Direct your NetFlow/IPfix to the CySight server on default port 2055.
Direct your sFlow to the CySight server on default port 6343.
After installing your license key, your Flow device will be identified automatically and will be visible under the Device screen when you login.
Ports can be changed or added as required.
CySight is already the most scalable collector in the industry. For larger environments wishing to conserve hardware, using more than one port with multiple devices will enable additional performance due to additional multi-threading.Operating System Installation Notes
If you are installing Linux please use only the supported Redhat/Centos Linux and please follow the installation instructions and tuning suggestions in Config: Linux Config and Tuning Checklist.
Client Browser Requirements
The client PC must have the following installed:
Firefox, Chrome or Internet Explorer supporting SVG/HTML5.
Enter the CySight IP in your browser’s address bar:
Once the license is active the left menus will activate.
The login screen provides an option to Authenticate using the LDAP Server that has been configured by the AdministratorLogin to the CySight front end.
Code: Select all
Username: admin, Password: admin
Its good practice to change your admin user and password after installationLicense Key installation
The License key can be inserted using the license management screen (Configuration -> Administration -> License) or copied into the keyblocks directory as described below.
Click "Load" then Browse to select your license key. Press "Confirm" to Insert it.
The evaluation license is set to retain the top 5000 flows per minute per device which substantial granularity and high quality forensics and alerting that suits most environments. It can be configured to retain all flows or less.
If you need to test forensics depth please request a meeting email@example.com.Alternatively, please copy the license key to your "keyblocks" directory and restart CySight. The keyblocks directory can be found in /DigiToll/digiTolBE/keyblocks for Windows systems and /digitoll/keyblocks/digitoll/ for Linux
A Device will be added automatically. A device cannot be added manually. As long as the exporters have been setup correctly the devices will be automatically identified.SNMP
Edit your NetFlow devices and set the SNMP community String to enable automated bandwidth and interface name discovery.
Click Configuration> Devices> Device and highlight a device in the grid, then click "Modify" to setup your device. After making your change click "Confirm" to save.
Overview and Homepages
The Overview and Homepage screens will take a few minutes to collate information before displaying data.Overview
CySight Dashboards enable multiple views on a single screen. It brings to the fore our latest AI technology enabling continual analysis and mitigation. Smart widgets allow you to see exactly what is happening in milliseconds of an attack followed by an AI Diagnostics of what happened and a Threat Diagnostics of Lateral Attacks and Predictive AI Impact analysis.
GA Availability September 2023. Beta availability August 2023.
Mapping, Circlepacks, Sankeys and other visualizations can be see here with some useful animations Visualizations,
Getting Started Additional Notes
Installation, configuration and general usage can be found in CySight Knowledge base with latest documentation guides available on Visual Analytics, Multiviews, Forensics , IPv6 and more.