3.1. Initial Tasks
3.1.1. License Installation
Before you can use the cockpit, you must install a license. Navigate to
Licensing
section in the Settings
menu, click the Upload License
button, select your license file and click Upload
. After verifying
if your license is valid, you will be able to use your Analysis Cockpit.
3.1.2. System Update
All updates are applied from the Web GUI. Simply navigate to the Updates
section in the Settings
menu, review the release notes and click the update
button. You can also check for new updates by clicking the Check for Updates
.
3.1.2.1. Elasticsearch Cluster Update
If you are running an Elasticsearch Cluster with your Analysis Cockpit, we recommend to update the cluster members anytime you are installing an update on your Analysis Cockpit. Not only might an update for the Analysis Cockpit contain an update for Elasticsearch, but more importantly, system and security updates for the underlying debian system are also included.
To update your cluster members, run the following commands on each of them:
nextron@node-1:~$ sudo apt update
nextron@node-1:~$ sudo apt upgrade
Note
Performing system updates is usually risk free. However, we still recommend that you create a backup/snapshot before updating your cluster nodes.
3.1.3. Set Users and User Rights
The chapter Understanding Users, Roles, Rights and Case Status already describes how to set up a 2-level analyst model for working with cases. The roles defined in that section are non-administrative roles, meaning they are only allowed to access cases based on the respective status of a ticket. The following permissions are related to the Analysis Cockpit as a whole.
Additionally, roles can have the following rights:
Administrator
Universal
View Notifications
Acknowledge Notifications
Upload Events
Delete Events
Upload File(s) for Sandbox Analysis
Download File(s) for Sandbox Analysis
Roles can be granted these privileges by choosing them in the New Role
dialogue.