mopdf.com

Fidelis Network /Fidelis Deception CommandPostQuick Start GuideRev-K (HPE DL360 Gen10) PlatformsAbout Fidelis CybersecurityFidelis Cybersecurity, the industry innovator in Active XDR and proactive cyber defense solutions, safeguardsmodern IT environments with unparalleled detection, deception, response, cloud security, and compliancecapabilities. We offer full visibility across hybrid environments via deep, dynamic asset discovery, multi-facetedcontext, and risk assessment. These features help minimize attackable surface areas, automate exposureprevention, threat detection, and incident response, and provide the context, accuracy, speed, and portabilitysecurity professionals need to find and neutralize adversaries earlier in the attack lifecycle. Fidelis Cybersecurityis dedicated to helping clients become stronger and more secure. Fidelis is trusted by many top commercial,enterprise, and government agencies worldwide. For more information, please visit www.fidelissecurity.comCopyright 2022 Fidelis Cybersecurity , Inc. All rights reserved.www.fidelissecurity.com

21. System OverviewThe Fidelis CommandPost appliance is the central component for command and control of FidelisNetwork/Fidelis Deception components. With CommandPost, you create and edit sensor rules, craftmetadata analytics and automation, view alerts from connected sensors and Collector components, anddefine and deploy Deception decoys.Figure 1: Fidelis Network/Fidelis Deception CommandPost Appliance – Rev-KCommandPost Setup Checklist Fidelis CommandPost – Appliance RequirementsAppropriate rack space, power, and cooling (Appendix B)Rack tools, rails, and connectorsKeyboard and video monitor / KVM switch for temporary appliance setupPower cables – two per appliance, appropriate power source and regionEthernet cables (cat5e) for Admin and iLO ports (Section 3)Network switches with enough physical ports (Section 4)Logical network information: IP addresses, hostnames (Section 5, Appendix A)2. Documentation, Passwords, and Technical SupportProduct DocumentationYou can find Fidelis Network/Fidelis Deception product documentation, appliance specifications, andinstructions at https://support.fidelissecurity.com or through theCommandPost user interface.navigation item in theAppliance Default PasswordsSystemAccountDefault PasswordSSH / Appliance ConsolefidelisfidelispassCommandPost user interfaceadminsystemiLOadministrator(printed on label, top of server).Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com

3Technical SupportFor all technical support related to this product, check with your site administrator to determine supportcontract details. For support of your product, contact your reseller. If you have a direct support contractwith Fidelis Cybersecurity, contact Fidelis Cybersecurity Technical support at: Phone: 1.301.652.7190 Toll-free in the US and Canada: 1.800.652.4020 Email: [email protected] Web: https://support.fidelissecurity.com3. CommandPost: Network Port and CablingRequirementsYou must connect each appliance to the various networks using appropriate cables, and in some cases,also transceivers.Port LabelPhysical Connection Type (default)Cable Type (minimum)AdminGbE RJ45 (Copper)Cat 5e patch cableiLOGbE RJ45 (Copper)Cat 5e patch cableFigure 2: CommandPost Rear Port Assignments (Rev-K).Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com

44. CommandPost Networking EnvironmentThe CommandPost appliances use the Admin network for service and inter-node communication.CommandPost appliances offer the iLO / IPMI interface for optional out-of-band management of theappliance.Use the tables below to determine the count and type of switch ports required to support the number ofappliances for your deployment.Admin NetworkThe Admin network connects the CommandPost to Fidelis sensors, Collectors, and on-premises Sandboxcomponents.ApplianceSwitch Port TypeQtyCommandPostGbE RJ45 (Copper)1iLO / IPMI NetworkThe iLO / IPMI network is an optional network for remote/out-of-band server administrationApplianceSwitch Port TypeQtyCommandPostGbE RJ45 (Copper)1.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com

55. Appliance – Logical Network ConfigurationYou must assign logical network information to each physical connection. Build a table of the logicalinformation for each appliance (sample below) that you can reference during configuration. You willreference this table multiple times during the cluster setup. Appendix A has a worksheet you can use.Sample ConfigurationNetwork SettingInterfaceAssignmentsAdmin/eth0Hostname (FQDN)Static IP AddressSubnet MaskGatewayiLO / 255.255.255.0255.255.255.010.1.2.1Proxy Server10.5.6.7DNS Servers8.8.4.4, 8.8.8.8NTP Servers0.pool1.ntp.orgTime ZoneUTC ( 0)6. Appliance InstallationRack InstallationInstall each appliance in an enclosure/location that has necessary power and cooling. Ensure that theinstallation environment is within the operating temperature of the appliance. See Appendix B forappliance operating temperature requirements.PowerConnect power cables to the power supplies in the back of the appliance. See Appendix B for appliancepower requirements.Network CablingUsing the connectors and cables described in sections 3 and 4, begin to connect the appliances to thenetworks.Cable the CommandPost appliance(s) to the switches:1. Connect the Admin (eth0) port to the Admin switch port.2. Optionally, connect the iLO port to the Admin (or iLO) switch port.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com

67. Appliance Network ConfigurationStart the Appliance Network Configuration1. Power on the appliance(s).2. Connect to the component CLI using either of the following:‒Via KVM Console, see Option 1: Connect to the Component CLI Using KVM Console‒Via iLO, see Option 2: Connect to the Component CLI Using iLOOption 1: Connect to the Component CLI Using KVM Console1. Connect a keyboard and monitor to the appliance.2. Continue with Complete the Appliance Network Configuration.Option 2: Connect to the Component CLI Using iLOiLO supports DHCP by default. If you need a static IP address, before performing this procedure, firstfollow Configuring iLO to Use a Static IP Address.1. Log into the iLO console:https:// IP address where IP address is the iLO IP address2. Specify the credentials:‒‒‒Username - AdministratorPassword - A random eight-character stringDNS name - ILOXXXXXXXXXXXX, where the X characters represent the server serialnumber.The iLO firmware is configured with a default username, password, and DNS name. The defaultinformation is on the serial label pull tab attached to the server that contains the iLO managementprocessor. Use these values to access iLO remotely from a network client by using a webbrowser.3. In the iLO web interface, navigate to iLO Integrated Remote Console.4. Select Power & Thermal.5. Click Reset.The system shuts down and restarts. For Fidelis Network appliances version 9.4.1 or later, ascreen similar to below is displayed. If you do not see this screen, contact Fidelis CustomerSupport.6. Continue with Complete the Configuration.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com

7Configuring iLO to Use a Static IP AddressUse this procedure only if you want to connect to the component CLI using iLO and you need a static IPaddress. Note that iLO supports DHCP by default.1. Directly attach an ethernet cable from a client system, such as a laptop to the iLO port on theappliance.2. Restart the machine.3. Press F9 in the server POST screen.The UEFI System Utilities start.4. Click System Configuration.5. Click iLO 5 Configuration Utility.6. Disable DHCP:a. Click Network Options.b. Select OFF in the DHCP Enable menu.The IP Address, Subnet Mask, and Gateway IP Address boxes become editable. When DHCPEnable is set to ON, you cannot edit these values.7. Enter values in the IP Address, Subnet Mask, and Gateway IP Address boxes. (See Section 5/ Appendix A)8. To save the changes and exit, press F12.The iLO 5 Configuration Utility prompts you to confirm that you want to save the pendingconfiguration changes.9. To save and exit, click Yes - Save Changes.The iLO 5 Configuration Utility notifies you that iLO must be reset in order for the changes to takeeffect.10. Click OK.iLO resets, and the iLO session is automatically ended. You can reconnect in approximately 30seconds.11. Resume the normal boot process:a. Start the iLO remote console.The iLO 5 Configuration Utility is still open from the previous session.b. Press ESC several times to navigate to the System Configuration page.c.To exit the System Utilities and resume the normal boot process, click Exit and resumesystem boot.iLO is configured to use a static IP address. Continue with Option 2: Connect to the Component CLIUsing iLO.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com

8Complete the Appliance Network Configuration1. After connecting using either KVM Console or iLO, you should see this screen for Fidelis Networkappliances version 9.4.1 or later.If you do not see the screen shown above, contact Fidelis Technical Support.2. With Perform Initial Install or Factory Reset selected, press Enter.3. Use the Up and Down arrow keys to select CommandPost , and press Enter.The system displays a screen with the message Congratulations, your CentOS installation iscomplete. The system will automatically reboot.4. Directly attach an ethernet cable from a client system such as a laptop to the Admin/eth0 port onthe appliance. The default IP address is 192.168.42.11/24. Assign a static IP from the samesubnet to the network interface on the client system and connect to the appliance using SSH.Copyright 2022 Fidelis Cybersecurity , Inc. All rights reservedwww.fidelissecurity.com