Quick Start: Administrators
Each user's function working with Stellar Cyber can vary. In many deployments, the administrator will have a different perspective than an analyst. During initial setup and on an ongoing basis, you will use the Stellar Cyber user interface to integrate data sources, configure dashboards and automations, and manage the server and users. Those configuration settings are spread throughout the Stellar Cyber interface.
After reviewing the main Getting Started topic, you may find this section helpful to familiarize yourself with the location of configuration pages you may need.
-
When you install your Stellar Cyber components, you may follow a sequence similar to below. Use this as a guide while you review the links for configuration and administration.
-
Install and license your Data Processor.
-
Configure Stellar Cyber Server.
-
Web server, certificates, SSO / 2FA
-
Mail server / SMTP
-
Users, Tenants, Tenant Groups
-
Backup and storage
-
-
Add / customize Data Analyzer configurations.
-
Install sensors and parsers.
-
Add connectors and parsers with their associated profiles.
-
Configure Automated Threat Hunting playbooks.
-
-
This list highlights settings for the server itself
-
The System | Administration section addresses the server-level settings such as users, tenants, licensing,
-
As part of your installation, you use the System | Settings page to configure
-
The SMTP parameters for the system, used for system issues and email alerts, is configured from the System | Mail server menu.
-
Ideally, you will configure external storage, cold storage, and backup plans during your installation process. The System | Data Management page is used to configure all your storage options and schedule backups and perform recovery.
-
The steps to install your data processor include configuration of a Data Analyzer and Data Lake. Familiarize yourself with these screens, available in the System | Data Processor section. The Data Analyzer must be set up prior to configuring sensors and collectors.
-
In the System | Administration section, create and manage users from Users and Role-based Access Control. Even if you have configured SSO, you will still need to set certain user access parameters.
-
For partner and MSSP deployments, configure Tenants and Tenant Groups, depending on your organizational needs.
-
View license consumption from the System | Licensing screen or Respond | Reports | License Usage tab.
-
-
The following list highlights configurations related to data integration and response, which you begin to use after the fundamental aspects of the server are configured.
-
In the System | Data Processor section, you'll find configurations for storage, analytics and other resources for the data processor itself.
-
Take a look at the Ports list so you are familiar with the ingoing and outgoing ports that are required for your deployment plan.
-
External sources for ingestion and response (Connectors and Sensors
-
Windows and Linux server sensors are deployed from the System | Collection section.
-
Each sensor must be associated with a sensor profile, which in turn must be associated with a specific receiver. Receivers are also configured from the Collection section.
-
To manage the volume of data ingested from sensors, you can also set up traffic and log filters; these are accessed from the Collection section.
-
Dashboards are configured from the Visualize menu. You can use these dashboards to configure and schedule reports Reporting functions are accessible from the Respond menu.
-
Either you or an analyst can configure custom, automated threat hunting actions from the Respond | Automation menu. These automated playbooks based on specific data and conditions are configured to perform a response action. The System | Configuration section includes options to configure recipients on the server, scripts, and other settings to support playbooks and other general functions.
-
