1. Logsign Support Center
  2. Logsign Unified SecOps Platform
  3. System

Logsign SIEM Security Policy Guide

Updated

1. Overview

The Logsign SIEM Security settings page provides centralised control over three distinct policy areas: Password Policy, Session Policy, and Login Policy. Together, these controls define how users authenticate, how long their sessions remain active, and how the platform responds to repeated failed login attempts.

 

This guide covers all configurable fields visible on the Settings › System › Security screen:

  • Password Policy — complexity requirements, expiry, and reuse prevention
  • Session Policy — absolute session timeout and idle timeout
  • Login Policy — account lockout on repeated failed attempts
  • API Key — platform API access credential management

 

All settings on this page apply globally to every user account on the Logsign SIEM platform. Changes take effect immediately after clicking Save.

2. Navigation

Access all Security Policy settings via the top navigation bar:

 

Settings  ›  System  ›  Security

 

3. Security Settings Screen

The screenshot below shows the complete Security settings page, including all three policy sections and the API Key area.

 

 

Figure 1 — Settings › System › Security — Full policy configuration screen

4. Password Policy

The Password Policy section enforces authentication standards for all user accounts. Settings take effect only when the Enable Password Policies master toggle is turned ON.

 

4.1 Configuration Reference

 

SettingValueStatusDescription
Enable Password PoliciesEnabledMaster switch. When OFF all complexity and expiry rules below are suspended platform-wide.
Min. Number of Characters6ActiveMinimum total password length. Current value of 6 is below recommended thresholds for production environments.
Min. Lowercase Letters1ActivePassword must contain at least 1 lowercase character (a–z).
Min. Uppercase Letters1ActivePassword must contain at least 1 uppercase character (A–Z).
Min. Digits or Symbols1ActivePassword must contain at least 1 digit (0–9) or special character (e.g. !@#$%).
Force Change PasswordDisabledWhen enabled, users are forced to reset their password on the next login. Useful after incidents or for temporary credentials.
Password Must Be Changed0 MonthsNever ExpiresPassword rotation interval. A value of 0 means passwords never expire. Set to 3–12 months for compliance.
Prevent Password RepetitionDisabledWhen enabled, users cannot reuse previously set passwords. The reuse history depth is controlled by Prevent Password Count.

 

4.2 Setting Details

Enable Password Policies

This is the master toggle for the entire Password Policy module. All rules in this section are enforced only when set to ON. Disabling this toggle removes all password restrictions across the platform.

Minimum Character Length

Defines the shortest acceptable password. The current value is 6. NIST SP 800-63B recommends a minimum of 8 characters; PCI-DSS v4.0 requires at least 12 for cardholder data environments.

Character Complexity Rules

Three independent thresholds work together to enforce password diversity:

  • Minimum Lowercase Letters (1) — requires at least one a–z character.
  • Minimum Uppercase Letters (1) — requires at least one A–Z character.
  • Minimum Digits or Symbols (1) — requires at least one numeric digit or special character.

Force Change Password

When toggled ON, this setting prompts users to set a new password at their next login. Recommended during incident response, after bulk account provisioning, or following a credential audit.

Password Must Be Changed

Sets a mandatory rotation interval measured in months. A value of 0 disables expiry entirely. For regulated environments (PCI-DSS, HIPAA, ISO 27001) a 90-day (3-month) or 180-day (6-month) cycle is standard.

Prevent Password Repetition

When enabled, the platform retains a history of previous passwords and rejects any new password that matches an entry in that history. The depth of the history is configured via the Prevent Password Count field (visible when enabled).

4.3 Security Recommendations

 

SettingCurrent ValueRecommendation
Min. Characters6Increase to 10–12. Short passwords are vulnerable to brute-force and dictionary attacks.
Password ExpiryNever (0 months)Set to 90 days (3 months) or 180 days (6 months) to satisfy common compliance frameworks.
Force Change PasswordDisabledEnable during incident response or when issuing temporary credentials to new accounts.
Prevent RepetitionDisabledEnable and set Prevent Password Count to 5–10 to block short-cycle reuse patterns.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.