Cyberwatch Documentation

1. Overview

Cyberwatch is a Vulnerability Monitoring software.

Its purpose is to facilitate the management of vulnerabilities published by authorities, from detection to decision.

Cyberwatch generates helpful dashboards to assess the IT risk with the appropriate context and to provide decision support.

This section of the software is the technical documentation of Cyberwatch.

All Cyberwatch technical requirements can be found in this section.

2. Use the Assets management module

• 2.1 Assets discoveries
  • 2.1.1 Network scans
  • 2.1.2 LDAP / Active Directory
  • 2.1.3 VMware
  • 2.1.4 Amazon Web Services
  • 2.1.5 OpenStack
  • 2.1.6 DNS
  • 2.1.7 WHOIS public database
  • 2.1.8 Google Cloud Platform
  • 2.1.9 Microsoft Azure
  • 2.1.10 Docker images
  • 2.1.11 Nutanix
  • 2.1.12 Declarative discoveries
  • 2.1.13 Industrial scans
• 2.2 Presentation of different Cyberwatch scan modes
• 2.3 Add an asset
  • 2.3.1 Cyberwatch agent
    • 2.3.1.1 Add an asset in Cyberwatch in agent-based mode
    • 2.3.1.2 Prerequisites for assets monitored in agent-based mode
    • 2.3.1.3 Technical details on Windows agent
    • 2.3.1.4 Technical details on Linux agent
    • 2.3.1.5 Technical details on macOS agent
    • 2.3.1.6 Include Cyberwatch agent in a template
    • 2.3.1.7 Use the Cyberwatch agent command line
  • 2.3.2 Agentless connections
    • 2.3.2.1 Add an asset in Cyberwatch in agentless mode
    • 2.3.2.2 Assets prerequisites for agentless connections
    • 2.3.2.3 Troubleshoot errors when adding an agentless connection
    • 2.3.2.4 Technical information on agentless connections for Windows systems
    • 2.3.2.5 Technical information on agentless connections for Linux systems
    • 2.3.2.6 Use WALLIX for agentless connections
    • 2.3.2.7 Use Conjur for agentless connections
    • 2.3.2.8 Use CyberArk CCP for agentless connections
    • 2.3.2.9 Use HashiCorp Vault for agentless connections
    • 2.3.2.10 Import agentless connections using an XLSX file
    • 2.3.2.11 Agentless connection information for industrial device
    • 2.3.2.12 Using AWS SSM to create agentless connections
  • 2.3.3 Add air-gapped assets through a form
  • 2.3.4 Add a Docker image
  • 2.3.5 Add a network target or a website
  • 2.3.6 Add a cloud project
  • 2.3.7 Add a Kubernetes project
• 2.4 Assets status
• 2.5 Delete an asset
• 2.6 List of supported operating systems
• 2.7 Syntax for assets comments

3. Vulnerability management

• 3.1 Vulnerability scans
• 3.2 Ignore a vulnerability
• 3.3 Deploy a security fix
• 3.4 Reboot an asset
• 3.5 Manually apply a corrective action
• 3.6 Windows cab file usage
• 3.7 List of software monitored by Cyberwatch scans
• 3.8 List of optional Cyberwatch scans

4. Compliance management

• 4.1 Rules evaluation
• 4.2 Add repositories to assets
• 4.3 Default repositories
• 4.4 Apply a CERTFR_AD analysis to an Active Directory asset
• 4.5 Use the Compliance Custom module
• 4.6 Add benchmarks

5. Encyclopedias

• 5.1 Vulnerability encyclopedia
  • 5.1.1 Vulnerabilities score
  • 5.1.2 Use the vulnerabilities RSS feed
• 5.2 Description of Cyberwatch compliance repositories
• 5.3 Use security issues
• 5.4 Perform a search
  • 5.4.1 Use saved and recent queries

6. Reports

• 6.1 Generate a report
• 6.2 Technical documentation of Elasticsearch indexes
• 6.2 Google BigQuery

7. Settings

• 7.1 Scanning policies
• 7.2 Use custom analyses
  • 7.2.1 Declarative data syntax
• 7.3 Use the criticality policy to prioritize vulnerabilities
• 7.4 Automatically exclude vulnerabilities
• 7.5 Deployment and reboot policies
• 7.6 Manage custom repositories
• 7.7 Rules
• 7.8 Groups

8. Users

• 8.1 Manage Cyberwatch users
• 8.2 Manage rights of Cyberwatch users
• 8.3 Permissions
  • 8.3.1 Table of authorized actions for users with limited access to assets
  • 8.3.2 Table of authorized actions for users with global access
• 8.4 Password-less accounts and use cases

9. Administration

• 9.1 Configure a LDAP directory
• 9.2 Configure the SAML Service Provider
  • 9.2.1 SAML configuration example using ADFS
• 9.3 Authentication through OpenID Connect
• 9.4 Integrations
  • 9.4.1 Configuring a Microsoft Teams integration
  • 9.4.2 Setting up integration with ServiceNow
• 9.5 Configure Cyberwatch to use a remote Syslog server
• 9.6 Using Gravatar

10. Cyberwatch API Documentation

• 10.1 Cyberwatch API use
• 10.2 API query using curl
• 10.3 API query in PowerShell

11. Administration of the Cyberwatch software

• 11.1 Description of cbw-on-premise services
• 11.2 Reboot/Update Cyberwatch
• 11.3 Update the base of the orchestrator
  • 11.3.1 Update the base of the orchestrator Swarm
  • 11.3.2 Update the base of the orchestrator MicroK8s
  • 11.3.3 Update orchestrateur base
• 11.4 Advanced configuration of Cyberwatch web front end server
  • 11.4.1 Change the TLS certificate of Cyberwatch
  • 11.4.2 Expose only the api on a node
  • 11.4.3 Change the port on which the Cyberwatch instance is accessible
  • 11.4.4 Configure TLS with LetsEncrypt and Certbot
• 11.5 Advanced configuration and administration of Cyberwatch databases
  • 11.5.1 Fix a corrupted database
  • 11.5.2 Procedure to backup and restore Cyberwatch
  • 11.5.3 Use an external database
  • 11.5.4 Use an external redis server
• 11.6 Docker configuration
  • 11.6.1 Change the IP range used by Docker
  • 11.6.2 Containers isolation by namespace
  • 11.6.3 Automatically clean containers logs
• 11.7 Offline administration guides
  • 11.7.1 Update Cyberwatch with Swarm
  • 11.7.2 Import or update the vulnerability database with Swarm
  • 11.7.3 Update Cyberwatch with MicroK8s
  • 11.7.4 Import or update the vulnerability database with MicroK8s
  • 11.7.5 Update Microk8s
  • 11.7.6 Update the base of the orchestrator Swarm when offline
• 11.8 Kubernetes
  • 11.8.1 MicroK8s
  • 11.8.2 Update Cyberwatch application on Kubernetes
• 11.9 Advanced administration of Cyberwatch
  • 11.9.1 Advanced use of the cyberwatch command
  • 11.9.2 Procedure to change the hostname of a Cyberwatch node
  • 11.9.3 Migrate a Cyberwatch instance to another server
  • 11.9.4 Configure the number of concurrent jobs executed by the application
  • 11.9.5 Configure the resource limitations of containers
• 11.10 Troubleshooting
  • 11.10.1 Troubleshooting procedure
  • 11.10.2 Consult Cyberwatch logs
  • 11.10.3 Get a shell on Cyberwatch software
  • 11.10.4 Performance issues and Sidekiq UI interface
  • 11.10.5 Troubleshooting MicroK8s

12. Cyberwatch deployment

Cyberwatch deployment guides

13. Changelog

• Changelog of the Cyberwatch software
• Changelog of the base of the orchestrator
• Changelog of the Cyberwatch agent
• Release frequency and support lifecycle of updates

14. Technical support

For any technical question, please contact the Cyberwatch support:

• by e-mail at support@cyberwatch.fr
• by phone at +33 1 84 80 88 84

15. Newsletter

A newsletter alerting about publication of new Cyberwatch releases can be automatically sent to users.

The newsletter includes the changelog of updates and tips on how to use new features.

To subscribe to this newsletter, please fill this form with your e-mail address.