Cybot™ Platform

Cybot™ Platform

CYBOT™ is a one-of-a-kind platform that is custom-built to fit needs of enterprises with critical infrastructure. It acts as a cyber security foundation for organizations that requires deep visibility into their infrastructure with a multilayer approach that enable timely automated hunting, detection, reporting information at granular level and timely automated incident response to threats, CYBOT™ collects and processes structured and unstructured data logs from the entire enterprise endpoints, servers, network, cloud platforms etc. CYBOT™ is the only solution that combines the power of Big data analytics engine, Intelligent Hunt & Investigation of threats, UEBA , Threat Intelligence and Compliance in one platform that is seemingly integrated, connected, and customized along with threat intelligence at Strategic, Operational and Tactical level to customers 

Downloading the OVA

  1. The download link for the ova will be shared by the ActiveBytes Support team.
  2. Download the OVA and proceed to import the OVA using your preferred hypervisor.

Importing the OVA – Hypervisor

Deploy a Virtual Machine from an OVA File. Allocate resources according to the VM as per the hardware prerequisite.

Configuration.

Once the installation is complete, login to the workstation with the user name and password which will be provided by the CyBot support team.

  1. Power on the machine.
  2. Click on the machine.
  3. Enter the username and password to login the Virtual Machine provided by Cybot Support

 

Setting the IP for Virtual Machine

In-order to SSH into the VM via any SSH Client, assign an IP address to the VM.

To Configure IP address, you can navigate to "Configure IP in Cybot™ Platform". This document will guide you to configure IP address in the Virtual Machine. 

   

Setting up the host name

Once the IP address is assigned for the VM, configure the preferred host name for the data lake.

  1.  Check current host-name
            >>> hostnamectl
  1. Change hostname
            >>> sudo hostnamectl set–hostname <newhostname>
  1.    Apply the changes
            >>> sudo reboot (this will reboot the machine)
  1. Check the hostname again using
            >>> hostnamectl

Partitioning / Mounting the Hard disk.

The ideal design for setting up a data lake will include 2 hard disk, one dedicated for the OS and the other for the data which is stored in data lake.

Mounting steps

Check disk partition
      >>> lsblk

To create a mounting path for the hard disk, follow the below steps

      >>> mkfs.ext4 <hard disk name>
               Sample: mkfs.ext4 /dev/sdb

      >>> mkdir /mnt/<provide a folder name>
              Sample mkdir /mnt/cyb_datalake

      >>> mount  <hard disk name>
             Sample: mount /dev/sdb   /mnt/cyb_datalake


Recheck the disk partition and you should be able to see the mount point for the hard disk:
      >>> lsblk

                                    

Cybot™ Platform Configuration

CYBOT™ is the only solution that combines the power of Big data analytics engine, Intelligent Hunt & Investigation of threats, UEBA , Threat Intelligence and Compliance in one platform that is seemingly integrated, connected, and customized

To configure any changes to modify the IP address or port you may change in the configuration file as shown below.

>>>> nano /home/cybot/opensearch-x.x.x/config/opensearch.yml​

                        

  1.  To change the IP address or port where the Cybot Platform must run, you need to provide the IP address and port for the respective parameters                  

network.host: localhost (Recommended)

network.port: 9200 (Recommended)


                        
               
  1.  Add the newly added mounting path in the Cybot Platform for storing the data and logs under the following parameters.

path.data: /mnt/<path to mount point>/cybot/data

path.log: /mnt/<path to mount point>/cybot/log

                        


  1. Each time a configuration is changed in the opensearch.yml file, you will have to restart the Cybot engine service for the changes to be reflected.
  2. Before running as a service if you want to run manually to check if your configurations are working, please use the following commands:

>>>> su cybot

>>>> cd /home/cybot/opensearch-x.x.x/                            

>>>> bin/opensearch

                        

            







  1. For restarting the service, please find the following command:

                              >>>> systemctl restart cybot

License Activation

License activation is a process that typically applies to Cybot Platform and is designed to ensure that the user has the appropriate rights and permissions to subscribed modules in Cybot™.

To activate Cybot platform license, you will need the following parameters that will be provided by the Cybot Support Team.
  1. License Key
  2. Tenant ID

            For generating License Key, we will require the platform_uid of the Cybot Machine. Follow the steps to acquire the  Platform UID:
                        >>>> cat /etc/cybot/platform/platform.conf

             Provide the platform_uid from the file to the Cybot Support Team to generate License.

To activate the license, please proceed by following the steps outlined below.
            >>>> cd /home/cybot/
            >>>> bash add_tenant.sh

Input the License Key and Tenant ID when prompted and press Enter:


Note: This may take some time.


License will be activated according to the Validity. Subscribed modules and packages required for the Cybot Platform will now be configured.



Services for Cybot™ Platform

To utilize Cybot as intended, it's necessary to initiate all these services. Multiple services are provided to enable the functionality of various modules within the Cybot™ Platform.

Cybot Engine as Service

This service facilitates the operation of the Cybot Platform, ensuring it is up and running smoothly. Execute the following commands to restart the Services.
      >>>> systemctl restart cybot.service

Cybot Investigate as Service

This service facilitates the operations of the Investigate Module. Execute the following commands to restart the Services.
        >>>> systemctl restart cybot-inv.service

Cybot Hunter as Service

This service facilitates the operations of the Hunter Module. Execute the following commands to restart the Services
        >>>> systemctl restart cybot-h.service

Cybot UEBA as Service

This service facilitates the operations of the UEBA Module. Execute the following commands to restart the Services
        >>>> systemctl restart cybot-ueba.service

    • Related Articles

    • Configure IP in Cybot™ Platform

      Login to the Cybot machine via SSH. Once logged in successfully to Cybot machine, please find the following steps to assign IP address to Cybot. Enter as root user in the console using the following command. >>>> sudo –s Provide the password for the ...

    • About CYBOT™

      Introduction to CYBOT™ CYBOT™ is a cutting-edge solution developed by ActiveBytes Innovations to address the challenges posed by the overwhelming volume and complexity of logs generated in today's enterprise landscape. This groundbreaking platform ...

    • CYBOT™ Architecture

      This document will offer a deep dive into the intricate components that form the foundation of CYBOT™ architecture. Understanding its architecture is essential for developers, researchers, and enthusiasts looking to harness its potential. Components ...

    • Cybot™ Log Collector

      Installation steps to deploy Datalake Engine and Datalake-UI Downloading the OVA The download link for the ova will be shared by the ActiveBytes Support team. Download the OVA and proceed to import the OVA using your preferred hypervisor. Importing ...

    • Cybot Analytical Engine Installation

      Cybot Analytical Engine Installation This guide will lead you through the process of deploying a Cybot Analytical Engine. Downloading the OVA The download link for the ova will be shared by the ActiveBytes Support team. Download the OVA and proceed ...