genucenter

Under Settings > genucenter, you can connect cognitix Threat Defender to a genucenter central management system.

cognitix Threat Defender transmits the following information to genucenter:

  • General information (appliance type, software version, etc.)

  • Extended information (description, tags, location)

  • Tracked assets (created, updated, and seen assets in the previous 24 hours as well as currently active assets)

  • Incidents reported in the previous 24 hours by severity (high, medium, low, notice)

  • License information

  • Hardware information

  • Latest incident logs (the ten most recent entries)

  • Latest audit logs (the ten most recent entries)

  • Latest failed audit logs (the ten most recent entries)

This information is transmitted automatically at specified intervals. Click Send Now at the top of the screen if you want to immediately send information to genucenter.

The table displays the current genucenter connection settings. With the slider switch in the first column you can enable (on) or disable (off) the connection. Click the edit_icon icon in the table to access the configuration assistant.

The connection has to be set up on both systems, cognitix Threat Defender and genucenter. This chapter describes the process from the point of view of Threat Defender. For detailed instructions on the genucenter connection setup, refer to the respective genucenter documentation.

Setup

When you edit the connection to a genucenter system, the slider switch allows you to enable (on) or disable (off) the connection.

Three tabs guide you through the connection setup:

Introduction

On the Introduction tab, click INITIALIZE to generate an SSH key pair that will be used to authenticate cognitix Threat Defender at the genucenter system.

genucenter Steps

The genucenter Steps tab explains the setup steps you need to perform on the genucenter system that will receive status information from cognitix Threat Defender. For more detailed information, refer to your genucenter documentation.

The SSH public key field contains the public SSH key that you need to provide to genucenter (see step 3).

When you have completed the genucenter setup as detailed on this tab, click NEXT STEP to proceed.

Configuration Upload

On the Configuration Upload tab, import the configuration file provided by genucenter.

Click SELECT to access the file system. Select the config file exported from genucenter (.json format). The input fields will be filled automatically with the exported settings. You can adjust them, if required.

Field

Description

Host

The IP address of the genucenter appliance that receives information from Threat Defender.

Port

The port that Threat Defender sends the information to.

Appliance ID

The ID used to identify Threat Defender.

Host SSH Key

The SSH key used by genucenter to establish the connection.

Time Interval

The time interval at which Threat Defender automatically transmits information to genucenter.

The buttons at the bottom of the screen allow you to store your changes (SAVE) or to discard them (CANCEL).

Note

When you restore the genucenter configuration on a fresh Threat Defender installation via a backup file, make sure that the SSH keys and the known server configuration file exist on the system. If any one of those three files is missing, the genucenter configuration is disabled. In this case you will have to set it up again as described above.