Crystal Eye Quick-Start Guide

Overview

The Crystal Eye XDR appliance has extended capabilities to offer protection against advanced cyber security threats. It implements high-end security policies that are meant to safeguard databases and computers running on the local area network (LAN).

Basic deployment of the Crystal Eye XDR requires a standard physical setup to be done and then the appliance needs to go through a registration process also known as the ‘first boot configuration’.

Basic Physical Setup

Moving forth with the Crystal Eye installation, the CE XDR administrator must first connect the CE XDR appliance’s LAN ports to LAN networks and the WAN port to the internet.

CE XDR Placed Behind a Router

If you have an ISP router as the gateway network appliance for your network, then its recommended to have the router to be set to bridge mode. Then connect any of the LAN port of the router with the WAN port of the Crystal Eye XDR. Please note that in some cases your ISP will set a particular LAN port to bridge mode.

Once the WAN port of the CE XDR is connected to the internet, ensure that you connect your laptop with LAN1 port.

Once the physical set-up of the CE XDR has been done, the administrator must open the browser of a computer which has been connected to the CE XDR appliance and access https://10.10.1.1:81. The administrator will then be directed to the CE XDR login page where the default user credentials must be entered to finally access the ‘First Boot Configuration Wizard’.

The CE XDR administrator will now be presented with some configuration options. These options include various Network Based Settings, Registration of the Crystal Eye Box with Red Piranha’s online store, Automatic Software Updates, Basic Configuration settings such as Date and Time, Storage Manager, Incident and Event Services (SIEM), Risk Auditing Settings, and downloading of apps from the marketplace.

Step-by-Step Configuration

Every Crystal Eye XDR appliance must have its LAN port connected to the computer in the LAN network and the WAN port connected to the router. By doing this the Crystal Eye appliance becomes the centre of the entire network providing flawless cyber security. Once the CE XDR is physically set-up, the administrator must access https://10.10.1.1:81 through the browser and then enter the default log in credentials. The default admin credentials are username – admin and password – admin.

The CE administrator will now be directed to the web interface of the First Boot Configuration Wizard. The wizard would essentially help to configure the Crystal Eye XDR appliance at the start level. The configuration options that the CE administrator will come across in the first boot configuration wizard are Network Based Settings, Registration of the Crystal Eye XDR appliance with Red Piranha’s online store, Automatic Software Updates, Basic Configuration settings such as Date and Time, Storage Manager, Incident and Event Services (SIEM), Risk Auditing Settings, and downloading of apps from the marketplace.

The following steps explain the various configuration settings that is done by the CE administrator during the ‘First Boot Configuration Wizard’.

Network Settings

The Network Settings is the first section of the wizard and allows the user to change the default admin password, and view and edit various network interface settings.

The Network Settings section has three sub-section pages namely:

1. Getting Started: This page provides some useful links and information of the CE XDR.
2. Change Password: This page allows CE administrators to change the default passwords of the CE XDR.
3. Network Interfaces: This page allows CE administrators to create Virtual Interfaces, Virtual LAN interfaces, PPPoE Interface and Wi-Fi interface. Default security zones can be assigned to ethernet interfaces of the CE XDR. Apart from this some of the other settings that can be controlled through this page are Protocol Type, Maximum Transmission Unit, Virtual Interface on WAN interface, and Netmask. The speed on the WAN interface can also be detected on this page.
4. DNS Servers: This page provides information on the successful DNS lookup. You may also learn about Red Piranha’s DNS.Insure platform used by the Crystal Eye XDR.

Getting Started

Step 1: The first step of the wizard is to read the details provided in the Getting Started page. Read the Getting Started page and click the Next button.

Change Password

Step 2: Change the default admin password, click the Change Password button, and then click the Next button.

Network Interface

Step 3: Network Interface page will show you current network status for the ethernet interfaces under the Settings section. Click the Next button.

DNS Servers

Step 4: You will now see the DNS Servers page. Please wait while Crystal Eye runs a DNS test and once the test is completed, you will see a success message. Now, proceed to the next page by clicking the Next button.

Registration

The Registration section allows the administrator to register the CE XDR appliance with the Red Piranha Store so that it has access to the Marketplace. The Marketplace is where the applications and its latest versions are found.

System Registration

Step 5: You will now be directed to the System Registration page where you’ll see the registration information loading.

Step 6: Once the registration information is loaded click the Register System button.

Step 7: You will now see the system registration form.

• Enter the Red Piranha account e-mail
• Enter Password
• Enter the System Name
• Click the Register System button and then click the Next button

Step 8: You will now see the License Status page where you would have to activate the license. Review the system registration details, select the relevant license type, and click the Activate License button.

Step 9: You will now see the license activated. Click the Next button.

Configuration

The Configuration section allows the administrator to manage critical settings such as assigning date and time, managing storage of user data, setting incident and event services (SIEM), and detecting risks.

Date and Time

The Date and Time setting plays vital role in rolling out time specific functionalities of applications and services in the Crystal Eye. The configuration process includes setting up the correct time zone information and an accurate clock. The administrator can easily select the time zone from the relevant dropdown and enable automatic synchronization of the date and time.

Step 10: In the Settings Section of the Date and Time page, select the Time Zone from the dropdown, click the Update button and click the Next button.

Storage Manager

Crystal Eye requires significant storage space for user data. The Storage Manager provides a way to isolate this user data on a separate partition in the Crystal Eye XDR appliance.

Step 11: After the initializing process is completed, you will see the External Storage and System Storage details. Review the Devices section to know the size of the storage and know whether its in use.

Note: Click the View Details button to know more details about the storage device such as its model, size, file system etc. In the screenshot below we have clicked the View Details button next to External Storage.

Incident and Event Services (SIEM)

The Incident and Event Services (SIEM) section of the first boot configuration wizard helps to manage various settings that defines the levels of security analysis done by Red Piranha’s Security Operations Team. Crystal Eye offers three security service levels namely, Level – 1 Gold, Level 2 - Silver and Level 3 - Platinum. The system would also prompt the user to feed in the primary and secondary contact details which would be used to contact the users by Red Piranha Security Operations Team for various security related correspondences.

Step 11: In the Incident and Event Services (SIEM) section, select appropriate SIEM Level according to your subscription, click the Update button.

Step 12: Enter the Primary Contact Information, Secondary Contact Information, select the Preferred Method of Contact, click the Submit button and then click the Next button.

Marketplace

The Marketplace section is where you can add new apps and services to your system. Apps available in the Marketplace have gone through a stringent quality control process to ensure the quality and security of each submission.

App Selection

The Marketplace section is where you can add new apps and services to your system. Apps available in the Marketplace have gone through a stringent quality control process to ensure the quality and security of each submission.

Step 13: You will now see the Application Selection page. Click the Select for Install button under the applications of your choice and click the Next button. You may explore the applications for installation under five categories namely, System Configuration, Security Configuration, Network Control, Compliance Controls and Reports.

App Review

In this section, you will see an installation table for all the apps that you have selected. You may review the apps that you want to install here.

Step 14: In the Application Review page under the App Install List, click the Download and Install button to proceed with the installation of the apps.

Step 15: You will now see the Marketplace Order Processing message.

Download and Install

Step 16: You will now see the Application downloading in progress.

Step 17: You will now see the Installation Completed message after the installation is completed. Click the Next button.

Risk Auditing

The Risk Auditing feature audits system/process for critical security controls and identifies risks. This section facilitates quick security controls assessment which helps in identifying various risks that have a negative impact on the company/business/organization.

Step 18: In the Risk Auditing page, click the Select Critical Security Controls button.

Note: Click the Next button to see the conformation message and then click Confirm button to proceed further.