Getting Started with Detect AI
To onboard NetWitness Detect AI, existing customers with NetWitness Platform version 11.5.2 or later can share their tenant administrative user details with the NetWitness Sales team. The NetWitness Sales team then onboards the first administrative user from your organization to kick-start the set up process. The administrative user then receives a welcome email that contains the NetWitness Detect AI access URL, a user name, and a temporary password. Ensure that you reset the password at the first login.
The following checklist includes the steps to set-up and use NetWitness Detect AI:
Before you Begin
Ensure that you configure the actual time on the Cloud Link Service (Log Decoder Host). Sync the device Network Time Protocol (NTP) with the NTP service on the admin server. For more information on how to configure NTP Sever, see Configure NTP Servers.
The host on which the Cloud Link Service will be installed needs to be connected to Amazon Web Services(AWS). This might require changes to your existing firewall rules. Hosts will need to connect to the IP ranges for the chosen deployment region. For more information on the current list of AWS IPs by region, see AWS IP address ranges.
(Optional) Ensure that you configure the proxy settings from NetWitness Platform version 11.5.3 or later, before installing the Cloud link Service. For more information, see Configure the proxy for the Cloud Link Service.
|1. Understanding NetWitness Detect AI||• NetWitness Detect AI Overview
• What use cases does NetWitness Detect AI address
• Detect AI Works
• Types of NetWitness Detect AI licenses
|2. Log in to your account and perform the initial set up tasks||• Log in to your account
• Set up and manage administrators
• Enable multi-factor authentication for your account
|3. Understanding Cloud Link Service||Cloud Link Service Overview|
|4. Plan your Cloud Link Service installation||Planning considerations for Cloud Link Service|
|5. Install Cloud Link Service on Log Decoder (11.5.2 or later)||Install Cloud Link Service|
|6. Download the activation package||Download the activation package
|7. Register the Cloud Link Service||Register the Cloud Link Service|
|8. Verify if the Cloud Link Service is working||Verify if the Cloud Link Service is working|
|9. Enable data transfer from Detect AI to NetWitness Platform||Transfer Detect AI data to NetWitness platform|
|10. Monitor Cloud Link Service||Monitor the health of the Cloud Link Service|
|11. (Optional) Enabling email and syslog notifications for Cloud Link Service||Configure email or syslog notifications to monitor the service|
|12. Updating the Cloud Link Service automatically||Update the Cloud Link Service automatically|
|13. (Optional) Delete Cloud Link Service if no longer required||Delete Cloud Link Service|
|14. Install Detect AI with an existing on-premise UEBA||Install Detect AI with an existing on-premise UEBA|
|15. (Optional) Configure proxy setting for the Cloud Link Service||Configure the proxy for Cloud Link Service|
After completing the set-up, you can perform several tasks to respond to threats reported by NetWitness Detect AI. For more information, see Investigate.