Getting Started with Analyst Portal
CSAP is a situational awareness platform and is used to share human-readable threat alerts, self-created or automated, from deployed security tools such as threat intelligence platforms (TIPs), SIEMs, ITSMs, and external sources such as regulatory bodies, CVE or NVD databases, and RSS Feeds.
The following illustration shows the workflow of CSAP:
Analyst Portal
The CSAP Analyst Portal is used extensively by Administrators and Analysts to:
Create and distribute actionable information,
Configure and manage CSAP Member Portal and Cyware Enterprise Mobile App applications.
Create and manage a repository for a variety of information that enables collaboration between teams in an organization.
Create Alerts
CSAP Alerts are human-readable, tactical, technical, or informational notifications about current vulnerabilities, exploits, and other security issues relevant to a product, industry, or organization. Analysts can create and share actionable alerts with members. For more information, see Alerts.
Configure Preferences
Administrators can configure the various functions of the CSAP Analyst Portal and CSAP Member Portal by setting preferences. They can control features on a granular level to maximize security awareness across analysts and members. For more information, see Manage Collaborate Settings and Configure Collaborate Preferences.
Manage Repository
Analysts and administrators can create and manage a vast repository of information including various files, folders, documents, attachments, pictures, videos, or any other media information. The information is used in alerts, sharing content, or collaborating with different team members. For more information, see Doc Library.
Analysts can also create and manage content or files in the Threat Defender Library for threat detection, threat hunting, or threat remediation. For more information, see Threat Defender Library.
Analysts can create and manage a library of knowledge-base articles to improve self-service, give greater access to more articles, and offer regular updates. For more information, see Knowledge Base
Learn all about the administrative features in CSAP Analyst Portal to manage all the key configurations to onboard users and enable users to get started with the application.
Basic Configurations
This section highlights the necessary configurations that you must perform to get started with the Analyst Portal. You can also review and configure other platform-specific settings as required. For more information, see Other Configurations.
Step 1 | Authenticate users to sign in to the Analyst Portal by configuring your preferred authentication methods such as LDAP, Username-Password, SAML, or Google Sign-In. | |
Step 2 | Configure an email server to send out communication emails from the application. | |
Step 3 | Configure SMS gateway services with the Analyst Portal for sharing OTP through SMS. | |
Step 4 | Authenticate users to sign in to the Member Portal by configuring your preferred authentication methods such as LDAP, Username-Password, SAML, or Google Sign-In. | |
Step 5 | Configure the features in the Analyst and Member Portals. | |
Step 6 | Configure user groups to define the Role-Based Access Control (RBAC) of the features. | |
Step 7 | Create and onboard users into the CSAP Analyst Portal. | |
Step 8 | Create and onboard members into the CSAP Member Portal. |
Other Configurations
Configure the various functions of the Analyst Portal and the Member Portal by setting preferences. You can control the functions of different features on a granular level and maximize security awareness across users. | |
Configure automated sharing of alerts between different organizations that use CSAP, via secure API endpoints. | |
Configure and manage CSAP integration with third-party applications. | |
Generate OpenAPI credentials to integrate CSAP with other applications and access the features using CSAP Open API. | |
Add the indicators such as IP, domain, URL, email, and hashes, that you think are safe to your allowed lists. | |
Share security advisories with members so that they are updated with the latest alerts from trusted third-party sources. | |
View your license details, such as license key, expiry date, tenant name, tenant code, and the application version. You can also view the components that display the usage of user accounts for the Member Portal. |