Security Tools

The security tools script allows you to manage security settings.

The security tools script is located in the /opt/cybereason/support_tools folder and is called consul_rules.py. The following table describes the available security tools:

Task	Description	How to execute
Manage consul access	Block access to Consul from all IP addresses except Cybereason Server IPs. This tool does not apply to Cybereason application components.	Block: python3 /opt/cybereason/support_tools/consul_rules.py -p <xxx.xxx> Unblock: python3 /opt/cybereason/support_tools/consul_rules.py -p <xxx.xxx> -u Where xxx.xxx represents the first two octets in the IP address of the Cybereason Servers. Note: If the Cybereason Servers are deployed on different networks, run the script once for each Network Address.
Manage TLS	Enable/disable secure communication between sensor and server (TLS version 1.2 and higher).	Enable: /usr/local/bin/ansible-playbook /opt/cybereason/support_tools/pb_control_disabled_tls_versions.yml -e "action=enable" Disable: /usr/local/bin/ansible-playbook /opt/cybereason/support_tools/pb_control_disabled_tls_versions.yml -e "action=disable"
Manage Management UI access	Allow/prevent access to the On-Prem Management Server UI via browser. From 21.2.525 and higher - see Management UI Hardening Script.	Block: python3 /opt/cybereason/support_tools/mgmt_ui_hardening.py Unblock: python3 /opt/cybereason/support_tools/mgmt_ui_hardening.py -u