Clear data stored on Cisco Cyber Vision to optimize the Center's performances. You can clear data partially or completely, as follows:

• All data

• Components selection and associated data (refer to Purge Components)

• Activities, Flows and Variables

• Flows and Aariables

• Variables

To clear data, choose Admin > Data Management > Clear Data from the main menu.

Clear data very carefully. Clearing any data can impact monitoring of the network. Please read the implications about all data clearance below.

Data Clearance

Use Clear All data as a last resort, in case of database overload issues. This action results in the deletion of the entire database content. Network data such as components, flows, events, and baselines are deleted from Cisco Cyber Vision and the GUI becomes empty. All configurations are saved. Existing users and user data configurations (such as capture modes, event severity setup, syslog configuration) persist.

To configure the Expiration Settings, choose Admin > Data Management > Expiration Settings from the main menu.

On this page, you can manage the duration for which data and reports remain available. Select expiration times for reports and their versions. Use the drop-down menu to choose expiration periods of 3 months, 6 months, 1 year, 2 years, or 3 years. You can also set the maximum number of report versions from 1 to 100.

Note	Selecting a high value may rapidly fill up storage and adversely affect system performance. The recommended value is 10 versions.

The Ingestion Configuration page allows you to configure flow and variable traffic storage. You can choose whether to store flows and variables. Flows and variables storage is disabled by default.

To access the Ingestion Configuration, choose Admin > Data Management > Ingestion Configurationfrom the main menu.

Messages can appear in Cisco Cyber Vision's user interface to indicate to the user that features may be limited due to absence of flows in the database. For example, in the activity technical sheet, at the top of the flows table:

In this case, you can click Go to flow storage settings and enable Flow Storage.

If Flow Storage is enabled, it is possible to choose from which subnetworks flows should be stored. These subnetworks can be set on the Network organization page. The option "others" includes flows that are not part of the industrial private network.

An automatic purge will occur on selected flows when a period of inactivity exceeds 7 days.

You can click the Flows Aggregation and port scan detection toggle buttons to enable them.

You can create, edit and delete users through the Users management page. To access the Users management page, choose Admin > Users > Management from the main menu.

During their creation each user must be assigned with one of the following user roles (from full rights to read-only) or with a custom role (refer to Role Management).

• Admin

  The Admin user has full rights on the platform. Users who have this role assigned oversee all sensitive actions like user rights management, system updates, syslog configuration, reset and capture modes configuration on sensors.

• Product

  The product user has access to several features of the system administration page (i.e. the system, sensors and events administration pages). This access level is for users who manage sensors from a remote location. In addition, they can manage the severity of events and, if enabled by the Admin user, can manage their export to syslog.

• Operator

  This access level is for users who use the Monitor mode and manage groups but do not have to work with the platform administration. Thus, the Operator user has access to all pages, except the system administration page.

• Auditor

  This access level provides read-only access to the Explore, Reports, Events and Search pages. Auditors can use sorting features (such as search bars and filters) that do not require persistent changes to the data (unlike Autolayout), and generate reports.

You can create as many users as needed with any user rights. Thus, several administrators can use and administrate the whole platform. To access the CREATE A NEW USER window, choose Admin > Users > Management from the main menu. Click Add a new user, and the window appears.

However, each user must have their own account. That is:

• Accounts must be nominative.

• One email address for several accounts is not allowed (note that email will be requested for login access).

  Passwords must contain at least 6 characters and comply with the rules below. Passwords:

  • Must contain a lower case character: a-z.

  • Must contain an upper case character: A-Z.

  • Must contain a numeric character: 0-9.

  • Cannot contain the user id.

  • Must contain a special character: ~!"#$%&’()*+,-./:;<=>?@[]^_{|}.

    Important

    Passwords should be changed regularly to ensure the platform and the industrial network security.

Passwords' lifetime is defined in the Security settings page.

You can create custom user roles in the Role Management page.

You can map Cisco Cyber Vision user roles with an external directory's user groups in the LDAP settings page.

In addition to the four Cisco Cyber Vision default roles (i.e. Admin, Auditor, Operator and Product), customized roles can be created and modified from the Role management page. To access the Role management page, choose Admin > Users > Role Management from the main menu.

These roles will help you defining specific privileges and accesses for each group of users.

Default roles cannot be edited or deleted.

You can map Cisco Cyber Vision custom roles with an external directory's user groups in the LDAP settings page.

From the Users security settings page, you can configure the security settings of users' password, such as its lifetime, the number of authorized login attempts, and the number of days before a password can be reused, etc.

To access Users security settings, from the main menu, choose Admin > Users > Security settings.