Configure the Center

Install Cisco Cyber Vision

Access the Cisco Cyber Vision installation wizard:

Procedure

Step 1

With your browser, access https://<CENTERNAME>/.

Note

 

Accessing the Center using its name enables HTTPS secure interface. Yet, this requires a DNS or local host configuration to associate the name and the IP address. The Center access through its IP address is possible but the connection is not secure.

Step 2

The setup wizard used for the first access to Cisco Cyber Vision is displayed:

Step 3

Create an admin account:

Step 4

Step 5

Enter the information required.

Note

 

Email will be asked for login access.

Note

 

Passwords must contain at least 6 characters and comply with the rules below. Passwords:

  • Must contain a lower case character: a-z.

  • Must contain an upper case character: A-Z.

  • Must contain a numeric character: 0-9.

  • Cannot contain the user id.

  • Must contain a special character: ~!"#$%&’()*+,-./:;<=>?@[]^_{|}.

Passwords should be changed regularly to ensure the integrity of the platform and the industrial network security.

Note

 

You can reset users using the following command in the Center's CLI:

sbs-db reset-users

Step 6

Accept the software license agreement:

Step 7

Step 8

Finish the installation:

The Center is now correctly installed and Cisco Cyber Vision is ready to operate.

Step 9

Click Start to Explore.

Cisco Cyber Vision installation is now complete.

What to do next

If you aim to use an enterprise certificate, proceed with Configure the user interface security.

If you already installed a self-signed certificate, and if you are installing a Global Center or a synchronized Center, proceed with Configure Center data synchronization.

If you already installed a self-signed certificate, and if you are installing a standalone Center, you can start installing the sensors. To do so, refer to the corresponding Cisco Cyber Vision Sensor Installation Guides.

Cisco Cyber Vision configuration

Once the Basic Center configuration is done, you must connect through a web browser to the URL displayed on the last step of the basic configuration wizard (i.e. the Center's IP address). A message saying that the URL is not secure will appear.

Then, you will configure the Centers data synchronization (Global Center and its Centers' only).

Browser requirements:

Cisco Cyber Vision supports Chrome 54, Firefox 49 and newer versions.

Install the certificate in your browser

This task explains how to intall a Cisco Cyber Vision self-signed certificate in your browser.

Before you begin

Perform this task if you aim to install a self-signed certificate. If you're planning to use an enterprise certificate, proceed directly with Install Cisco Cyber Vision.

Procedure

Step 1

Open your browser.

Step 2

Enter 'http://<CENTERIPADDRESS>/ca.crt' inside the search bar.

The certificate is downloaded.

Step 3

Save the certificate on your computer.

Step 4

In the browser, access the settings.

Example: Chrome

Step 5

Type 'certificate' in the search bar and access the certificates management menu.

Step 6

Access the Trusted Root Certification tab and click Import.

A certificate importation wizard opens.

Step 7

Go to the next step.

Step 8

Search for the certificate you downloaded earlier.

Step 9

Go to the next step.

Step 10

Accept the default values by accessing the next step.

Step 11

The certificate is now considered as trusted by the browser. It will be imported as soon as you will click Finish.

What to do next

Install Cisco Cyber Vision

Install Cisco Cyber Vision

Access the Cisco Cyber Vision installation wizard:

Procedure

Step 1

With your browser, access https://<CENTERNAME>/.

Note

 

Accessing the Center using its name enables HTTPS secure interface. Yet, this requires a DNS or local host configuration to associate the name and the IP address. The Center access through its IP address is possible but the connection is not secure.

Step 2

The setup wizard used for the first access to Cisco Cyber Vision is displayed:

Step 3

Create an admin account:

Step 4

Step 5

Enter the information required.

Note

 

Email will be asked for login access.

Note

 

Passwords must contain at least 6 characters and comply with the rules below. Passwords:

  • Must contain a lower case character: a-z.

  • Must contain an upper case character: A-Z.

  • Must contain a numeric character: 0-9.

  • Cannot contain the user id.

  • Must contain a special character: ~!"#$%&’()*+,-./:;<=>?@[]^_{|}.

Passwords should be changed regularly to ensure the integrity of the platform and the industrial network security.

Note

 

You can reset users using the following command in the Center's CLI:

sbs-db reset-users

Step 6

Accept the software license agreement:

Step 7

Step 8

Finish the installation:

The Center is now correctly installed and Cisco Cyber Vision is ready to operate.

Step 9

Click Start to Explore.

Cisco Cyber Vision installation is now complete.

What to do next

If you aim to use an enterprise certificate, proceed with Configure the user interface security.

If you already installed a self-signed certificate, and if you are installing a Global Center or a synchronized Center, proceed with Configure Center data synchronization.

If you already installed a self-signed certificate, and if you are installing a standalone Center, you can start installing the sensors. To do so, refer to the corresponding Cisco Cyber Vision Sensor Installation Guides.

Configure the user interface security

This section explains how to configure Cisco Cyber Vision user interface security with an enterprise certificate. You will have the option to upload a .p12 or to generate a CSR.

Before you begin

Perform this task if you're planning to use an enterprise certificate. You must install Cisco Cyber Vision beforehand.

Procedure

Step 1

To use an enterprise certificate, navigate to Admin > Center certificate.

Step 2

You can upload a .p12 or generate a CSR.

Upload a p12

Before you begin

The p12 (or Microsoft pfx) file must contain a private key, a password, and the field "X509v3 Subject Alternative Name" must contain the Center DNS name.

Procedure

Step 1

Select Upload a .p12.

Click Please import a PKCS12 file and choose you pfx or p12 file generated from your certification server.

Step 2

Type the certificate password.

Step 3

Click the Import a PKCS#12 file button or drag and drop the file to import it.

Step 4

Click Save.

The following message appears:

Step 5

Click Reload.

Step 6

In your browser, use the DNS name to connect to your Cisco Cyber Vision instance.

The error message does not appear and the connection is secure.
What to do next

If you are installing a Global Center or a synchronized Center, proceed with Configure Center data synchronization.

If you are installing a standalone Center, you can start installing the sensors. To do so, refer to the corresponding Cisco Cyber Vision Sensor Installation Guides.

Generate a CSR

Procedure

Step 1

Select Generate a CSR.

Step 2

Enter the Center FQDN as registered on your DNS server.

Step 3

Click the Generate and download CSR button.

A message indicating that the CSR has been generated is displayed.

Step 4

Click the download button (1).

A <FQDN>.csr file is downloaded.

Step 5

Use the <FQDN>.csr file to generate a pem certificate from your enterprise Certification Authority.

Step 6

Once the pem certificate is generated, return to Cisco Cyber Vision and click the Import a complete PEM bundle button (2) or drag and drop it to import it.

Step 7

Click Save.

The following message appears:

Step 8

Click Reload.

Step 9

In your browser, use the DNS name to connect to your Cisco Cyber Vision instance.

The error message does not appear and the connection is secure.
What to do next

If you are installing a Global Center or a synchronized Center, proceed with Configure Center data synchronization.

If you are installing a standalone Center, you can start installing the sensors. To do so, refer to the corresponding Cisco Cyber Vision Sensor Installation Guides.

Configure Center data synchronization

This step is applicable to the Global Center and its synchronized Centers.

Once the Global Center and its synchronized Centers are installed, proceed to data synchronization, which consists of registering the Center in the Global Center and enrolling the Center to the Global Center. To do so, you need to open each's Cisco Cyber Vision's GUI.


Note
To differentiate each user interface, check the top left corner of Cisco Cyber Vision's "Global Center" or "Center".

Procedure

Step 1

In the Global Center's Cisco Cyber Vision GUI, navigate to Admin > System Management > Management.

Step 2

Click the Register a Center button.

The window "Register a Center" pops up, ready to be filled. Now you must access the Center's GUI to retrieve its fingerprint.

Step 3

In the Center's Cisco Cyber Vision GUI, navigate to Admin > System.

Step 4

Scroll down to Certificate fingerprint and copy it.

Step 5

In the Global Center's GUI, give a name to the Center, and paste the Center's fingerprint into the corresponding field.

Step 6

Click OK.

The Center appears in the list as unenrolled.

At this point you must switch to the Center's GUI and enroll it to the Global Center.

Step 7

In the Center's GUI, scroll down to Enroll a Global Center and click the Enroll button.

The Enrollment window pops up.

Step 8

Copy the Global Center's fingerprint from its GUI's System administration page (same location as the Center's).

Step 9

Enter the Global Center's IP address and click Enroll.

Once the synchronization is complete, it is indicated that the Center is enrolled to the Global Center.