Guide to the First Use

Configure as Monitor 20 January 2021

Welcome to the "Guide to the First Use"! We assume you already have installed the Pluribus One WAS® and performed the Initial Configuration adding a desired Data Source. In case you did not configure a Data Source yet, please refer to this guide: How to Configure a Data Source .

Assuming the installation and configuration has been done and everything went fine then you are officially close to be able to use Pluribus One WAS® to monitor your infrastructure... there is only one missing step: what is Pluribus One WAS® supposed to monitor for you? In order for the Pluribus One WAS® to collect and analyze the traffic you first need to provide it with a domain name (i.e., a web service) to monitor.

If you as a user access in this moment the Pluribus One WAS® Graphical User Interface (GUI), you will find the dashboard view and the other pages, to be honest, quiet empty and free of any piece of information: no alerts, traffic data, etc.. That is exactly because no domain has been provided yet.

The rest of this article will guide you through all the steps required to add the first domain and actually have the Pluribus One WAS® start working for you! There are two ways to add a domain, both will be explained in the following sections. The options are:

Adding a domain using the Graphical User Interface (GUI), (a.k.a. The New Way).
Adding a domain using the Command Line Interface (CLI), (a.k.a. The Old Way, The Hardcore Way).

Adding a New Domain by using the GUI

This section of the guide will help you manage (i.e., add and remove) domains by using Pluribus One WAS® GUI.

Step 1 Go to the Protection view

By using the menu on the left side on the screen, please select Applications then Protection.

Step 2 Explore the Server Inspection View

In the current view on your screen you should be able to see several tabs on top. Please select the tab labelled as Server Inspection. The screen should change and show a new view organized with two "columns":

On the left column, called Monitored Domains, the Pluribus One WAS® GUI shows a list of all the currently monitored domains. At this point this list is currently empty because you have yet to add a domain.

On the right column, called All Domains, the Pluribus One WAS® GUI shows a list of all domains served by the configured Data Source and which Pluribus One WAS® is seeing on the traffic. A domain is not shown in this list unless there is some traffic flowing toward the domain it is serving.

Step 3 Selecting a Domain and Adding it to the Monitored Domains

Please inspect the list of the domains shown on the right column, All Domains, select one you want to add to the monitored list and press the "+" shaped button next to the selected domain's name. You will be asked to confirm or cancel the operation and, in case you confirm, the domain name will be now added in the left column of the view called Monitored Domains.

Step 4 [Optional] Add More Domains to the list

If you need to add more domains to the list of the Monitored Domains you just have to repeat the procedure described at the Step 3 until you are happy with the result. Note: Step 5 will explain you how to remove a domain from the list.

Step 5 [Optional] Remove a Domain from the list.

Removing a domain from the list of the Monitored Domains it is extremely easy. You just have to find a domain and click the trash bin icon next to it. The domain will disapear from the list.

Adding a New Domain by using the CLI

This section of the guide will help you manage (i.e., add and remove) domains by using Pluribus One WAS® CLI, a utility used from the command line.

Note: for a complete description of the shell command domains please refer to this article: Command - Domains .

Step 1 Access the Shell

Access the device or host machine where the Pluribus One WAS® has been installed and is currently hosted. In this host machine open a command shell. You will need administrative privileges.

Step 2 Activate Pluribus One WAS® Shell

In the newly opened command shell type the following command while having administrative privileges:

attackprophecy-shell

This command will start the Pluribus One WAS® CLI.

Step 3 Explore the List of Domains

Now that you have started the the Pluribus One WAS® CLI you can inspect the current list of domains. In order to view the list of domains please type the following command and press enter:

domains

Once the command has been typed you will be shown a table that includes a column labelled Domain Name and another labelled Monitored. The column Domain Name lists all the domains which are currently managed by the Data Source and are also visible in the traffic. In each row of the table, under the column Monitored you will find written "No" because in the current state of the software no domain name has been selected yet. This guide is actually guiding you exactly for the purpose of changing this situation.

Step 4 Selecting a Domain and Adding it to the Monitored Domains

In order to start monitoring a single domain you will have to use again the command domains but with an additional argument --add-monitored followed by the name of the domain you want to add. An example would explain the concept better.

EXAMPLE:

Let us assume you are interested in monitoring a domain called test1.domain.com and you want to add to add it to the list of the monitored domains. You will have to type the following command:

domains --add-monitored test1-domain.com

If you perform the actions described in Step 3 you will see the domain now with a "Yes" label under the column Monitored. This indicate that the action has been successfully performed.

Step 5 [Optional] Add More Domains to the list

If you need to add more domains to the list of the monitored domains you just have to repeat the procedure described at the Step 4 until you are happy with the result or you can use a shortcut by providing more than one domain name at the name.