Settings Reference¶
The faraday-manage settings command manages Faraday server configuration modules. Settings are stored in the database and affect server behavior at runtime.
settings¶
faraday-manage settings [OPTIONS] [NAME]
Options¶
| Option | Type | Default | Description |
|---|---|---|---|
-a, --action |
Choice: show, update, list, clear |
list |
Action to perform |
--data |
String (JSON) | — | Settings values as a JSON string (for non-interactive update) |
Arguments¶
| Argument | Required | Description |
|---|---|---|
NAME |
Required for show, update, clear |
Settings module name (case-insensitive) |
Actions¶
| Action | Description |
|---|---|
list |
Display all available settings module names |
show |
Display the current values for a specific settings module |
update |
Modify settings interactively or via --data JSON |
clear |
Reset a settings module to its default values |
Examples¶
# List all available settings modules
faraday-manage settings
faraday-manage settings -a list
# Show current SMTP settings
faraday-manage settings -a show smtp
# Update ELK settings interactively (prompts for each field)
faraday-manage settings -a update elk
# Update settings non-interactively via JSON
faraday-manage settings -a update elk --data '{"enabled": true, "username": "elastic", "password": "changeme", "host": "https://localhost", "port": 9200, "ignore_ssl": false}'
# Reset dashboard settings to defaults
faraday-manage settings -a clear dashboard
Non-Interactive Updates¶
When using --data with JSON, all fields must be provided with the correct types. Missing or mistyped fields will cause an error:
Missing or Invalid value for <field_name> [<provided_value>]
After a non-interactive update, changes are applied without a confirmation prompt.
Interactive Updates¶
Without --data, the command prompts for each field showing the current value as default. After entering all values, a confirmation prompt is displayed:
Do you confirm your changes on smtp?
----------------------
enabled: True
username: notifications@example.com
...
Important: After modifying settings, restart the Faraday server for changes to take effect:
systemctl restart faraday-server
Available Settings Modules¶
Community Edition¶
| Module | Settings ID | Description |
|---|---|---|
| SMTP | smtp |
Email server configuration for notifications |
| Dashboard | dashboard |
Dashboard display options |
| Reports | reports |
Report generation settings |
| ELK | elk |
Elasticsearch integration for vulnerability ingestion |
| Query Limits | query_limits |
API query result limits |
Commercial/Professional Edition Only¶
| Module | Settings ID | Description |
|---|---|---|
| Executive Reports | executive_reports |
Executive report formatting (markdown, border size) |
| SAML | saml |
SAML Single Sign-On configuration |
SMTP¶
Email server configuration for Faraday notifications.
Settings ID: smtp
| Parameter | Type | Default | Required | Description |
|---|---|---|---|---|
enabled |
Boolean | false |
Yes | Enable/disable SMTP email sending |
username |
String | "" |
Yes* | SMTP authentication username |
password |
String | "" |
Yes* | SMTP authentication password |
host |
String | "" |
Yes* | SMTP server hostname |
port |
Integer | 25 |
Yes | SMTP server port |
sender |
"user@example.com" |
Yes | Sender email address | |
ssl |
Boolean | false |
Yes | Enable SSL/TLS for SMTP connection |
* Required when enabled is true. If SMTP is enabled, username, password, and host must not be empty.
Validation¶
When enabled is true, the command validates that username, password, and host are non-empty. Empty values produce:
<field> is required if smtp is enabled
Example¶
# Interactive setup
faraday-manage settings -a update smtp
# Non-interactive setup
faraday-manage settings -a update smtp --data '{
"enabled": true,
"username": "notifications@company.com",
"password": "smtp-password",
"host": "smtp.company.com",
"port": 587,
"sender": "faraday@company.com",
"ssl": true
}'
Dashboard¶
Dashboard display configuration.
Settings ID: dashboard
| Parameter | Type | Default | Description |
|---|---|---|---|
show_vulns_by_price |
Boolean | false |
Show vulnerabilities organized by price/cost in the dashboard view |
Example¶
faraday-manage settings -a show dashboard
faraday-manage settings -a update dashboard --data '{"show_vulns_by_price": true}'
Reports¶
Report generation settings, including custom plugin directory configuration.
Settings ID: reports
| Parameter | Type | Default | Description |
|---|---|---|---|
custom_plugins_folder |
String | "" |
Filesystem path to a directory containing custom report plugins |
Validation¶
If custom_plugins_folder is specified, it must be an existing directory on the filesystem. An invalid path produces:
<path> is not valid path
Example¶
# Show current reports settings
faraday-manage settings -a show reports
# Set custom plugins folder
faraday-manage settings -a update reports --data '{"custom_plugins_folder": "/opt/faraday/custom-plugins"}'
ELK¶
Elasticsearch integration settings. Used by the faraday-manage ingest command to connect to an Elasticsearch instance for vulnerability data indexing.
Settings ID: elk
| Parameter | Type | Default | Required | Description |
|---|---|---|---|---|
enabled |
Boolean | false |
Yes | Enable/disable Elasticsearch integration |
username |
String | "" |
Yes* | Elasticsearch authentication username |
password |
String | "" |
Yes* | Elasticsearch authentication password |
host |
String | "" |
Yes* | Elasticsearch host URL (e.g., https://localhost) |
port |
Integer | 9200 |
Yes* | Elasticsearch port |
ignore_ssl |
Boolean | false |
Yes | Skip SSL certificate verification |
* Required when enabled is true. All four fields (username, password, host, port) must be provided.
Validation¶
- When
enabledistrue:username,password,host, andportmust all be non-empty - For Python Elasticsearch client versions < 8:
hostmust be a valid URL format (e.g.,https://elasticsearch.example.com) - For Python Elasticsearch client versions >= 8:
hostcan be a hostname or URL
Example¶
# Configure Elasticsearch connection
faraday-manage settings -a update elk --data '{
"enabled": true,
"username": "elastic",
"password": "changeme",
"host": "https://elasticsearch.local",
"port": 9200,
"ignore_ssl": false
}'
# Test the connection after configuring
faraday-manage ingest --test-connection
Related¶
See [[integrations]] for the ingest command that uses these settings.
Query Limits¶
Configure limits on API query results to control resource usage.
Settings ID: query_limits
| Parameter | Type | Default | Validation | Description |
|---|---|---|---|---|
vuln_query_limit |
Integer | 0 |
Must be >= 0 | Maximum number of vulnerabilities returned per API query. 0 = unlimited. |
Example¶
# Show current query limits
faraday-manage settings -a show query_limits
# Set a limit of 10,000 vulnerabilities per query
faraday-manage settings -a update query_limits --data '{"vuln_query_limit": 10000}'
# Remove the limit (unlimited)
faraday-manage settings -a update query_limits --data '{"vuln_query_limit": 0}'
Commercial Edition Settings¶
The following settings modules are available in the Commercial/Professional edition only.
Executive Reports¶
Settings ID: executive_reports
| Parameter | Type | Description |
|---|---|---|
markdown |
Boolean | Enable Markdown rendering in executive reports |
border_size |
Integer | Border size for report formatting |
faraday-manage settings -a update executive_reports
# markdown: True
# border_size: 3
SAML¶
Settings ID: saml
| Parameter | Type | Description |
|---|---|---|
enabled |
Boolean | Enable SAML SSO |
display_name |
String | Identity provider display name |
identity_id |
String | Identity provider entity ID |
user_role |
String | Default role for SAML-authenticated users |
attribute_identifier |
String | SAML attribute used as user identifier |
sso_url |
String | SSO login URL |
sp_certificate |
String | Service provider certificate |
sp_private_key |
String | Service provider private key |
idp_certificate |
String | Identity provider certificate |
faraday-manage settings -a update saml