Skip to content

Orchestrate Platform

Introduction to Orchestrate


The Orchestrate platform is part of the Crystal Eye XDR ecosystem allowing Red Piranha Partners to monitor real time CE XDR metrics of multiple deployments of their clients from a centralized platform.

The Orchestrate dashboard unifies security operations ensuring a centralized approach while dealing with organizational threats. This is made possible with the orchestrate platform’s ability to collect data from multiple Crystal Eye XDRs deployed across the organization. The data collected from these deployments are visualized in dynamic Orchestrate dashboards providing security analysts and risk advisors greater network visibility and an opportunity to decrease the mean time to respond to threats.

The Orchestrate platform also facilitates security automation providing the required leverage to SOC teams and teams acting at a risk advisory level to detect, respond and treat organizational threats through a centralized platform.


Go to https://store.redpiranha.net/ and log in using your Orchestrate dashboard credentials.

crystal-eye-orchestrate-navigation

Important Concepts—Partner Orchestrate Account


The partner orchestrate account can be used to monitor and manage multiple client CE XDRs.

The following are some CE XDR related functions that can be performed with the help of the Partner orchestrate Account:

Monitor multiple CE XDR deployments of Your Clients through Dynamic Dashboards


  • Know total Number of CE XDR Deployments
  • Know total Number of active Licenses of the CE XDR Deployment
  • Know the Number of expired Licenses of the CE XDR Deployment
  • Know total Number of CE XDR Licenses due to expire in 30 days
  • Know total Number of Application Issues in all CE XDR deployments
  • Know total Number of Offline Devices
  • Detect SIEM Disconnections Across all CE XDR deployments

Monitor a Single CE XDR Deployment of your Client through Dynamic Dashboards


  • Know the hostname of the CE XDR deployment
  • Know the Host key of the CE XDR deployment
  • Know the software version of the CE XDR deployment
  • Know the SIEM Level of the CE XDR Deployment
  • Know the License Expiry Date of the CE XDR Deployment
  • Know the Application Status of the CE XDR Deployment
  • Know the System Status of the CE XDR Deployment (RAM Usage & CPU Usage)

View the Reports Repository of your client triggered from the CE XDR deployment


  • View the PCAP Analysis Report triggered from a CE XDR Deployment
  • View the Vulnerability Scan Report
  • View Scheduled Date & Time of the PCAP Analysis
  • View Scheduled Date & Time of the Vulnerability Scan
  • View the Reports Triggered from the CE XDR
  • Accessing the CE XDR User Interface of your Client from the Orchestrate Dashboard

Order Integrated CE XDR services for Clients


Partner’s Orchestrate accounts can also be used to order integrated CE XDR services for their clients. These integrated CE XDR services include:

  • Backup: Backup escalations are done to ensure backup of network and forensic files

  • Digital Forensics: Order Digital Forensic escalations are done in an event of security breach

  • eCISO: Electronic CISO services can be ordered by the partners on behalf of their clients. The eCISO services helps organizations improve their security posture (CE XDR deployment is required for eCISO services)

  • Incident Response: This capability allows clients to respond to incidents in a structured manner in an event of a security breach.

  • Threat Hunting & PCAP Services: This escalation is done by through the partners account to opt order threat hunting and packet capture / analysis services for a client.

  • Vulnerability Scanning: Partner accounts have the capability to Initiate integrated vulnerability scans to understand the client’s security posture and exposure. (CE XDR deployment is required for Vulnerability Scanning Services)

Order CE XDR Products for Clients


Partner’s Orchestrate accounts can also be used to order CE XDR Products for their clients. These CE XDR products include:

  • Crystal Eye 360 Bundles: The partner’s orchestrate account offers the capability to order 360 bundles with Crystal Eye appliances, support and eCISO.
  • Crystal Eye XDR Cloud: The partners orchestrate can be used to order the Crystal Eye XDR cloud offering for the client.

Refer & Earn


The Refer & Earn module in the Partner Orchestrate Account allows Red Piranha partners to send invites to potential clients to create an Orchestrate account. The My Commission Module states the commissions earned on the sale of CE XDR products and services.

Important Concepts—Self Managed Orchestrate Account


Self-managed Orchestrate accounts allows its users to perform and monitor a list of Crystal Eye XDR related functions. This account type allows multiple CE XDR deployments to be monitored from a single platform. It also allows to view the report repository of all these CE XDR deployments, purchase CE XDR integrated services and standalone services.

Monitor your CE XDR Deployment through Dynamic Dashboards


  • View all deployments in a tabular format (Know the Location, Model Number, Hostname, SIEM License Expiry, Alerts, Current Schedules)
  • Archive a CE XDR Deployment
  • Purchase a CE XDR integrated service aligned to a particular CE XDR deployment
  • Search for a CE XDR Deployment
  • Know the hostname of the CE XDR deployment
  • Know the Host key of the CE XDR deployment
  • Know the software version of the CE XDR deployment
  • Know the SIEM Level of the CE XDR Deployment
  • Know the License Expiry Date of the CE XDR Deployment
  • Know the Application Status of the CE XDR Deployment
  • Know the System Status of the CE XDR Deployment (RAM Usage & CPU Usage)

Report Repository


  • View the PCAP Analysis Report triggered from a CE XDR Deployment
  • View the Vulnerability Scan Report
  • View Scheduled Date & Time of the PCAP Analysis
  • View Scheduled Date & Time of the Vulnerability Scan

Purchase CE XDR Integrated Services such as


Backup, Digital Forensics, ECISO Incident Response, Threat Hunting & PCAP Services, and Vulnerability Scanning

Purchase standalone services such as


Consulting services: Book security consulting services with our team of security professionals

Digital Forensics: Order Digital Forensic services if you’ve experienced a security breach

Incident Response: Order Incident Response capability if you’ve experienced a security breach

Network Engineering Services: Order Network Engineering services to assist with deployments

Security Training: Keep staff up-to-date on the latest security threats and company policies

vCISO: Order the virtual CISO service to help develop your security program

VPN: Order a stand-alone secure Virtual Private Network

Vulnerability Assessment & Penetration Testing: Order VAPT services to understand your security posture and exposure

Important Concepts—Partner Orchestrate Account Vs Self-Managed Orchestrate Account


The following table will help in distinguishing MSP/MSSP Orchestrate account from an end-client Orchestrate account:

Orchestrate Features Red Piranha Partner Orchestrate Account End-client Orchestrate Account
Monitor multiple CE XDR deployments of the end-clients Yes No
Monitor self-owned CE XDR deployments Yes Yes
Add staff members and external team members Yes Yes
Monitor Active & expired licenses of end-clients CE XDR deployments Yes No
Monitor Active & expired licenses of self-owned CE XDR deployments Yes Yes
Assign roles to staff members and external team members Yes Yes
Order Crystal Eye XDR product Yes Yes
Order CE XDR integrated services Yes Yes
Order Stand-alone services Yes Yes
Order Managed services Yes Yes
View Agreements Yes Yes
Online referral & earn system Yes No
Shipment Tracking System Yes Yes
Training Portal Yes Yes

Orchestrate Account Security Management—Security Goals


Red Piranha’s Orchestrate platform offers the ability to assign roles-based access control for your staff member and external team members. Access can be granted to specific modules of the orchestrate account based on roles such as billing authority, technical manager, security manager and training.

Note

If you are an MSSP you will have the ability to assign your staff member to access an end-client’s account. Such a scenario would require the end-client to allow access.

3 Security goals achieved through Orchestrate platform’s in-built security model:

  • Level of access provided to users based on organizational structure and policies
  • Data sharing for organizational collaboration keeping in mind team boundaries
  • Data partitioned to the extent that it prevents users from accessing data that they are not meant to access.

Orchestrate Account Security Management—Multifactor Authentication


The Orchestrate dashboard has an in-built multi-factor authentication mechanism that can be enforced as a second layer of security during account log in.

Two-factor authentication is the best way to keep your account secure. It is optional but highly recommended security feature that adds an extra layer of penetration to your Red Piranha Orchestrate account.

Once enabled, you will be required to enter a six-digit security code in addition to your password whenever you sign in to the Orchestrate account.

How to activate multi-factor authentication for your Orchestrate dashboard account?

Step 1: Click your account email address on the top right corner of your Orchestrate dashboard page. You will see a dropdown pop-up. Click 2-factor authentication.

crystal-eye-orchestrate-two-factor-authentication1

Step 2: You will now be prompted to choose the authentication method. Select Google Authenticator from the dropdown and click the Update button. crystal-eye-orchestrate-two-factor-authentication3

Step 3: Install the Google Authenticator App

Go to your mobile device app store and install the Google Authenticator app on your mobile device.

Step 4: Add your Red Piranha Orchestrate account to Google Authenticator

Open Google Authenticator and add your Red Piranha Orchestrate Account by scanning the QR code or by entering the setup key.

Note

To prevent unauthorized access to your account, we recommend that you do not open the QR code or the setup key in view of other people.

Step 5: Verify that your Red Piranha Client Dashboard Account is properly configured

After adding your Red Piranha Client Dashboard Account to Google Authenticator, provide the 6-digit code generated by the Google Authenticator app to verify that your authentication is working properly.

crystal-eye-orchestrate-two-factor-authentication2

Orchestrate Account Security Management—IP Address Verification


This authentication feature is optional but highly recommended. It adds an extra layer of protection to your Red Piranha Orchestrate dashboard account.

Note

Before enabling, make sure you have setup the device for your Two-Factor Authentication. In case you need to login from unverified IP Address, you may still be able login securely using the Two-Factor Authentication method.

Once enabled, you will be required to login from the approved IP addresses. You may approve an IP address upon login by following the approval link sent to your email address or manually add IP address by clicking the Add IP Address button below.

How to manually add an approved IP address that can access the Orchestrate dashboard?

Step 1: Click your account email address on the top right corner of your Orchestrate dashboard page. You will see a dropdown pop-up. Click IP Address Verification.
crystal-eye-orchestrate-ip-address-verification1

Step 2: You will now see the IP Verification page. Click the Add IP Address button. crystal-eye-orchestrate-ip-address-verification2

Step 3: You will now see the IP Address pop-up. Enter the IP address. crystal-eye-orchestrate-ip-address-verification3

Note

Before enabling, make sure you have setup the device for your Two-Factor Authentication. In case you need to login from unverified IP Address, you may still be able login securely using the Two-Factor Authentication method.

Account Security Management—Change Password and View Activity Logs


Users can change their passwords and view their activity logs. The activity logs show date & time stamp and the associated device IP address which was used while logging into the Orchestrate dashboard.

Note

Click the email address on the top right corner of the page. You will then see a pop-up dropdown with the Change Password & Activity Logs option.

ACL Management in Orchestrate


Red Piranha’s Orchestrate platform offers the ability to assign role-based access control for staff members and external team members. Access can be granted to specific modules of the orchestrate based on roles such as billing authority, technical manager, security manager and training.

The Orchestrate platform has a robust ACL management module built into its user interface which allows MSSPs it’s clients to collaborate and provide cross accounts permissions.

ACL Management in Orchestrate explained with respect to various collaboration stages between a Red Piranha Partner & its client:

crystal-eye-orchestrate-acl-management10

Stage 1: In a general use case portraying Red Piranha Partner & Client collaboration, a Red Piranha partner invites an end-client to create an Orchestrate account.

Stage 2: The client creates the Orchestrate account and logs in after which the desired access permissions is provided to the Red Piranha Partner. Completion of this process also ensures that the end-client account is linked to the RP Partner managed account.

Stage 3: Later, the RP Partner assigns role-based access control for its staff members so that they have access to the designated modules of the End-client’s Orchestrate account.

Let’s understand the 3 stages of Red Piranha Partner & Client collaboration in the Orchestrate with the help of the use case below:

The Red Piranha Partner invites its client to create an Orchestrate account.

The End-client in turn provides access to the following Orchestrate modules:

  1. Billing Authority (Orders, Services, Tracking System, Cart)
  2. Technical Manager (Agreements, Training, Your Staff)
  3. Security Manager (Devices, Application Status, System Status, Schedules, Reports, Incident Report)

The Red Piranha Partner provides its staff access to the selective modules of the end-clients Orchestrate account based on their roles.

Let’s configure the Red Piranha partner managed Orchestrate account and a self-managed client Orchestrate account to reflect the above use case.

The Red Piranha Partner uses the Orchestrate platform to invite an end-Client to create an Orchestrate Account

Step 1: Go to My Clients > Overview crystal-eye-orchestrate-acl-management1

Step 2: You will now see the My Clients Overview page. Click the Add Client button. crystal-eye-orchestrate-acl-management2

Step 3: You will now see the Add Client pop-up. Enter the Client Name, Client Email Address and click the Add Client button. In this case we have added the client’s name as Angela Enterprise and the email address as [email protected] crystal-eye-orchestrate-acl-management3

Note

Once the end-client is added as a client in the Red Piranha partner’s account an invite email is sent to the end-client to create an orchestrate account. Refer the screenshot below to see the contents of the automated emails. crystal-eye-orchestrate-acl-management4

The End-client Allows Full Access or Partial Access to the Red Piranha Partner to various Orchestrate modules (the following steps are to be done in the end-client’s Orchestrate account)

Step 4: Post end-client account creation and log in, go to My Settings > ACL Management. crystal-eye-orchestrate-acl-management5

Step 5: You will now see the Client to Partner ACL interface.

Select the following and click the Update Access button.

  1. Billing Authority (Orders, Services, Tracking System, Cart)
  2. Technical Manager (Agreements, Training, Your Staff)
  3. Security Manager (Devices, Application Status, System Status, Schedules, Reports, Incident Report) crystal-eye-orchestrate-acl-management6

Note

In our scenario we have given full access to the Red Piranha Partner by allowing access to all three categories namely, Billing Authority, Technical Manager and Security Manager. Partial access to these sections can also be given as desired.

Role-based Access Control assigned by the Red Piranha Partner for its staff (the following steps will be pursued in the partner managed Orchestrate account)

Step 6: Go to My Settings > My Staff crystal-eye-orchestrate-acl-management7

Step 7: You will see the Your Staff page. Click the Update Roles to Clients button next to the staff member for which role-based access control needs to be assigned. crystal-eye-orchestrate-acl-management8

Note

In our scenario we will pick a staff member ‘Shiya Thomas’ and assign her the role of a Security Manager. She will have access to Devices, Application Status, System Status, Schedules, Reports, and Incident Report.

Important

You may add an existing staff or a new staff member by just clicking the Add Staff button.

Step 8: You will now see the role-based access control pop-up of the staff member. In our case we have pulled up the details of the staff member ‘Shiya Thomas’. In the screenshot below the MSSP staff Shiya Thomas is given access to monitor Devices, Application Status, System Status, Schedules, Reports, and Incident Report. crystal-eye-orchestrate-acl-management9

My Licences


This section shows the list of Active and Expired licenses of CE XDR Deployments. The screenshot below shows the list of Active CE XDR deployment licenses. crystal-eye-orchestrate-acl-management11

My CE XDR Deployments


This module is designed to help Red Piranha Partners and end-clients to monitor self-owned CE XDR deployments through dynamic dashboards. These dynamic dashboards also provide access to the reports repository which displays the reports and their schedules triggered from the Crystal Eye XDR.

The following reports scheduled from the CE XDR can be viewed in the My CE XDR Deployments section.

  1. PCAP SNAP Report (Know more about the PCAP SNAP application in the CE XDR which is used the schedule the PCAP SNAP report)
  2. Vulnerability Scanning Report (Know more about the Vulnerability Scanning application in the CE XDR which is used the schedule the Vulnerability Scan. A report is generated post scan and is auto posted in the Orchestrate)
  3. CE XDR Executive Report.

Monitor your CE XDR Deployment through Dynamic Dashboards

  1. View all deployments in a tabular format (Know the Location, Model Number, Hostname, SIEM License Expiry, Alerts, Current Schedules)

  2. Archive a CE XDR Deployment

  3. Purchase a CE XDR integrated service aligned to a particular CE XDR deployment

  4. Search for a CE XDR Deployment

  5. Know the hostname of the CE XDR deployment

  6. Know the Host key of the CE XDR deployment

  7. Know the software version of the CE XDR deployment

  8. Know the SIEM Level of the CE XDR Deployment

  9. Know the License Expiry Date of the CE XDR Deployment

  10. Know the Application Status of the CE XDR Deployment

  11. Know the System Status of the CE XDR Deployment (RAM Usage & CPU Usage)

Report Repository

  1. View the PCAP Analysis Report triggered from a CE XDR Deployment
  2. View the Vulnerability Scan Report
  3. View Scheduled Date & Time of the PCAP Analysis
  4. View Scheduled Date & Time of the Vulnerability Scan

My Subscriptions


The My Subscription module displays records related to the subscriptions of the products and services purchased in the past.

My Order History


The My Order History module sheds light on the products and services ordered in the past.

Training Module Management


This module is essentially a learning management system built into the core Orchestrate platform. A list of training courses can be opted from the learning hub integrated to the training module of the orchestrate.

The ACL management in Orchestrate allows administrators to offer role-based access to their staff allowing them restricted access to certain modules of the Orchestrate account. This role-based functionality can also be implemented for your staff so that they have access only to the training platform.

How to create accounts of your employees in the Orchestrate and provide access only to the Security Training courses under the training module?

Step 1: Go to My Settings > My Staff crystal-eye-orchestrate-training-module1

Step 2: You will now see the My Staff page. Click the Add Stuff button. crystal-eye-orchestrate-training-module2

Step 3: You will now see the Add Staff pop-up. Enter the First Name, Last Name and the Email Address of the staff member and click the Save button. crystal-eye-orchestrate-training-module3

Note

An email will now be sent to the staff that would prompt them to create an account. Once the account is created the roles of the staff can be assigned to access the security training module.

Step 4: You will now see the email address of the staff in the Your Staff section. Click the Edit Roles button. crystal-eye-orchestrate-training-module4

Note

The Edit Roles button will be greyed out until the staff creates their respective orchestrate account.

Step 5: You will now see the Edit Roles pop-up. Check the tick box under Training (Training Courses) and click the Update Roles. crystal-eye-orchestrate-training-module5

Orchestrate Functions for Red Piranha Partners


A Red Piranha Partner Orchestrate account has a variety of dynamic dashboards that can be used for intense network security monitoring of CE XDR clusters deployed in various client sites. A range of CE XDR products, CE XDR integrated services and standalone services can also be ordered from the Partner managed Orchestrate account.

A. Monitor multiple CE XDR deployments of Clients through the My Clients Overview Dashboard

Multiple client CE XDR deployments can be monitored from the My Clients Overview Dashboard. Some of the parameters that can be monitored are mentioned below.

To go to the My Clients overview Dashboard, go to My Clients > Overview

Know total Number of Client accounts Linked to the Partner Managed account crystal-eye-orchestrate-functions-for-rp-partners1

Know the total number of CE XDR deployments of the client crystal-eye-orchestrate-functions-for-rp-partners2

Know total Number of active Licenses of the CE XDR Deployment crystal-eye-orchestrate-functions-for-rp-partners3

Know the Number of Expired Licenses of the CE XDR Deployment crystal-eye-orchestrate-functions-for-rp-partners4

Know total Number of CE XDR Licenses due to expire in 30 days crystal-eye-orchestrate-functions-for-rp-partners5

Know total Number of Application Issues in all CE XDR deployments crystal-eye-orchestrate-functions-for-rp-partners6

Know total Number of Offline Devices crystal-eye-orchestrate-functions-for-rp-partners7

Detect SIEM Disconnections Across all CE XDR deployments crystal-eye-orchestrate-functions-for-rp-partners8

B. Detailed Monitoring of a CE XDR Deployment of your Client through Dynamic Dashboards

A Red Piranha Partner can manage and monitor the CE XDR deployment of a particular client.

To access the CE XDR deployment dashboard of a client, go to:

Step 1: Left-hand Navigation Menu > My Clients > select the Deployment button next to the desired client
crystal-eye-orchestrate-functions-for-rp-partners9

Step 2: You will see all the CE XDR deployments of the selected client. Click the View button of the client CE XDR deployment that needs to be monitored.
crystal-eye-orchestrate-functions-for-rp-partners10

You will now see a dynamic dashboard of the selected client CE XDR deployment that will help you to monitor the following parameters.

Know the hostname of the client CE XDR deployment crystal-eye-orchestrate-functions-for-rp-partners11

Know the Host key of the client CE XDR deployment crystal-eye-orchestrate-functions-for-rp-partners12

Know the software version of the CE XDR deployment crystal-eye-orchestrate-functions-for-rp-partners13

Know the SIEM Level of the CE XDR Deployment crystal-eye-orchestrate-functions-for-rp-partners14

Know the License Expiry Date of the CE XDR Deployment crystal-eye-orchestrate-functions-for-rp-partners15

Know the Application Status of the CE XDR Deployment crystal-eye-orchestrate-functions-for-rp-partners16

Know the System Status of the CE XDR Deployment (RAM Usage & CPU Usage)

C. Reports Repository of your client triggered from the CE XDR deployment

The reports repository allows Red Piranha Partners to access reports such as PCAP SNAP and Vulnerability Scan Reports that have been triggered from their clients CE XDR deployments.

  • View and download the PCAP Analysis Report triggered from a CE XDR Deployment
  • View and download the Vulnerability Scan Report
  • View Scheduled Date & Time of the PCAP Analysis
  • View Scheduled Date & Time of the Vulnerability Scan
  • View the Reports Triggered from the CE XDR
  • Accessing the CE XDR User Interface of your Client from the Orchestrate Dashboard (Click the manage button as shown in the screenshot below) crystal-eye-orchestrate-functions-for-rp-partners23

D. Ordering CE XDR Integrated Services for your Clients & Linking them to a CE XDR Deployment

A Red Piranha Partner can offer a range of Crystal Eye XDR integrated services to its client. Some of these services are mentioned below:

  • Cloud backups of your client’s network and forensic files
  • Digital Forensic services if your client has experienced a security breach
  • Electronic CISO service to improve your client’s security posture
  • Incident Response capability services if your client has experienced a security breach
  • Threat hunting and packet capture / analysis services
  • Initiate integrated vulnerability scans to understand your client’s security posture and exposure