Administration

This chapter provides general information that is useful for Administrators. It includes the following topics:

Login Names and Passwords (Default)

The default login names and passwords are listed in the following table:

User

Login/Password

OpAdmin and Shell User

Use the initial Threat Grid/TGSH Dialog randomly generated password, and then the new password entered during the first step of the OpAdmin configuration workflow.

If you lose the password, follow the instructions in Reset Administrator Password.

Threat Grid Web portal UI Administrator

Login: admin

Password: Initialize with the first OpAdmin password, and then it becomes independent.

CIMC

Login: admin

Password: password

Reset Administrator Password

The default administrator password is only visible in the TGSH Dialog during the initial appliance setup and configuration. Once the initial configuration is completed, the password is no longer displayed in visible text.


Note

LDAP authentication is available for TGSH Dialog and OpAdmin login when you have multiple administrators. If the appliance is configured for LDAP authentication only, resetting the password in recovery mode will reconfigure the authentication mode to allow login with system password as well.

If you lose the administrator password and are unable to login to OpAdmin, complete the following steps to reset the password.

Procedure

Step 1

Reboot the Threat Grid Appliance and immediately select Recovery Mode from the Recovery Options.

Figure 1. Boot Menu - Recovery Mode

The Threat Grid Shell opens.

Figure 2. Threat Grid Shell in Recovery Mode
Step 2

Run passwd to change the password.

Figure 3. Enter New Password
Note 

The command prompt is not always visible in this mode and logging output may be displayed at any point on top of your input. This does not affect input; you can keep typing blindly. Ignore the two lines of logging output.

Step 3

Enter (blindly) the password and press Enter.

Step 4

Re-type the password and press Enter.

Note 

The password will not be displayed.

Step 5

Type reboot and press Enter to start the appliance in normal mode.

Note 

As of v2.10, the exit command is no longer required before rebooting for a password reset to take effect.

Install Updates

Before you can update the Threat Grid Appliance with newer versions, you must have completed the initial setup and configuration steps as described in the Cisco Threat Grid Appliance Setup and Configuration Guide.


Note

If you have a new Threat Grid Appliance that shipped with an older version of software and want to install updates, you must first complete the initial configuration. Updates will not download unless the license is installed, and may not apply correctly if the Threat Grid Appliance has not been fully configured, including the database.

The following considerations should be observed when installing updates:

  • Threat Grid Appliance updates are applied through the OpAdmin Portal.

  • If the update server sends an update, the client moves all the way forward to that version. It's not always possible to skip interim releases; when not possible, the update server will require the appliance to install the release before it can download the next update.

  • If the server allows you to download a version, you are eligible to move to that version directly; that is, with no intervening reboots beyond those needed for a single upgrade.

  • Updates are one-directional: you cannot revert to a previous version after you upgrade to a more recent version.

  • Users with air-gapped implementations may contact Threat Grid Support to request a downloadable update boot image.

For instructions on installing updates, see the Install Threat Grid Appliance Updates section in the Cisco Threat Grid Appliance Setup and Configuration Guide.

Updates Port

The Threat Grid Appliance downloads release updates over SSH, port 22.

  • Release updates can also be applied from the textual (curses) interface, not just from the web-based administrative interface (OpAdmin).

  • Systems using DHCP need to explicitly specify DNS. An upgrade of a system without a DNS server explicitly specified will fail.

Troubleshoot Updates

A database upgrade not successful message means that a new Threat Grid Appliance is running an older version of PostgreSQL and the automated database migration process failed. It is critical that this be fixed prior to any upgrade to v2.0.

See Cisco Threat Grid Appliance Release Notes v2.0.1 for more information.

Database Schema Updates

Historically, on standalone appliances, database migrations associated with updates occurred while the system was offline in single-user mode, except in a cluster, where the updates occurred after the first upgraded node came back online. (The exception to this was for unusually long updates that could be run in the background, which were handled on a case-by-case basis.)

Threat Grid Appliance (v2.5.0 and later) updates the database schema after the system finishes reboot, which may cause the boot process to take slightly longer. (Very long reboots continue to be handled on a case-by-case basis.)

In prior releases, non-clustered systems with backup support enabled would make a best-effort attempt to operate correctly when their NFS server was down. Due to changes in ElasticSearch functionality, we can no longer guarantee this behavior.

Background Elasticsearch index migration to ES6-native indexes is enabled in v2.7.2 and later. This migration must successfully complete before any version of the Threat Grid Appliance which requires Elasticsearch 7.0 or newer is installed.


Note

Elasticsearch index migration may cause substantial delays in the NFS backup process, causing related warnings. These warnings should be disregarded, as service notices indicate that index migration is actively ongoing. You should only raise a ticket with Support if the index migration process fails to make progress over an extended period.