Home
Administration Guide
Administration, configuration, and management tasks needed for the optimal use of Seeker
System Administration
Seeker provides a set of tools that enable administrators to configure, customize, and fine-tune various features and capabilities of the system, as well as integrate external tools.
Configure HTTPS Certificates
If you want to use a secure protocol for Seeker communications, configure HTTPS certificates.
Enabling Server-Agent Mutual Authentication
Configure Server for Mutual Authentication
Configure the Seeker server to enable mutual authentication with the Agents.

Administration Guide
Administration, configuration, and management tasks needed for the optimal use of Seeker
- System Administration
  Seeker provides a set of tools that enable administrators to configure, customize, and fine-tune various features and capabilities of the system, as well as integrate external tools.
  - Configure Server URL
    The URL of the Enterprise Server is set after installation, but you can change it at any time as required.
  - Customize Seeker Connection Settings
    By default, Seeker uses fixed port numbers for external communications. If needed, you can customize some of these port numbers.
  - Configure HTTPS Certificates
    If you want to use a secure protocol for Seeker communications, configure HTTPS certificates.
    - Create Custom Server Certificate
      Configure Seeker to use your own trusted certificate.
    - Enabling Server-Agent Mutual Authentication
      - Configure Server for Mutual Authentication
        Configure the Seeker server to enable mutual authentication with the Agents.
      - Configure Java Agent for Mutual Authentication
        Configure a Java Agent to enable mutual authentication with the Seeker server.
      - Configure .NET and Node.js Agents for Mutual Authentication
        Configure a .NET Core, .NET Framework, or Node.js Agent to enable mutual authentication with the Seeker server.
  - Configure Automatic Project Creation
    Enable the global feature of automatic creation of regular projects within composite projects. This can greatly simplify the onboarding of new applications that are composed of multiple microservices.
  - Set up License
    To use Seeker, you need to set up a valid license for the product.
  - Configure Project Templates
    Save time and effort by creating project templates that enable you to share configuration settings between multiple projects.
  - Configure Compliance Policies
    Configure compliance policies to apply to your Seeker projects.
  - Configure Custom Reports
    Customize the Seeker reports by configuring additional filters. These custom reports can be generated on demand from the Export menu, or included in periodic email digests.
  - Configure Custom Tags
    Seeker supports defining custom tags and applying them to vulnerabilities. This helps you filter and manage vulnerabilities more effectively.
  - Configuring Integration with External Tools
    Seeker brings additional functionality by seamless integration with external Black Duck and third-party tools.
  - Configure Notification Rules
    Configure Seeker to take automatic actions upon vulnerability detection: create a ticket in a bug tracking system or send notifications to the relevant recipients.
  - Configure Vulnerability Lifecycle Management
    Define how to manage vulnerabilities when they move through their lifecycle stages in Seeker.
  - Configure Automatic Hot Backup
    Configure a recurrent automatic hot backup of the Seeker detection and configuration data. This data can be restored from backup at any point.
  - Configure Server JVM Options
    Fine-tune the performance of Seeker server by configuring its Java Virtual Machine (JVM) options.
  - Create Linux Service to Start/Stop Seeker
    To start and stop Seeker on a Linux machine, create a custom systemd service.
  - Logging
  - Customize the Sign-In Page
    Customize your Seeker sign-in page to display your brand logo and custom sign-on messages.
  - Configure Proxies for External Systems
    If Seeker cannot connect directly to an external system, configure and use a proxy for connection.
- User Administration
  Introduces the Seeker role-based access control (RBAC) concept, and outlines the user administration tasks.
- Project Administration
  Management and configuration tasks that Seeker administrators can perform for projects.
- Maintenance
  To ensure your Seeker system's health, perform periodic maintenance tasks.
- Using APIs
  Seeker provides a set of Web (REST) APIs that expose its basic functionality. You can use these APIs to automate various administration tasks, such as managing projects, exporting vulnerabilities or creating a diagnostic dump.
- Appendix A. Seeker Environment Variables
  Seeker uses a number of operating system (OS) environment variables and Java Virtual Machine (JVM) properties that administrators can configure to customize and fine-tune the behavior of Seeker server and Agents.

Configure Server for Mutual Authentication

Configure the Seeker server to enable mutual authentication with the Agents.

Make sure that your Seeker server certificate is signed by your organization's root Certificate Authority (CA), and that the root Certificate Authority (CA) is trusted by both server and Agent machines.

CAUTION:

Currently, this is supported for the Java, .NET Core, .NET Framework, and Node.js Agents only. If you have other technologies in your environment, enabling mutual authentication will block other Agents.

Open the SEEKER_HOME_DIR/server/conf/nginx.conf file for editing.

Comment the # handle routing without mutual authentication section:

# handle routing without mutual authentication
# location / {
#     # if user agent header is a known seeker agent (Seeker <TECH> Agent) route to sensor
#     if ($http_user_agent ~ "Seeker.*Agent") {
#         proxy_pass  http://seeker_sensor;
#     }
#     # else, route to server
#     proxy_pass http://seeker_server;
# }

Uncomment the # handle routing with mutual authentication section:

# handle routing with mutual authentication
# client certificate
ssl_client_certificate /path/to/ca.crt;
# make verification optional, so we can display a 403 message to those
# who fail authentication
ssl_verify_client optional;
location / {
    set $tmp 0;
    # if user agent header is a known seeker agent (Seeker <TECH> Agent) enable 1 bit
    if ($http_user_agent ~ "Seeker.*Agent") {
        set $tmp 1;
    }
    # if ssl verification passed enable another bit
    if ($ssl_client_verify = SUCCESS) {
        set $tmp "${tmp}1";
    }
    # if this is an agent request and SSL is ok, route to sensor
    if ($tmp = 11) {
        proxy_pass  http://seeker_sensor;
    }
    # if this is an agent request and SSL failed, return 403
    if ($tmp = 1) {
        return 403;
    }
 
    # else, route to server
    proxy_pass http://seeker_server;
}

In the ssl_client_certificate /path/to/ca.crt; line, change the path to point to your own certificate.