Objective
Improve the overall safety of your EventLog Analyzer setup by enabling key security settings that protect access, data, and system behavior. All of these settings can be managed easily from one place: the Security Hardening dashboard.
Prerequisite
- Make sure you're logged in with an account that has Administrator access to the Security Hardening section under Settings > Admin Settings >Product Settings (Category: General).
- Internet connection to the server and access to http://creator.zoho.com/ for Automatic Update for Critical Security Fixes
Steps to follow
Step 1: Go to Settings > Admin Settings >General:Product Settings> Security Hardening in EventLog Analyzer.
Step 2: You'll see a dashboard with a list of important security settings and your current security score.
Step 3: For each item listed, click the Configure or Enable button to turn it on or change its setting:
- Enforce HTTPS – Makes sure your browser talks to the server in a safe, encrypted way.
- Protects against attackers who try to listen in on your connection.
- Needs an SSL certificate to work.
- Change the Default Admin Password – You must replace the default password with a strong one.
- Prevents attackers from easily logging in with a well-known password.
- Use a mix of uppercase, lowercase, numbers, and symbols.
- Enforce Two-Factor Authentication (2FA) – Adds an extra step during login to confirm your identity.
- Even if someone knows your password, they can’t log in without a second code.
- Works with apps like Google Authenticator.
- Please click this link for more details regarding 2FA options in EventLog Analyzer.
- Enable CAPTCHA – Adds a simple “Are you a robot?” test to the login screen.
- Blocks bots and automated tools from trying to guess your password.
- Please click this link for more details regarding CAPTCHA options.
- Block Invalid Login Attempts – Temporarily locks out anyone who fails to log in multiple times.
- Stops hackers from trying passwords repeatedly.
- You can set how many tries are allowed before the block.
- Security Patch Update – Whenever critical vulnerabilities are discovered in EventLog Analyzer, a targeted security patch file update is released to mitigate associated risks.
- The security patch will be pushed at 12am, and service restart will be triggered.
- For instance, if a specific JSON file is found to be vulnerable, only that file will be replaced as part of the patch.
- To ensure automatic updates are applied, please verify that the EventLog Analyzer server has internet connectivity and access to http://creator.zoho.com/
- Enable Encryption for Log Archival – Keeps old log files safe by encrypting them when stored.
- Prevents others from reading archived logs without permission.
- Important for audits and compliance.
Step 4: As you complete each setting, it will show a green check mark.
Step 5: Your goal is to reach 100% completion. The product will keep reminding you until it’s done.
Tips
- Items like HTTPS, Admin password change, and 2FA are mandatory. Others are highly recommended.
- You'll receive alerts and popups if anything critical is still pending.
- Start with the most critical settings (like passwords and 2FA) first.
- Test major changes in a test setup before rolling them out in your live environment.
Related topics and articles
- Logon Settings – includes CAPTCHA, password policy, 2FA, smart card login, IP restrictions