3.1. Initial Tasks

3.1.1. License Installation

Before you can use the cockpit, you must install a license. Navigate to Licensing section in the Settings menu, click the Upload License button, select your license file and click Upload. After verifying if your license is valid, you will be able to use your Analysis Cockpit.

3.1.2. System Update

All updates are applied from the Web GUI. Simply navigate to the Updates section in the Settings menu, review the release notes and click the update button. You can also check for new updates by clicking the Check for Updates.

3.1.2.1. Elasticsearch Cluster Update

If you are running an Elasticsearch Cluster with your Analysis Cockpit, we recommend to update the cluster members anytime you are installing an update on your Analysis Cockpit. Not only might an update for the Analysis Cockpit contain an update for Elasticsearch, but more importantly, system and security updates for the underlying debian system are also included.

To update your cluster members, run the following commands on each of them:

nextron@node-1:~$ sudo apt update
nextron@node-1:~$ sudo apt upgrade

Note

Performing system updates is usually risk free. However, we still recommend that you create a backup/snapshot before updating your cluster nodes.

3.1.3. Set Users and User Rights

The chapter Understanding Users, Roles, Rights and Case Status already describes how to set up a 2-level analyst model for working with cases. The roles defined in that section are non-administrative roles, meaning they are only allowed to access cases based on the respective status of a ticket. The following permissions are related to the Analysis Cockpit as a whole.

Additionally, roles can have the following rights:

Administrator
Universal
View Notifications
Acknowledge Notifications
Upload Events
Delete Events
Upload File(s) for Sandbox Analysis
Download File(s) for Sandbox Analysis

Roles can be granted these privileges by choosing them in the New Role dialogue.