Settings Overview

nano provides comprehensive configuration options to customize your security monitoring environment. The Settings section allows you to configure system behavior, integrations, user access, and data processing options.

Settings Categories

Enrichments

Configure IP geolocation, ASN data, and threat intelligence sources to automatically enhance your log data with contextual information.

Key Features:

• IPInfo Lite integration for geolocation data
• Automatic IP enrichment during ingestion
• Configurable sync schedules
• Built-in testing and validation tools

Configure Enrichments →

Access Control

Manage users, roles, and permissions to control who can access different parts of nano and what actions they can perform.

Key Features:

• Role-based access control (RBAC)
• User and group management
• API key management
• Session monitoring
• OIDC/SSO integration

Manage Access Control →

AI & Detection

Configure AI-powered features including automatic detection tuning, query assistance, and parser generation.

Key Features:

• meloD AI integration (AWS Bedrock)
• Automatic detection rule tuning
• AI-powered query suggestions
• Parser generation assistance

Configure AI Features →

Data Management

Control data retention, storage optimization, and system performance settings.

Key Features:

• Data retention policies
• Storage optimization
• Prevalence tracking configuration
• Risk scoring settings

Manage Data Settings →

Integrations

Configure external integrations including cloud credentials, notification channels, and third-party services.

Key Features:

• Cloud credentials (AWS, GCP, Kafka)
• Notification settings
• Webhook configurations
• External API integrations

Setup Integrations →

Platform Audit

Monitor all administrative actions across nano with comprehensive audit logging to ClickHouse.

Key Features:

• Full searchability of all admin actions
• Build detection rules on platform activity
• Compliance reporting and dashboards
• Track authentication, user management, rule changes, and more

Configure Platform Audit →

System

Configure core system settings including performance tuning, logging, and maintenance options.

Key Features:

• Performance optimization
• System monitoring
• Maintenance schedules

System Configuration →

Quick Start

First-Time Setup

1. Configure Enrichments

   • Set up IPInfo Lite for IP geolocation
   • Enable automatic enrichment for new logs
   • Test enrichment with known IP addresses

2. Set Up Access Control

   • Create user accounts for your team
   • Define roles and permissions
   • Configure SSO if needed

3. Enable AI Features (Optional)

   • Configure AWS Bedrock credentials
   • Enable automatic detection tuning
   • Set up AI query assistance

4. Configure Data Retention

   • Set retention policies for different data types
   • Configure storage optimization
   • Set up automated cleanup

Common Configuration Tasks

Enable IP Enrichment:

Settings → Enrichments → IPInfo Lite → Configure URL → Sync Data → Enable

Create New User:

Settings → Access Control → Users → Add User → Assign Roles

Set Up Cloud Credentials:

Settings → Integrations → Cloud Credentials → Add Credential

Configure Data Retention:

Settings → Data Management → Retention → Set Policies

Security Best Practices

Access Control

• Use strong passwords and enable MFA where possible
• Follow principle of least privilege for role assignments
• Regularly review user access and remove unused accounts
• Monitor session activity and set appropriate timeouts

API Security

• Rotate API keys regularly
• Use specific permissions for API keys
• Monitor API usage and set rate limits
• Secure API key storage and transmission

Data Protection

• Configure appropriate data retention periods
• Enable audit logging for sensitive operations
• Use encrypted connections for all integrations
• Regularly backup configuration settings

Network Security

• Restrict access to settings pages by IP/network
• Use TLS for all external integrations
• Validate webhook signatures where supported
• Monitor for unauthorized configuration changes

Configuration Management

Backup and Restore

Export Configuration:

# Export all settings
curl -H "Authorization: Bearer $API_KEY" \
  http://nanosiem:3000/api/settings/export > settings-backup.json

# Export specific category
curl -H "Authorization: Bearer $API_KEY" \
  http://nanosiem:3000/api/settings/export?category=enrichments > enrichments-backup.json

Import Configuration:

# Import settings
curl -X POST -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d @settings-backup.json \
  http://nanosiem:3000/api/settings/import

Version Control

Track configuration changes:

• All settings changes are logged in the audit log
• Export configurations before major changes
• Use descriptive commit messages for configuration updates
• Test configuration changes in staging environment first

Environment Management

Development vs Production:

• Use separate credentials for each environment
• Configure different retention policies
• Adjust performance settings based on load
• Use environment-specific notification channels

Monitoring Settings Health

Key Metrics to Monitor

Enrichment Health:

• Sync success rate and timing
• Data freshness (last successful sync)
• Lookup performance and coverage
• Error rates and failure patterns

Access Control:

• Failed login attempts
• Privilege escalation attempts
• Unusual access patterns
• Session duration and activity

System Performance:

• Configuration load times
• API response times
• Database connection health
• Resource utilization

Alerting Recommendations

Set up alerts for:

• Enrichment sync failures (>2 consecutive failures)
• Unauthorized configuration changes
• API rate limit violations
• System resource exhaustion
• Failed authentication attempts (>5 in 10 minutes)

Troubleshooting

Common Issues

Settings Not Saving:

• Check user permissions for the settings category
• Verify API connectivity and authentication
• Review browser console for JavaScript errors
• Check server logs for validation errors

Enrichment Not Working:

• Verify enrichment source is enabled
• Check sync status and error messages
• Test with known IP addresses
• Review ingestion logs for errors

Access Control Issues:

• Verify role assignments and permissions
• Check group membership and inheritance
• Review OIDC configuration if using SSO
• Test with different user accounts

Performance Problems:

• Review resource allocation settings
• Check database connection pooling
• Monitor query performance
• Adjust batch sizes and timeouts

Getting Help

1. Check Documentation: Review the specific settings page documentation
2. Review Logs: Check system logs for error messages
3. Test Configuration: Use built-in testing tools where available
4. Community Support: Ask questions in the community forums
5. Professional Support: Contact support for enterprise deployments

Next Steps

Choose the settings category most relevant to your current needs:

• New Deployment: Start with Enrichments and Access Control
• Security Focus: Configure Access Control and Platform Audit
• Storage & Performance: Review Storage and Prevalence
• AI Features: Set up AI Settings configuration

Each settings page provides detailed configuration instructions, best practices, and troubleshooting guidance.