Added new Health status page to display the current state of different components in the product through Health Modules. These modules can be configured to trigger notification alert emails when an error is detected. The following modules are currently available:
License Expiration – Checks the number of days left on the license and can trigger warning and error notifications based on days left.
Syslog Inactivity – Checks active syslog ports for data being sent and triggers alert when no data is received in a configurable time period. Module also checks for valid data being received instead of just any data and triggers different error alert accordingly.
Reporting
Dashboard
Visualizer
Added an extensive library of preconfigured charts for users to select when creating new panels.
Library
Updated product to use most recent MySQL library (8.0.33).
Corrections
Dashboard
Removed “AVG Daily Usage” and “AVG Daily Ingestion” tiles because metric is not useful when combined with metric data removal as it is currently. Results include large possible negative numbers.
Added new Health status page to display the current state of different components in the product through Health Modules. These modules can be configured to trigger notification alert emails when an error is detected. The following modules are currently available:
License Expiration – Checks the number of days left on the license and can trigger warning and error notifications based on days left.
Syslog Inactivity – Checks active syslog ports for data being sent and triggers alert when no data is received in a configurable time period. Module also checks for valid data being received instead of just any data and triggers different error alert accordingly.
Reporting
Dashboard
Visualizer
Added an extensive library of preconfigured charts for users to select when creating new panels.
Library
Updated product to use most recent MySQL library (8.0.33).
Corrections
Dashboard
Removed “AVG Daily Usage” and “AVG Daily Ingestion” tiles because metric is not useful when combined with metric data removal as it is currently. Results include large possible negative numbers.
To configure access for Cyfin to Microsoft 365 Defender you will have to create a new Azure Application registration, this will again return Oauth tokens with access to the Microsoft 365 Defender API
The procedure to create an application is found on the below link:
When giving the application the API permissions described in the documentation (Incident.Read.All) it will only grant access to read Incidents from 365 Defender and nothing else in the Azure Domain.
After the application has been created, it should contain 3 values that you need to apply to the module configuration.
These values are:
Client ID
Tenant ID
Client Secret
In Cyfin go to Data Management -> Setup and select Microsoft Defender
Now input the 3 values gathered from the previous steps
Once this application is registered note the Application (client) ID and the Directory (tenant) ID. Then configure the authentication in the Certificates & Secrets section from the link provided above.
Configure Cyfin
Navigate to ‘Data Management – Log Data Source – Setup’
Select ‘Create New’ from the configuration dropdown and click ‘Next’
Click Office365 from the listed options
Fill in the appropriate fields with information gathered from the prerequisites. See below image.
Once completed continue to the next screen and name your configuration then click next once more to save.
This information applies to version 9.2.8 and earlier.
The default Dashboard (high-level) database is Derby. However, if you have over 2,500 users, we recommend that you use SQL Server. The latest version, SQL Server 2016, is supported.
The following instructions apply to CyBlock Software and Cyfin version 9.2.8 and later.
When creating a MySQL database from the Data Management – Report Database – Configuration – Settings screen, set the proper character set using the command-line MySQL client.
On the Required Database Setup page, for Option A, step 3, the command is “CREATE DATABASE superview CHARACTER SET latin1.”
Note: Development of MySQL Query Browser has been discontinued, but MySQL Workbench is available.
If reports are empty and returning an error, there are a few things to check.
Are the logs for your selected time frame valid? (Data Management – Log Data Source – Viewer¹).
If utilizing the Report Database, have logs for your selected time frame been imported? (Data Management – Report Database – Viewer²).
– (If raw logs are valid but have not been imported, you can manually import them by going to Data Management – Report Database – Import – Manual³.)
Be sure that users are correctly configured to go through the proxy.
—
¹ Versions 6.8.3a/8.8.3a and earlier: Logfiles – Viewer
² Versions 6.8.3a/8.8.3a and earlier: Logfiles – Data Manager – Import Data – Viewer
³ Versions 6.8.3a/8.8.3a and earlier: Logfiles – Data Manager – Import Data – Import – Manual