System Config

The System Config section in CYRISMA allows administrators to configure the system to meet organizational needs. While the default settings are functional, it’s recommended to tailor these configurations for optimal compliance and usability.

System Configuration Settings

1. Authentication Type:
   • Default is set to "Local" for cloud-based instances.
2. Two-Factor Authentication:
   • Enables OTP (One-Time Passcode) for login security.
   • OTP is sent to the user’s registered email address.
3. Two-Factor Authentication Timeout:
   • Specifies the validity period of the OTP in hours.
4. Password Expiration:
   • Sets the duration for password validity (e.g., 90 days). Users are prompted for password renewal before expiration.
5. Secure Location:
   • Define a file path where sensitive files are moved during mitigation actions. The secure location must be accessible by CYRISMA agents.
   • Agents replicate the original file’s directory structure in this secure path.
6. Retention:
   • Maximum retention period for reports is 3651 days. Adjust as per local policy.
7. Approval:
   • Default for cloud-based systems is automatic. Approval settings are not utilized in mitigation actions.
8. Risk Grade Span:
   • Choose between monthly or quarterly intervals for risk grade comparison.
9. Risk Suppression Duration:
   • Suppresses identified risks for a set duration (e.g., 90 days), allowing mitigation without displaying the suppressed risks in new scans.
10. Mitigation Notification Days:

• Select the days users receive notifications about expiring or overdue mitigation plans.

11. Currency Type:

• Set the currency for the instance’s locale, ensuring financial values are displayed correctly.

Notification Config Settings

The Notification Config section customizes alerts for various CYRISMA activities. Key features include:

1. Email Alerts:
   • Toggles to enable/disable email notifications for specific notification types.
2. PSA System:
   • Toggles to enable/disable alerts for configured PSA systems.
3. Trigger Type/Value:
   • Defines how frequently notifications are sent (e.g., minutes, hours, daily).
4. Scheduled Time:
   • Configures a specific time for daily notifications.
5. Users Configured:
   • Displays the list of users assigned to receive notifications for a specific type.
6. PSA Profile:
   • Allows assigning profiles for notifications to the PSA system.

Setting Up Notifications

Each notification type allows for granular control:

• Agent Notifications: Configure alerts for agent activities like provisioning, check-in failures, or inactivity.
• Mitigation Notifications: Alerts for assignments, completion, overdue actions, and reassignments.
• Scan Notifications: Notifications for the completion of scans (Data, Vulnerability, Secure Baseline, etc.).