Administration Archives - Wavecrest Knowledge Base

CyBlock VM Installation Instructions

CyBlock can be deployed in VMware and Hyper-V environments. Installation instructions are available in the admin guides for your particular setup. Click the appropriate Admin Guide link below.

VMware

CyBlock VM Admin Guide

Use this guide for installing CyBlock and a metric server, or CyBlock and an array of metric servers.

Hyper-V

CyBlock Hyper-V Installer Guide

Use this guide for installing CyBlock and a metric server, or CyBlock and an array of metric servers on Hyper-V CV 8.0 and earlier.

If you have any questions, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

About Licensing and Data Source Modules

Category: Administration

Metric Server Management

Category: Administration

v9.6.6 Release Notes for CyBlock Software & Virtual Appliance Release Notes

Category: Administration

Enhancements

Reports
- Templates
  - Updated libraries used by Report Template to eliminate potential vulnerabilities.
- Dashboard
  - Visualizer
    - Updated libraries used by visualizer to eliminate potential vulnerabilities.

Corrections

Reports
- Templates
  - Corrected issue with running reports on nested groups where users from a subgroup would not be included in report.
- Dashboard
  - Visualizer
    - Corrected issue with editing a panel where the bar chart previews would not render.

v9.6.5 Release Notes for CyBlock Software & Virtual Appliance Release Notes

Category: Administration, Data Manager, Release Notes

Enhancements

Health
- Added new Health status page to display the current state of different components in the product through Health Modules. These modules can be configured to trigger notification alert emails when an error is detected. The following modules are currently available:
  - License Expiration – Checks the number of days left on the license and can trigger warning and error notifications based on days left.
  - Syslog Inactivity – Checks active syslog ports for data being sent and triggers alert when no data is received in a configurable time period. Module also checks for valid data being received instead of just any data and triggers different error alert accordingly.
Reporting
- Dashboard
  - Visualizer
    - Added an extensive library of preconfigured charts for users to select when creating new panels.
Library
- Updated product to use most recent MySQL library (8.0.33).

Corrections

Dashboard
- Removed “AVG Daily Usage” and “AVG Daily Ingestion” tiles because metric is not useful when combined with metric data removal as it is currently. Results include large possible negative numbers.

v9.6.5 Release Notes for Cyfin

Category: Administration, Data Manager, Release Notes

Enhancements

Health
- Added new Health status page to display the current state of different components in the product through Health Modules. These modules can be configured to trigger notification alert emails when an error is detected. The following modules are currently available:
  - License Expiration – Checks the number of days left on the license and can trigger warning and error notifications based on days left.
  - Syslog Inactivity – Checks active syslog ports for data being sent and triggers alert when no data is received in a configurable time period. Module also checks for valid data being received instead of just any data and triggers different error alert accordingly.
Reporting
- Dashboard
  - Visualizer
    - Added an extensive library of preconfigured charts for users to select when creating new panels.
Library
- Updated product to use most recent MySQL library (8.0.33).

Corrections

Dashboard
- Removed “AVG Daily Usage” and “AVG Daily Ingestion” tiles because metric is not useful when combined with metric data removal as it is currently. Results include large possible negative numbers.

Microsoft Defender Data Source Settings

Category: Administration, Data Manager, Reporting

To configure access for Cyfin to Microsoft 365 Defender you will have to create a new Azure Application registration, this will again return Oauth tokens with access to the Microsoft 365 Defender API

The procedure to create an application is found on the below link:

Create a new Azure Application

When giving the application the API permissions described in the documentation (Incident.Read.All) it will only grant access to read Incidents from 365 Defender and nothing else in the Azure Domain.

After the application has been created, it should contain 3 values that you need to apply to the module configuration.

These values are:

Client ID
Tenant ID
Client Secret

In Cyfin go to Data Management -> Setup and select Microsoft Defender

Now input the 3 values gathered from the previous steps

Cyfin Cloud Getting Started Guide

Category: Administration

Getting Started Checklist

This checklist is provided for getting Cyfin Cloud up and running. It involves the following steps:

Provisioning

Provide your company name
Syslog protocol preference:
- UDP (recommended default)
- TCP
- SSL
Provide time zone(s) of your firewall(s)
What is your data retention requirement
What is your targeted start date to begin your evaluation

Starting Evaluation

After providing the above provisioning information to your rep you will receive an email that will contain the following:

Connection information to your newly provisioned Cyfin Cloud instance
Temporary password

IMPORTANT NOTE: Your Firewall by default may block outbound syslog messages. Please make sure you have a security policy in place that will allow outbound connections to your new Cyfin Cloud instance and port number.

Resources

Technical Support contact information:
- Tel: 321-953-5351, Ext. 4.
- Email: support@wavecrest.net .
- Live Chat at https://www.wavecrest.net and select Support via the drop-down menu.
Sales contact information:
- Tel: 321-953-5351, Ext. 3.
- Email: sales@wavecrest.net .

v9.5.2 Release Notes for CyBlock Software & Virtual Appliance Release Notes

Category: Administration

Enhancements

Managing Metric Server Data Storage and Provisioning
- Log in to Cyfin and your company’s personalized storage metrics will be detailed on the homepage. You will find the Average Daily Data Volume, Storage Remaining, and Days Remaining. This information will provide the ability to calculate your specific storage needs:
  - Avg. Daily Data Volume – Average amount of data stored per day.
  - Est. Days Remaining – Days remaining until total storage is used.
  - Storage Remaining – Amount and percentage of storage available.
  - Total Storage – Maximum storage provisioned.

v9.5.2 Release Notes for Cyfin

Category: Administration

Enhancements

Managing Metric Server Data Storage and Provisioning
- Log in to Cyfin and your company’s personalized storage metrics will be detailed on the homepage. You will find the Average Daily Data Volume, Storage Remaining, and Days Remaining. This information will provide the ability to calculate your specific storage needs:
  - Avg. Daily Data Volume – Average amount of data stored per day.
  - Est. Days Remaining – Days remaining until total storage is used.
  - Storage Remaining – Amount and percentage of storage available.
  - Total Storage – Maximum storage provisioned.