Skip to content

Management

Managing dashboards

Dashboards page allows you to granularly configure dashboards appearance and behaviour in Dashboards module. To access the page, go to Settings > Management > Dashboards. All objects in your CYBERQUEST instance are listed here.

Alt Image

Dashboards can be exported Alt Image and imported Alt Image, edited Alt Image, or deleted Alt Image.

To create a dashboard, press Alt Image button. A window will open that allows for dashboard configuration:

Alt Image

Save Dashboard window opens.

Press "Save" to save your changes and close the window, or "Cancel" to close the window without saving.

Managing filters

Filters page allows you to modify predefined filters or create new ones. To access the page, go to Settings > Management > Filters.

Alt Image

To edit and existing filter press Alt Image, or create a new one select Alt Image in Action menu. Edit Filter configuration page opens.

Alt Image

All predefined filters have queries built on compliance standards. Editing these usually involves advanced knowledge on building queries. As a general recommendation, it is advisable to always create a new filter based on an existing one and test before introducing to production.

When you finished creating or editing the filter, press "Save" button to save changes.

Managing objects

Objects Management page allows you to modify predefined objects or create new ones. To access the page, go to Settings > Management > Objects.

Alt Image

Anything can be an object: users, computers, IP addresses, an IP address range, network equipment and so on. Most objects are created automatically. For example, when logging in with a new Windows domain account, the correspondent object is also created.

New objects can be created also manually, or by importing from a CSV file. Once added to the system, they can be edited by pressing Alt Imagebutton. The list of editable attributes is limited (name, value, corresponding object list). Their role in the platform is to provide the needed display consistency in lists, making easier for an administrator to correctly identify the target of their investigations.

Agent Manager

Agent Manager page allows you to register a new agent and manually with download windows agent. To access this page, go to Settings > Management > Agent Manager.

Alt Image

  • Edit agent settings Alt Image: allows you to edit the agent configurations.

  • Set status manually deploy and not deployed Alt Image: Allows you to choose the status for the agent between two options: Manually deploy & not deployed.

  • Start agent service Alt Image: starts CYBERQUEST agent from target machine.

  • Stop agent service Alt Image: stops CYBERQUEST agent from target machine.

  • Uninstall service Alt Image: uninstall the agent service.

The register new agent button is for deploying the CYBERQUEST agent on Windows or Linux operating systems.

For more details about how to register a new agent, please access the link below: Collecting with CQ Windows agent.

Download windows agent - download the latest version of the CYBERQUEST agent. The agent must be installed on a Windows target machine and the file will be downloaded as “AgentSetup.msi”.

Fore more details how to manually deploy the agent please follow the link: How to manually deploy the agent

Data Source Manager

Data Source Manager page alows you to add data sources. To access this page, go to Settings > Management > Data Sources Manager. All data sources in your CYBERQUEST instance are listed here.

Alt Image

  • Bulk Clone Alt Image : Clone the current data source settings for each element of the field “Bulk Clone”;
  • Clone Alt Image : Clone the data source;
  • Edit Alt Image : Edit the data source;
  • Delete Alt Image : Delete the data source;

To add a new data source, press Alt Image button. A window will open allowing you to select the desired data source from a predefined list.

Alt Image

Complete with the below form and press "Save" button to save changes, or "Cancel" button to close the window without saving.

Select datasource button Alt Image reveals a menu with the following buttons Alt Image:

  • Assign Agent Alt Image : You can assign multiple agents to data sources. Select the desired data sources using the checkbox on the left, press the "Assign Agent" button and select the desired agent that will collect data and send to CYBERQUEST.
  • Unassign Agents Alt Image : Unassign the agent or agents for multiple data sources. Select the desired data sources using the checkbox on the left and click the "Unassign Agents" button that will stop collecting data from the selected data source.
  • Bulk delete Alt Image : Delete multiple data sources. Select the desired data sources using the checkbox on the left and click the “Bulk delete” button.
  • Close selection Alt Image : Close the menu.

To check how to add/collect data from different types of datasources, please follow the link:

Credential Manager

Credential Manager allows you to create a set of credentials which is using for collecting data. Windows agent needs an account with administrative rights to collect data. To access this page, go to Settings > Management > Credential Manager.

On this page you can add new credential / edit / delete access credentials for collection agents.

Alt Image

To edit the credentials, press Alt Image button. This process is almost identical to adding credentials.

You can also delete the credentials by pressing Alt Image button.

To create credentials press the Alt Imagebutton and complete the form:

Alt Image

Name:  This is the name given to the credentials. More than one set of credentials can be created.

Username/Email:  Username or Email.

Password:  add a Password.

Confirmation Password: You have to confirm the password.

Domain: The domain name, if there is a case of using a domain user.

Notes: We can add details about credentials.

Click the "Save" button to confirm the creation of your credentials or you can cancel by pressing the "Cancel" button.

Vulnerability Manager

Vulnerability Assessment Module: provided by integration with OpenVAS (https://www.openvas.org/). It's a full-featured vulnerability scanner.

The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates. To see more information about Vulnerability Manager function, please follow the link: Vulnerability Manager.

Tag Alias

Tag Alias is a function that allows parsing events using a parser other than the original one given by the data server.

To see more information about this function, please follow the link: Tag Alias