The Orchestrate platform is part of the Crystal Eye XDR ecosystem allowing Red Piranha Partners to monitor real time CE XDR metrics of multiple deployments of their clients from a centralized platform.
The Orchestrate dashboard unifies security operations ensuring a centralized approach while dealing with organizational threats. This is made possible with the orchestrate platform’s ability to collect data from multiple Crystal Eye XDRs deployed across the organization. The data collected from these deployments are visualized in dynamic Orchestrate dashboards providing security analysts and risk advisors greater network visibility and an opportunity to decrease the mean time to respond to threats.
The Orchestrate platform also facilitates security automation providing the required leverage to SOC teams and teams acting at a risk advisory level to detect, respond and treat organizational threats through a centralized platform.
Go to https://store.redpiranha.net/ and log in using your Orchestrate dashboard credentials.
The partner orchestrate account can be used to monitor and manage multiple client CE XDRs.
The following are some CE XDR related functions that can be performed with the help of the Partner orchestrate Account:
Partner’s Orchestrate accounts can also be used to order integrated CE XDR services for their clients. These integrated CE XDR services include:
Partner’s Orchestrate accounts can also be used to order CE XDR Products for their clients. These CE XDR products include:
The Refer & Earn module in the Partner Orchestrate Account allows Red Piranha partners to send invites to potential clients to create an Orchestrate account. The My Commission Module states the commissions earned on the sale of CE XDR products and services.
Self-managed Orchestrate accounts allows its users to perform and monitor a list of Crystal Eye XDR related functions. This account type allows multiple CE XDR deployments to be monitored from a single platform. It also allows to view the report repository of all these CE XDR deployments, purchase CE XDR integrated services and standalone services.
Backup, Digital Forensics, ECISO Incident Response, Threat Hunting & PCAP Services, and Vulnerability Scanning
Consulting services: Book security consulting services with our team of security professionals Digital Forensics: Order Digital Forensic services if you’ve experienced a security breach Incident Response: Order Incident Response capability if you’ve experienced a security breach Network Engineering Services: Order Network Engineering services to assist with deployments Security Training: Keep staff up-to-date on the latest security threats and company policies vCISO: Order the virtual CISO service to help develop your security program VPN: Order a stand-alone secure Virtual Private Network Vulnerability Assessment & Penetration Testing: Order VAPT services to understand your security posture and exposure
The following table will help in distinguishing MSP/MSSP Orchestrate account from an end-client Orchestrate account:
Orchestrate Features | Red Piranha Partner Orchestrate Account | End-client Orchestrate Account |
---|---|---|
Monitor multiple CE XDR deployments of the end-clients | Yes | No |
Monitor self-owned CE XDR deployments | Yes | Yes |
Add staff members and external team members | Yes | Yes |
Monitor Active & expired licenses of end-clients CE XDR deployments | Yes | No |
Monitor Active & expired licenses of self-owned CE XDR deployments | Yes | Yes |
Assign roles to staff members and external team members | Yes | Yes |
Order Crystal Eye XDR product | Yes | Yes |
Order CE XDR integrated services | Yes | Yes |
Order Stand-alone services | Yes | Yes |
Order Managed services | Yes | Yes |
View Agreements | Yes | Yes |
Online referral & earn system | Yes | No |
Shipment Tracking System | Yes | Yes |
Training Portal | Yes | Yes |
Red Piranha’s Orchestrate platform offers the ability to assign roles-based access control for your staff member and external team members. Access can be granted to specific modules of the orchestrate account based on roles such as billing authority, technical manager, security manager and training.
Note: If you are an MSSP you will have the ability to assign your staff member to access an end-client’s account. Such a scenario would require the end-client to allow access.
3 Security goals achieved through Orchestrate platform’s in-built security model:
The Orchestrate dashboard has an in-built multi-factor authentication mechanism that can be enforced as a second layer of security during account log in.
Two-factor authentication is the best way to keep your account secure. It is optional but highly recommended security feature that adds an extra layer of penetration to your Red Piranha Orchestrate account.
Once enabled, you will be required to enter a six-digit security code in addition to your password whenever you sign in to the Orchestrate account.
How to activate multi-factor authentication for your Orchestrate dashboard account?
Step 1: Click your account email address on the top right corner of your Orchestrate dashboard page. You will see a dropdown pop-up. Click 2-factor authentication.
Step 2: You will now be prompted to choose the authentication method. Select Google Authenticator from the dropdown and click the Update button.
Step 3: Install the Google Authenticator App Go to your mobile device app store and install the Google Authenticator app on your mobile device.
Step 4: Add your Red Piranha Orchestrate account to Google Authenticator Open Google Authenticator and add your Red Piranha Orchestrate Account by scanning the QR code or by entering the setup key.
Note: To prevent unauthorized access to your account, we recommend that you do not open the QR code or the setup key in view of other people.
Step 5: Verify that your Red Piranha Client Dashboard Account is properly configured After adding your Red Piranha Client Dashboard Account to Google Authenticator, provide the 6-digit code generated by the Google Authenticator app to verify that your authentication is working properly.
This authentication feature is optional but highly recommended. It adds an extra layer of protection to your Red Piranha Orchestrate dashboard account.
Note: Before enabling, make sure you have setup the device for your Two-Factor Authentication. In case you need to login from unverified IP Address, you may still be able login securely using the Two-Factor Authentication method.
Once enabled, you will be required to login from the approved I.P addresses. You may approve an I.P address upon login by following the approval link sent to your email address or manually add I.P address by clicking the Add IP Address button below.
How to manually add an approved IP address that can access the Orchestrate dashboard?
Step 1: Click your account email address on the top right corner of your Orchestrate dashboard page. You will see a dropdown pop-up. Click IP Address Verification.
Step 2: You will now see the IP Verification page. Click the Add IP Address button.
Step 3: You will now see the IP Address pop-up. Enter the IP address.
Note: Before enabling, make sure you have setup the device for your Two-Factor Authentication. In case you need to login from unverified IP Address, you may still be able login securely using the Two-Factor Authentication method.
Users can change their passwords and view their activity logs. The activity logs show date & time stamp and the associated device IP address which was used while logging into the Orchestrate dashboard.
Note: Click the email address on the top right corner of the page. You will then see a pop-up dropdown with the Change Password & Activity Logs option.
Red Piranha’s Orchestrate platform offers the ability to assign role-based access control for staff members and external team members. Access can be granted to specific modules of the orchestrate based on roles such as billing authority, technical manager, security manager and training.
The Orchestrate platform has a robust ACL management module built into its user interface which allows MSSPs it’s clients to collaborate and provide cross accounts permissions.
ACL Management in Orchestrate explained with respect to various collaboration stages between a Red Piranha Partner & its client:
Stage 1: In a general use case portraying Red Piranha Partner & Client collaboration, a Red Piranha partner invites an end-client to create an Orchestrate account.
Stage 2: The client creates the Orchestrate account and logs in after which the desired access permissions is provided to the Red Piranha Partner. Completion of this process also ensures that the end-client account is linked to the RP Partner managed account.
Stage 3: Later, the RP Partner assigns role-based access control for its staff members so that they have access to the designated modules of the End-client’s Orchestrate account.
Let’s understand the 3 stages of Red Piranha Partner & Client collaboration in the Orchestrate with the help of the use case below:
The Red Piranha Partner invites its client to create an Orchestrate account.
The End-client in turn provides access to the following Orchestrate modules:
The Red Piranha Partner provides its staff access to the selective modules of the end-clients Orchestrate account based on their roles.
Let’s configure the Red Piranha partner managed Orchestrate account and a self-managed client Orchestrate account to reflect the above use case.
The Red Piranha Partner uses the Orchestrate platform to invite an end-Client to create an Orchestrate Account
Step 1: Go to My Clients > Overview
Step 2: You will now see the My Clients Overview page. Click the Add Client button.
Step 3: You will now see the Add Client pop-up. Enter the Client Name, Client Email Address and click the Add Client button. In this case we have added the client’s name as Angela Enterprise and the email address as [email protected]
Note: Once the end-client is added as a client in the Red Piranha partner’s account an invite email is sent to the end-client to create an orchestrate account. Refer the screenshot below to see the contents of the automated emails.
The End-client Allows Full Access or Partial Access to the Red Piranha Partner to various Orchestrate modules (the following steps are to be done in the end-client’s Orchestrate account)
Step 4: Post end-client account creation and log in, go to My Settings > ACL Management.
Step 5: You will now see the Client to Partner ACL interface.
Select the following and click the Update Access button.
Note: In our scenario we have given full access to the Red Piranha Partner by allowing access to all three categories namely, Billing Authority, Technical Manager and Security Manager. Partial access to these sections can also be given as desired.
Role-based Access Control assigned by the Red Piranha Partner for its staff (the following steps will be pursued in the partner managed Orchestrate account)
Step 6: Go to My Settings > My Staff
Step 7: You will see the Your Staff page. Click the Update Roles to Clients button next to the staff member for which role-based access control needs to be assigned.
Note: In our scenario we will pick a staff member ‘Shiya Thomas’ and assign her the role of a Security Manager. She will have access to Devices, Application Status, System Status, Schedules, Reports, and Incident Report.
Important: You may add an existing staff or a new staff member by just clicking the Add Staff button.
Step 8: You will now see the role-based access control pop-up of the staff member. In our case we have pulled up the details of the staff member ‘Shiya Thomas’. In the screenshot below the MSSP staff Shiya Thomas is given access to monitor Devices, Application Status, System Status, Schedules, Reports, and Incident Report.
This section shows the list of Active and Expired licenses of CE XDR Deployments. The screenshot below shows the list of Active CE XDR deployment licenses.
This module is designed to help Red Piranha Partners and end-clients to monitor self-owned CE XDR deployments through dynamic dashboards. These dynamic dashboards also provide access to the reports repository which displays the reports and their schedules triggered from the Crystal Eye XDR.
The following reports scheduled from the CE XDR can be viewed in the My CE XDR Deployments section.
Monitor your CE XDR Deployment through Dynamic Dashboards
Report Repository
The My Subscription module displays records related to the subscriptions of the products and services purchased in the past.
The My Order History module sheds light on the products and services ordered in the past.
This module is essentially a learning management system built into the core Orchestrate platform. A list of training courses can be opted from the learning hub integrated to the training module of the orchestrate.
The ACL management in Orchestrate allows administrators to offer role-based access to their staff allowing them restricted access to certain modules of the Orchestrate account. This role-based functionality can also be implemented for your staff so that they have access only to the training platform.
How to create accounts of your employees in the Orchestrate and provide access only to the Security Training courses under the training module?
Step 1: Go to My Settings > My Staff
Step 2: You will now see the My Staff page. Click the Add Stuff button.
Step 3: You will now see the Add Staff pop-up. Enter the First Name, Last Name and the Email Address of the staff member and click the Save button.
Note: An email will now be sent to the staff that would prompt them to create an account. Once the account is created the roles of the staff can be assigned to access the security training module.
Step 4: You will now see the email address of the staff in the Your Staff section. Click the Edit Roles button.
Note: The Edit Roles button will be greyed out until the staff creates their respective orchestrate account.
Step 5: You will now see the Edit Roles pop-up. Check the tick box under Training (Training Courses) and click the Update Roles.
A Red Piranha Partner Orchestrate account has a variety of dynamic dashboards that can be used for intense network security monitoring of CE XDR clusters deployed in various client sites. A range of CE XDR products, CE XDR integrated services and standalone services can also be ordered from the Partner managed Orchestrate account.
Multiple client CE XDR deployments can be monitored from the My Clients Overview Dashboard. Some of the parameters that can be monitored are mentioned below.
To go to the My Clients overview Dashboard, go to My Clients > Overview
Know total Number of Client accounts Linked to the Partner Managed account
Know the total number of CE XDR deployments of the client
Know total Number of active Licenses of the CE XDR Deployment
Know the Number of Expired Licenses of the CE XDR Deployment
Know total Number of CE XDR Licenses due to expire in 30 days
Know total Number of Application Issues in all CE XDR deployments
Know total Number of Offline Devices
Detect SIEM Disconnections Across all CE XDR deployments
A Red Piranha Partner can manage and monitor the CE XDR deployment of a particular client.
To access the CE XDR deployment dashboard of a client, go to:
Step 1: Left-hand Navigation Menu > My Clients > select the Deployment button next to the desired client
Step 2: You will see all the CE XDR deployments of the selected client. Click the View button of the client CE XDR deployment that needs to be monitored.
You will now see a dynamic dashboard of the selected client CE XDR deployment that will help you to monitor the following parameters.
Know the hostname of the client CE XDR deployment
Know the Host key of the client CE XDR deployment
Know the software version of the CE XDR deployment
Know the SIEM Level of the CE XDR Deployment
Know the License Expiry Date of the CE XDR Deployment
Know the Application Status of the CE XDR Deployment
Know the System Status of the CE XDR Deployment (RAM Usage & CPU Usage)
The reports repository allows Red Piranha Partners to access reports such as PCAP SNAP and Vulnerability Scan Reports that have been triggered from their clients CE XDR deployments.
A Red Piranha Partner can offer a range of Crystal Eye XDR integrated services to its client. Some of these services are mentioned below: