Getting Started with OC Admin
This page describes some basic information about setting up the OC Admin, as well as the procedure for first-time logins.
Installation Procedure
The OC Admin installation procedure is available in the Initialize OC Admin topic.
Role-Based Access Control (RBAC)
After the installation is complete, an "ocAdmin" account is created with Administrative access (member of the Admin role). Only users with a privileged role (such as the Admin role) can create/update/delete other users and roles.
It is a good practice to create at least one more user account, and assign it to the User role. This second account should be used for day-to-day operations, with the Admin account only used for creating accounts and assigning privileges as necessary.
See the Role-Based Access Control (RBAC) section in the OC Admin Role Management and SIEM Administration topic for instructions.
Known Issues and Limitations
Please refer to the Release Notes of the version you downloaded/installed for any known issues and limitations.
First Login
When logging for the first time, the user is prompted to connect OC Admin to the SIEM database (EMDB), as it's necessary to interface with the SIEM log sources, license, and configuration. Once this connection has been made, the user must deploy the OC Admin database components (Stored Procedures and Views) in the SIEM database.
To manually perform this process, after logging in:
- Click on the Admin shield icon, and then click Manage MS SQL Connection.
- Enter the PM or XM appliance address.
- Enter the port and credentials to access the MS SQL server.
- Click the Save button.
- Click on the Admin shield icon again, and then click Update Database.
- Enter the privileged SQL credentials (these are only used for this operation and are not saved anywhere in the OC Admin).
Click the Connect to and Update Database clock icon.
A successful update takes several seconds to finish.
- Ensure that the update was successful by reviewing the information in the Database Version Details screen:
- Each item must have the green circled Success icon next to it.
- Click the Reload Database Version Detail button on the side of the window to recheck the status and version of each item, if necessary.
Workflow
Initially, no Open Collectors or Pipelines exist in the OC Admin, and need to be added manually.
Create an Open Collector Host
For more information on creating an Open Collector host, refer to the OC Admin Open Collectors topic of the OC Admin User Guide.
If required for your Pipeline collection, deploy an additional Shipper to the Open Collector.
Create a Pipeline
To create a pipeline in the OC Admin, refer to the OC Admin Pipelines topic of the OC Admin User Guide.
- Add the pipeline's Collection Configuration.
- Edit the Field Mapping as necessary.
Deploy the Pipeline to one or more Open Collectors.
This may or may not include the pipeline used for the Tail.