Skip to content

User Guide

User Guide


Account Settings


You can view and edit current user's account settings (Display Name, Email address and password) via this view.


About Overview


Overview provides information regarding license information and registered nodes. Note that licensing quota is based on number of Detect nodes with an expiration date.

Registered Node Information table provides details on actively running PADAS instances (other than this manager).


Topics


Upon initial login, PADAS Manager checks whether all required topics are created and available. If any one of the required topics is missing, you'll be redirected to Topics view in order to view and update existing settings. This is a simple interface to create required Kafka topics through PADAS Manager interface.

Important Note: Number of partitions can NOT be changed/updated once a topic is created. This value depends on your data volume and scalability requirements. If you need to change/update this value for any reason, the topic will need to be deleted and created again with new values. For more information regarding topics, please refer to Topic Properties

If you need more control over topic creation, please consult your Kafka/PADAS administrator; you can also refer to Confluent Documentation.


Properties


Properties view provides configuration entries for Detect and Transform Engine components. You can click Edit button to enter in edit mode and make changes. Following table provides information on the form fields.

NOTE: You can upload (click Upload Properties from File button) and/or download (click Download Properties button) properties as a file. A sample properties file for Winlogbeat transformations can be found here: Winlogbeat Sysmon and Security

NOTE: You can click Add New Transformation button to add new input topics for analysis. The input topic must exist prior to starting PADAS Transform Engine.

NOTE: After any configuration changes, you will need to restart the corresponding component(s) (i.e. Detect and/or Transform Engine(s)). PADAS instances read and load the configuration upon starting.


{% include docs/props_detect.md %}



{% include docs/props_transform.md %}


Properties View Sample


Rules


Rules view provides configuration entries for Detect Engine rules that are applicable to various data models (as specified in transformations or padas_events topic). Relevant schema for PADAS topics can be found here.

NOTE: You can upload (click Upload Rules from File button) and/or download (click Download Rules button) rules as a JSON file. An out-of-the-box JSON rule file is provided for Winlogbeat according to MITRE ATT&CK framework and can be found here: padasRules.json

NOTE: You can click Add New Rule button to add new detection rule.

NOTE: Any change in detection rules is effective immediately (updates padas_rules topic) and does NOT require any restart/refresh.


{% include docs/props_rules.md %}


Rules View Sample