Documentation

1. Overview

Cyberwatch is a Vulnerability Monitoring software.

Its purpose is to facilitate the management of vulnerabilities published by authorities, from detection to decision.

Cyberwatch generates helpful dashboards to assess the IT risk with the appropriate context and to provide decision support.

This section of the software is the technical documentation of Cyberwatch.

2. Use the Assets management module

• 2.1 Assets discoveries
  • 2.1.1 Network scans
  • 2.1.2 LDAP / Active Directory
  • 2.1.3 VMware
  • 2.1.4 Amazon Web Services
  • 2.1.5 OpenStack
  • 2.1.6 DNS
  • 2.1.7 WHOIS public database
  • 2.1.8 Google Cloud Platform
  • 2.1.9 Microsoft Azure
  • 2.1.10 Docker images
  • 2.1.11 Nutanix
  • 2.1.12 Declarative discoveries
  • 2.1.13 Industrial scans
• 2.2 Add an asset
  • 2.2.1 Add an asset in Cyberwatch in agent-based mode
    • 2.2.1.1 Prerequisites for assets monitored in agent-based mode
    • 2.2.1.2 Technical details on Windows agent
    • 2.2.1.3 Technical details on Linux agent
    • 2.2.1.4 Include Cyberwatch agent in a template
  • 2.2.2 Add an asset in Cyberwatch in agentless mode
    • 2.2.2.1 Assets prerequisites for agentless connections
    • 2.2.2.2 Technical information on agentless connections for Linux systems
    • 2.2.2.3 Technical information on agentless connections for Windows systems
    • 2.2.2.4 Use WALLIX for agentless connections
    • 2.2.2.5 Use Conjur for agentless connections
    • 2.2.2.6 Use HashiCorp Vault for agentless connections
  • 2.2.3 Add air-gapped assets through a form
  • 2.2.4 Add a Docker image
  • 2.2.5 Add a network target or a website
  • 2.2.6 Add a cloud project
• 2.3 Differences between “agent-based” and “agentless” modes
• 2.4 Assets status
  • 2.4.1 Communication failure
  • 2.4.2 Reboot needed
• 2.5 Delete an asset
• 2.6 List of supported operating systems
• 2.7 Syntax for assets comments

3. Vulnerability management

• 3.1 Vulnerability scans
• 3.2 Ignore a vulnerability
• 3.3 Deploy a security fix
• 3.4 Reboot an asset
• 3.5 Manually apply a corrective action
• 3.6 Windows cab file usage
• 3.7 List of software monitored by Cyberwatch scans

4. Compliance management

• 4.1 Rules evaluation
• 4.2 Add repositories to assets
• 4.3 Default repositories
• 4.4 Apply a CERTFR_AD analysis to an Active Directory asset
• 4.5 Use the Compliance Custom module
• 4.6 Add benchmarks

5. Encyclopedias

• 5.1 Vulnerability encyclopedia
  • 5.1.1 Vulnerabilities score
  • 5.1.2 Use the vulnerabilities RSS feed
• 5.2 Description of Cyberwatch compliance repositories
• 5.3 Use security issues
• 5.4 Perform a search
  • 5.4.1 Use saved queries

6. Reports

• 6.1 Generate a report
• 6.2 Technical documentation of Elasticsearch indexes
• 6.2 Google BigQuery

7. Settings

• 7.1 Scanning policies
• 7.2 Use custom analyses
  • 7.2.1 Declarative data syntax
• 7.3 Use the criticality policy to prioritize vulnerabilities
• 7.4 Automatically exclude vulnerabilities
• 7.5 Deployment and reboot policies
• 7.6 Manage custom repositories
• 7.7 Rules

8. Manage Cyberwatch users

• 8.1 Manage Cyberwatch users
• 8.2 Manage rights of Cyberwatch users
• 8.3 Permissions
  • 8.3.1 Table of authorized actions for users with limited access to assets
  • 8.3.2 Table of authorized actions for users with global access

9. Cyberwatch API Documentation

• 9.1 Cyberwatch API use
• 9.2 API query using curl
• 9.3 API query in PowerShell

10. Administration

• 10.1 Configure a LDAP directory
• 10.2 Configure the SAML Service Provider
  • 10.2.1 SAML configuration example using ADFS
• 10.3 Authentication through OpenID Connect
• 10.4 Integrations
• 10.5 Configure Cyberwatch to use a remote Syslog server

11. Administration of the Cyberwatch software

• 11.1 Reboot/Update Cyberwatch
• 11.2 Release frequency and support lifecycle of updates

12. Advanced guides for the administration of the Cyberwatch software

• 12.1 Description of cbw-on-premise services
• 12.2 Update the base of the orchestrator
  • 12.2.1 Update the base of the orchestrator Swarm
  • 12.2.2 Update the base of the orchestrator MicroK8s
• 12.3 Troubleshooting
  • 12.3.1 Troubleshooting procedure
  • 12.3.2 Consult Cyberwatch logs
  • 12.3.3 Get a shell on Cyberwatch software
  • 12.3.4 Troubleshooting MicroK8s
• 12.4 Docker configuration
  • 12.4.1 Change the IP range used by Docker
  • 12.4.2 Containers isolation by namespace
  • 12.4.3 Automatically clean containers logs
• 12.5 Advanced configuration of Cyberwatch web front end server
  • 12.5.1 Change the TLS certificate of Cyberwatch
  • 12.5.2 Expose only the api on a node
  • 12.5.3 Change the port on which the Cyberwatch instance is accessible
  • 12.5.4 Configure TLS with LetsEncrypt and Certbot
• 12.6 Advanced configuration and administration of Cyberwatch database
  • 12.6.1 Fix a corrupted database
  • 12.6.2 Procedure to backup and restore Cyberwatch
  • 12.6.3 Use an external database
• 12.7 Offline administration guides
  • 12.7.1 Update Cyberwatch with Swarm
  • 12.7.2 Import or update the vulnerability database with Swarm
  • 12.7.3 Update Cyberwatch with MicroK8s
  • 12.7.4 Import or update the vulnerability database with MicroK8s
  • 12.7.5 Update the base of the orchestrator Swarm when offline
• 12.8 Procedure to change the hostname of a Cyberwatch node
• 12.9 Migrate Cyberwatch from Docker Swarm to MicroK8s

13. Changelog

Changelog of the Cyberwatch software

14. Technical support

For any technical question, please contact the Cyberwatch support:

• by e-mail at support@cyberwatch.fr
• by phone at +33 1 84 80 88 84

15. Newsletter

A newsletter alerting about publication of new Cyberwatch releases can be automatically sent to users.

The newsletter includes the changelog of updates and tips on how to use new features.

To subscribe to this newsletter, please fill this form with your e-mail address.