LogoLogo
Log In
  • Introduction
  • Registration
  • Pre-Requirements & Initialization of the Platform
    • Agent Installations
      • Windows Installation
      • Linux Installation
      • macOS Installation
      • Deploying Agent From Microsoft Intune
    • Access and Exlusion Requirements
      • Agent-Based Demo Deployment
      • Agent-Based Production Deployment
      • Agent-Based On-Premises Deployment
      • Trendmicro Exlusions
    • Troubleshooting
  • Getting Started
    • Platform Overview
    • Agent Based Deployment
      • 1. Activating Policies
      • 2. Configure Policies in the Group
      • 3. Agent Deployment
        • Windows: Downloading and Deploying The Windows Agent
        • Linux: Downloading and Deploying The Linux Agent
        • macOS: Downloading and Deploying The macOSAgent
      • 4. Enabling Classification Rules
      • 5. Review The Results & White Listing
      • 6. Reviewing and Enabling Sigma Rules
      • 7. Generating Reports
      • 8. Notification Settings
      • 9. YARA Analysis & THOR
      • 10. Configuring YARA Rules
      • 11. Remediation Management
      • 12. Results of The Analysis
    • Using the Main Dashboard and Grids
    • Classification Rules
    • Configuring Modules
      • Threat Hunting
        • Enabling Windows Autoruns & Process Analysis
        • Enabling Weak SNMP Discovery
        • Enabling Linux Analysis
        • Job Management
        • Customizing Classification Rules
        • Enabling Windows Event Log Analysis
        • Enabling Windows Sysmon Analysis
        • Enabling Windows Thor Analysis
        • Enabling Windows Security Benchmark Analysis
        • Enabling In-Depth Analysis
      • Windows Hardening
      • Remediation & Response Management
      • Notification Management
      • Vulnerability Management
      • Network Discovery
      • Windows Patch Management
      • IP Scanning
      • Software Management
      • Managing Shadow-IT
      • Microsoft Windows Defender Health Analysis
    • Configuring Sysmon
      • Sysmon Deployment
      • Managing Sysmon Rules
      • Troubleshooting Sysmon Rules
    • Important Settings
      • Organization Settings
    • Utilizing the Platform Effectively and Interpreting the Artifact Analysis Results
    • How To Manage False Positives and Optimizing the System
    • Using AI Modules
      • AI Manuel Enrichment
      • AI Auto Enrichment
      • Automating AI Enrichment
      • AI Auto Exclusions
      • AI Feedback Questions
      • AI Auto Exclusion & Enrichment for Sysmon
      • AI Activity Logs
    • GRC Management
      • Creating an Assessment & Updating Evidences
    • Integrations
      • Office 365 Azure Registration
      • Windows Security Center Azure Registration
      • Azure Active Directory Integration
      • Active Directory Integration
      • CrowdStrike Integration
      • Palo Alto - Cortex Integration
      • Palo Alto HyperVisor Integration
      • OpenVAS Integration
      • Tenable Nessus
      • Gophish Integration
      • Prowler Integration
    • How to Use CyberCyte Platform Effectively?
    • Enabling External Exposure Analysis
  • Administration Guide
    • Most Used
      • Threat Overview
      • Analysis & Investigation
      • Shadow IT
      • My Assignments
      • Installation Management
      • Policy Management
      • Windows Hardening Results
      • Device Management
    • Dashboards
      • Threat Overview
      • Asset Overview
      • User Overview
      • Shadow IT
      • Analysis
    • Threat Hunting
      • Notable Events
      • Analysis & Investigation
      • Visualization
      • Hunting Settings
      • E-Mail/Teams Settings
    • Threat Response
      • Response Management
      • Incident /Case Management
      • ToDo
      • Remediation & Response Settings
      • Incident /Case Management
      • Incident/Case Management Settings
      • AI Activity
      • Interactive Sessions
    • Security Assurance
      • Hardening & Configuration Management
      • Vulnerability Management
      • Windows Remediation
      • Linux Remediation
      • Software Management
      • Windows Patch Management
      • Windows Remediation & Response Settings
      • Hardening & Configuration Management Settings
    • Asset Management
      • Endpoint Management
      • Group Management
      • Settings
    • Rules & Policies
      • Artifact Classification
      • Policy Management
      • SIGMA/YARA Rules
      • Artifact Collection Parameters
    • GRC
      • Assessment Management
      • Risk and Oppurtunity Management
      • Incident/Case Management
      • Assets
      • Document Management
      • Evidences
      • ToDo & Project Management
      • Parameters
      • Settings
      • Incident/Case Management Settings
    • Settings & Reporting
      • Agents Settings
      • Deployment Settings
      • Notification Settings
      • Integration Settings
      • AI Settings
      • Credential Settings
      • Organization Settings
      • Reporting
      • Users & Groups
    • Help
      • Ask AI
      • Configuration Wizard
      • Help Guide
      • Search
      • Version & Exception Overviews
      • Troubleshoot
    • How To Manage False Positives and Optimizing the System
  • Troubleshooting
    • Troubleshooting Multitenant Functionalities & Accessing Internal Applications
    • The Agent Troubleshooting
      • Troubleshooting the Windows Agent
      • Troubleshooting the Linux Agent
      • Troubleshooting the macOS Agent
    • Proxy Troubleshooting
      • Portal Server
      • Elastic Server
    • AI Automation Troubleshooting
      • Checking the AI Mode
      • Checking AI Audit Logs
      • Checking the AI Settings
    • Troubleshooting Synchronization Problems
  • Release Notes
    • v3.3.6
    • v3.3.5
    • v3.3.4
    • v3.3.3
    • v3.3.2
    • v3.3.1
    • v3.3
    • v3.2.1
    • v3.2
    • v3.1.4
    • v3.1.3
    • v3.1.2
    • v3.1.1
    • v3.1
    • v3.0.10
    • v3.0.8-9
    • v3.0.7
    • v3.0.6
    • v3.0.5
    • v3.0.4
    • v3.0.3
    • v3.0.2
    • v3.0.1
    • v3.0
    • v2.5.0 - v2.17.7
Powered by GitBook
On this page

Was this helpful?

  1. Troubleshooting

Troubleshooting Multitenant Functionalities & Accessing Internal Applications

For on-premise deployments, additional synchronizations are performed through an entity named SUPERORG. Once the SUPERORG is accessed, the below caches can be refreshed in case a synchronization problem is detected.

From "Security Management" -> "Settings," global synchronization activities can be managed. The synchronizations performed by the SUPERORG are managed from this section:

  • Re-Initialize Synchronization: All synchronization tasks for rules, policies, and hardening rules are re-triggered for all organizations.

  • Clear Threat Intelligence Query Cache: All caches for all organizations are re-cleared.

  • Unschedule Vulnerability Synchronization: CyberCyte threat intel synchronizes CVE data with NVD to discover application vulnerabilities. SUPERORG synchronizes this data from Threat Intel to provide the information to all tenants. The synchronization job can be first stopped, then the SUPERORG vulnerability cache cleaned, and the vulnerability synchronization job can be enabled again.

  • Schedule Vulnerability Synchronization: Unscheduled vulnerability synchronization is enabled.

  • Clear Vulnerability Database: The vulnerability database is cleared, and a full update starts from the CyberCyte threat intel.

  • Reschedule Elastic Synchronization for Configuration Updates: Windows Sysmon and Event Log artifacts are initially stored in the Elastic server. The full log data is summarized through transforms, and the original data is deleted after seven days. When there is a change in the parsing rules or a problem in getting Sysmon data, elastic synchronization rules can be re-applied by clicking this button.

  • Clear Non-existing Organizations Transforms on Elastic: In multitenant deployments with multiple organizations, elastic transforms are not deleted when the organization is deleted to protect the data. Elastic transforms can be manually deleted by clicking this button.

When Sysmon data is not received even though Sysmon policies are configured, The last time synchronization between Elastic and the server can be checked from "Security Management" -> "Settings". The "Last Time Elastic Synchronization Run" value displays the last time the synchronization job has been executed. When "Elastic Synchronization Interval (Sec)" is set to 0, then saved, and after setting a new value and saving, the Elastic Synchronization job is re-created. The "Reschedule Elastic Synchronization for Configuration Updates" button performs the same operation. If there is still no data, please review the Elastic server to identify if logs have been collected. The "Agent" microservice logs identify possible problems where sysmon logs cannot be written to Elastic. If there is Sysmon and Event Log data in Elastic but not in server "Extdatasync" microservice logs should be inspected.

To access the components of the infrastructure, the below URL's are typically used. To reset access passwords, please send an e-mail to support@cybercyte.com

  • Kibana: https://<elastic-ip>:5601

  • Elastic: https://<elastic-ip>:9200 -> Health State in a JSON document should be displayed.

  • Pgadmin for PostgreSQL: https://<server-ip>:8344

PreviousTroubleshootingNextThe Agent Troubleshooting

Last updated 3 months ago

Was this helpful?