Enterprise grade security
Encryption
Encrypt communication between Arex components
Arex supports encrypting any communication stream between different Arex components:
- All communications between various Arex components (such as Arex server, proxies, agents and command-line utilities) support TLS protocol
- Support for certificate and pre-shared key encryption
- Encryption is optional and configurable for individual components
- All sensitive information is encrypted and can be stored in an external Vault for additional security
- Select from a list of supported encryption algorithms based on your security policy
Flexible Permissions
Restrict access with a flexible permission schema
Arex provides a flexible user permission schema which can be efficiently used to manage user permissions within one Arex installation or in a distributed environment.
You can define three levels of permissions:
- Read-write – a read-write access
- Read-only – a read-only access
- Deny – access denied
User types are used to define access to administrative functions and to specify default permissions:
- Arex User have read-only permissions on collected data and events
- Arex Admins can manage your monitoring configuration and read the collected data and events
- Arex Super Admins are capable of managing Arex instance configuration, in addition to having Arex Admin privileges
User Roles
Secure your workflow with User Roles
Create your own custom user roles with a granular set of permissions for different types of users in your environment.
User roles also enable you to Hide or show Arex UI elements to fit the needs of your users and customers.
With user Roles you can:
- Limit access to specific UI elements
- Limit access to performing specific actions in the UI
- Create an allow or deny list for specific API methods
User Authentication
Authenticate users by utilizing existing infrastructure
Integrate Arex together with your existing authentication mechanisms. Arex supports a variety of authentication methods:
- Internal Arex logins
- HTTP authentication
- Support for multi-factor authentication
- Define your own password complexity requirements
- LDAP authentication
- SAML authentication
- Single sign-on authentication
- Native integration with Active Directory
With native support for HTTP, LDAP and SAML authentication you can provide an additional layer of security and improve the user experience while working with Arex.
Secret Vault
Keep secrets secure
Once entered, you have the option to hide your sensitive information from prying eyes:
- Hide your usernames, passwords, authentication keys and other sensitive information
- Hidden information cannot be retrieved via API or configuration export
Deploy an external vault to keep your secrets under tight control:
- Unified storage for all your secrets
- Strict limitations for accessing the vault
- Detailed vault level audit log
- Store your secrets in Arex vault
Configuration Changes Tracking
Keep track of configuration changes
Track changes in your environment by utilizing the Audit log:
- Find out which user made changes to any Arex entities
- Tracks the IP address from which the user logged into Arex
- Filter the audit log and follow changes made by a specific user on a particular resource
- Export full or filtered audit log via API for further analysis
Restrict Data Collection
Restrict data collection
Restrict access to sensitive information by limiting which metrics can be collected in your environment:
- Define metric allow and deny lists
- Prevent unsanctioned access to sensitive information
- Restrict the direction of network communication
- Permit connections only to and from specified end-points
- Restrict unencrypted connections to your monitoring targets