed the "Use Solve" right in their security policy. The user then tried a few solutions, including the add-cuuser cmdlet (https://support.controlup.com/docs/add-cuuser-create-new-solve-users#), but still could not access the portal. A restart of the monitor did not help however, so the issue is still unresolved.
Read the entire article here...
Read the entire article here...
How to Check if a User Accessed an Application such as a VPN in ControlUp
The user asked if it was possible to see if a user had used an application such as a VPN. @member recommended checking stopped processes and authentication logs, then provided a script to check the VPN default gateway. It was suggested that an alert could be set, but the user noted they were looking for a report. An update was provided, detailing how the user found the information they needed by looking at the user's login and logout times and logs. @member was thanked, and Blair was asked to set up a customer testimonial about it.
Read the entire article here...
Read the entire article here...
Implementing Multi-Tenancy for Managed Service Providers in ControlUp
A user asked who had successfully implemented multi-tenancy as a managed service provider in order to replace LogicMonitor. It was suggested to open bidirectional port 40706 between each tenant and the user's data center, and to set up certificate-based authentication. The user was advised to use 'MSP mode' and use the cert to see the parent organisation. Links to documentation were provided.
Read the entire article here...
Read the entire article here...
Sivan’s “Did You Know”: The ControlUp Audit Log
This week is about the Audit Log, which can be enabled to go to a SysLog Server or Centralized Auditing. For more information, take a look at the ControlUp support articles at https://support.controlup.com/docs/audit-log and https://support.controlup.com/docs/centralized-audit-log.
Read the entire article here...
Read the entire article here...
Restricting Access to Organization Creation in ControlUp DEX Instance
A user asked about preventing unauthorized creation of organizations in their DEX instance. They suggested a configuration option to only let full admins create new orgs. It was noted that creating a new organization requires a license and currently there is no way to block it. The user's request was added to the backlog to block organization creation to admins only.
Read the entire article here...
Read the entire article here...
Documentation on Encryption of Data Sent to AWS from Monitors
The user asked for documentation regarding the encryption of data sent to AWS from monitors. It was suggested to check out https://support.controlup.com/docs/controlup-architecture-security-concepts. All data is encrypted with the Rijndael algorithm (AES) with a 128-bit encryption key. Depending on the mode either ControlUp Cloud servers or local storage will be used to store the key.
Read the entire article here...
Read the entire article here...