Description of Cyberwatch services

The Cyberwatch software is based on Docker images. It is possible to use Docker swarm or Kubernetes as an orchestrator to manage the containers. These containers provide a set of services working and communicating together that make up for the main functions of the software suite.

This documentation lists and describes all services necessary for the Cyberwatch suite, and also indicates their presence on Cyberwatch servers depending on the architecture type deployed.

The status of these services can be consulted from the Cyberwatch server, with the following command:

sudo cyberwatch status

If one service is not running, consult its logs.

Description of each service

db
MariaDB database in which the application data is stored.
nginx
Web server responsible for the interface between the application and the outside world. The service redirects requests to the appropriate container (web, kibana, third_parties).
web
Olympe container responsible for processing web requests.
sidekiq
Olympe container responsible for the execution of jobs in asynchronous mode. The service run all tasks that do not need to be performed on a particular scanner.
sidekiq_node
Similar to sidekiq but used to perform tasks on a particular scanner. In particular, the service is responsible for connecting to supervised machines in agentless mode.
cron
Application task scheduler.
redis
RAM database used for the task stack.
cache
RAM database used for the application’s cache.
elasticsearch
Container responsible for Elasticsearch indexes.
kibana
Visualization tool to create custom dashboards.
web_scanner
Network and website target scan engine.
third_parties
Container containing the Windows cab file.

Services expected on each node

ServiceMaster nodeIndependent satellite nodeIntegrated satellite node (Swarm)
db  
nginx
web
sidekiq 
sidekiq_node
cron  
redis  
cache 
elasticsearch  
kibana  
web_scanner 
third_parties(1)(1)(1)

(1) Only on offline nodes.