Stellar Cyber Photon 160 - User Manual

The Stellar Cyber Photon 160 is a network appliance designed for data collection and security monitoring within an enterprise environment. It acts as a sensor, gathering data from various network sources and feeding it to a central Data Processor (DP) for analysis within the Stellar Cyber platform. This device is crucial for establishing comprehensive visibility into network traffic and identifying potential security threats.

Function Description

The primary function of the Photon 160 is to collect raw network data. It achieves this by connecting to data sources through its monitor ports, which can be configured to receive mirrored traffic or connect to network taps. Once connected, the Photon 160 captures this data and forwards it to a designated Stellar Cyber Data Processor. This data forms the foundation for threat detection, incident response, and security analytics performed by the Stellar Cyber GUI. The device is designed to be a distributed component of a larger security infrastructure, extending the reach of the Stellar Cyber platform to various segments of a network. Its role is purely data acquisition and forwarding, making it a critical first step in the security monitoring pipeline.

Usage Features

The Photon 160 offers several features to facilitate its deployment and integration into a network:

• Power Connection: The device requires a DC power source. A licensed DC power technician is recommended for connecting the included power cable to ensure proper and safe operation. A power button is provided for easy power control.

• Network Connectivity: The Photon 160 includes multiple Ethernet ports for both management and data collection.

  • Management Port (Eth0/MGT): This port is used for accessing and configuring the device. It needs to be connected to a network accessible by the Data Processor.
  • Monitor Ports (Eth1-Eth5): These ports are dedicated to connecting to data sources, such as mirror ports on network switches or network taps. They are designed to passively collect network traffic for analysis.

• Access Methods: The Photon 160 provides flexible options for initial setup and ongoing management:

  • HDMI/USB Access: For direct local access, users can connect an HDMI monitor to the HDMI port and a USB keyboard to one of the USB 3.0 ports. This allows for a graphical interface for configuration.
  • Serial Console Access: A serial console port (RJ45) is available for command-line interface (CLI) access. This method requires a serial cable and specific serial communication settings (Baud: 115,200, Flow control: none, Data bit: 8, Parity check: none, Stop bit: 1). This is often preferred for initial setup or troubleshooting when network access is not yet established.
  • SSH Access: Once the management port is configured and accessible on the network, users can securely connect to the Photon 160 via SSH. This provides remote command-line access for configuration and management tasks. The device comes with default credentials (username: aella, password: changeme) and a default management IP address (192.168.1.100/24) and gateway (192.168.1.1.

• Management Configuration: The device allows for comprehensive configuration of its network parameters and integration with the Stellar Cyber platform:

  • Hostname Assignment: Users can set a unique hostname for each Photon 160 sensor, which is displayed within the Stellar Cyber GUI for easy identification.
  • IP Network Parameters: The management interface can be configured to obtain an IP address via DHCP or manually assigned with a static IP address, netmask, gateway, and DNS server.
  • Proxy HTTP Server: If the network environment requires it, a proxy HTTP server can be configured for the Photon 160 to communicate with the Data Processor.
  • Tenant Assignment: Sensors can be assigned to specific tenants within the Stellar Cyber platform, allowing for multi-tenancy and logical separation of data. If not explicitly assigned, the sensor defaults to the Root Tenant.
  • Data Processor Management Interface (CM) Specification: Users must specify the IP address or hostname of the Data Processor's management interface. In a cluster environment, this would be the DL-master's management IP. This ensures the Photon 160 knows where to send its collected data.

• Integration with Stellar Cyber GUI: After initial configuration, the Photon 160 needs to be authorized within the Stellar Cyber GUI. This involves logging into the GUI (using Chrome or Firefox, with default username admin and password changeme), navigating to System | Collection | Sensors, and authorizing the newly connected sensor. This step completes the integration and allows the Photon 160 to begin sending data to the Data Processor for analysis.

Maintenance Features

While the document primarily focuses on installation and initial setup, some aspects touch upon maintenance:

• Password Management: Upon initial login via console or SSH, users are immediately prompted to change the default password. This is a critical security measure for maintaining the integrity of the device.
• System Restart: The restart system command is available to apply configuration changes, indicating a mechanism for refreshing the device's operational state after modifications. This is a standard maintenance procedure to ensure new settings take effect.
• Configuration Confirmation: Commands like show interface, show gateway, and show dns allow administrators to confirm their network configuration changes, aiding in troubleshooting and verifying correct setup.
• Troubleshooting Access: The multiple access methods (HDMI/USB, serial console, SSH) provide redundant ways to access the device, which is beneficial for troubleshooting network connectivity issues or other problems that might prevent remote access. If network access is lost, local access via HDMI/USB or serial console remains an option.

In summary, the Stellar Cyber Photon 160 is a purpose-built sensor designed for robust data collection in a security monitoring context. Its features emphasize ease of deployment, flexible network integration, secure access, and clear configuration steps to ensure it effectively contributes to the overall Stellar Cyber security solution.