Content Comparison

...

Info
Ensure both OVA files are available before beginning the installation process.

...

Ensure you have created two static IP address records and two DNS names for both the Services and PostgreSQL servers.

Import and Configure the GYTPOL PostgreSQL OVA

...

GYTPOL_URL:
- Enter the DNS name of the GYTPOL server. Make sure it’s FQDN.
- Example: gytpol-app.yourdomain.com
MASTER_PASSWORD:
- Provide the PostgresDB Master Password created in Password Configuration During Setup section.
- This is the administrative password for the database.
POSTGRES_HOST:
- Enter the IP address of the PostgreSQL VM.
- Example: 192.168.1.100
GYTPOL_ADMIN_USER_EMAIL (default):
- Enter the email address for the first administrator user in the system.
- Example: admin@yourdomain.com
USER_MANAGEMENT_ADMIN_PASSWORD:
- Set a password for accessing the User Management Console. (separate screen for Admin access)
- Choose a secure and memorable password. This is a new password.

...

The setup will request you to create an Initial User Password for the first user account in the system.

This is a new password for the first local user created in the GYTPOL_ADMIN_USER_EMAIL step (#4).

...

Wait for the installation to complete. Once finished, you should see the message: “Finished - Creating buckets” and return to the ubuntu@gytpol-services:~$ prompt.

At this point:

The Access Key ID, Secret Access Key and API key will be displayed. Make sure to copy and save them, as they will be required in the next step.
1. The Secret Access Key will be 16-32 characters long. Ensure you copy it correctly, as the SSH/console may sometimes split the string into two lines.
If the API key is needed for future use (reporting, BI etc.), copy and store it securely.
Run the following command to retrieve the License ID, which will also be used in the next step: sudo gyt get-license-id

...

Send the following details to license@gytpol.com:
- License ID (5 characters)
- Access Key ID
- Secret Access Key
- API Key
- GYTPOL Services Server FQDN and IP address
  - FQDN for Windows sensors and IP for Linux/macOS sensors
The GYTPOL team will respond with the license key and sensor installation files.

...

Access the server using PuTTY or any other SSH client, connecting over port 12222.
Retrieve the S3 keys by running: sudo gyt get-s3-keys
Retrieve the License ID by running: sudo gyt get-license-id
Retrieve the API Key by running: sudo gyt get-api-key

Copying Sensor Installation Files/Packages to the Services OVA

The sensor files are provided in a ZIP format. Before copying the files, ensure you extract the sensor files into a folder.

...

Copy All Sensor Installation Files:
- Use WinSCP or the scp command (as described earlier) to transfer all sensor installation files you receive to the services OVA.
Log in to the Services OVA:
- Open the VMware console or use SSH to access the GYTPOL services server.
- Use the credentials you configured during the setup.
Run the Command for Each Sensor Installation File: sudo gyt copy-client <OS> <VERSION> <FILENAME>, for example:

Code Block

language	bash

sudo gyt copy-client linux 2.4.9.18 gytpol-client_2.4.9.18-18_amd64.deb #for Debian
sudo gyt copy-client mac 2.4.9.18 gytpol-client_2.4.9.18-18_amd64.pkg #for macOS
sudo gyt copy-client windows 2.36.3.0 gytpolClient_x64.msi #for 64-bit Windows
sudo gyt copy-client windows 2.36.3.0 gytpolClient_x86.msi #for 32-bit Windows

...

Replace <LICENSE-FILENAME.txt> with the full path or name of the license file.

...

Adding SSL Certificate to GYTPOL

By default, GYTPOL will run on http if no certificate is added. https with self-signed certificate.

...

To enable HTTPSadd a personal certificate, you will need to provide SSL certificate files (.crt and .key) for the DNS domain name associated with your GYTPOL server.

...

Replace:
- /path/to/your/cert.crt: Path to the .crt file on your local machine.
- /path/to/your/key.key: Path to the .key file on your local machine.
- <services-OVA-IP>: The IP address of the services VM.

Adding SSL Certificate to Enable HTTPS

To enable HTTPS for GYTPOL, you can add the SSL certificate directly to the services OVA by following these steps:

...

Replace the self-signed certificate with a personal SSL certificate

SSH into the Services OVA:
- Use an SSH client (e.g., terminal, PuTTY) to connect to the services OVA over port 12222.
  - Example:ssh -p 12222 ubuntu@<services-OVA-IP> (replace <services-OVA-IP> with the IP address of the services OVA).
Run the Command to Add SSL Certificate:
- Once logged in, use the sudo gyt add-ssl-certificate <CRT FILENAME> <KEY FILENAME> command to apply the certificate.

...

Open a web browser and navigate to https://<gytpol-services-dns>:9093/admin
Replace <gytpol-services-dns> with the DNS name of your GYTPOL services.
Log In:
- Use the following credentials:
  - Username: admin
  - Password: The password configured as USER_MANAGEMENT_ADMIN_PASSWORD during installation (#5 in this step).
After logging in, select Users from the left-hand navigation pane.
Click on Add User button
Select “Email Verified” and ensure that both the username and email fields are filled with valid email addresses.
After creating the user, navigate to “Role Mapping” and click on “Assign Role”.
1. Assign “gytpol”:
Navigate to “Credentials” and click on “Set Password”:
Enter the password and choose whether the user should be required to change it upon their first login by setting it as Temporary or not.

...

This setup will enable you to log in using Active Directory (AD) users from your domain, utilizing their email userPrincipalName and domain password.Before connecting GYTPOL to Active Directory, ensure that all users have a valid email configured.

Next, create a new user in your Active Directory:

The user should be a regular domain user Domain User without any administrative rights.
The user must be a member of the "Performance Log Users" group (this user will be used for the AD and GPO screens).

Ensure the user is configured correctly before proceeding with the AD connection.

...

Set the Edit Mode to READ_ONLY.
Enter the Users DN for the OU containing GYTPOL's allowed users.
For Username LDAP Attribute, enter sAMAccountName UserPrincipalName.
Image RemovedImage Added

Click “Save” once done.
Select the provider name that was created
Image Added
Select “Mappers”
Image Added
Select the “email” mapper
Image Added
Change the “LDAP Attribute” to userPrincipalName and”Save”
Image Added

Change session timeouts

Open the User Management Console:
- Open a web browser and navigate to https://<gytpol-services-dns>:9093/admin
  Replace <gytpol-services-dns> with the DNS name of your GYTPOL services.
Log In:
- Use the following credentials:
  - Username: admin
  - Password: The password configured as USER_MANAGEMENT_ADMIN_PASSWORD during installation.
After logging in, navigate to Realm settings from the left-hand navigation pane and click on Sessions.
Change the settings you would like to change and click the Save button

...

Open the User Management Console:
- Open a web browser and navigate to https://<gytpol-services-dns>:9093/admin
  Replace <gytpol-services-dns> with the DNS name of your GYTPOL services.
Log In:
- Use the following credentials:
  - Username: admin
  - Password: The password configured as USER_MANAGEMENT_ADMIN_PASSWORD during installation.
After logging in, navigate to Identity providers
Select SAML v2.0

...

Enter an Alias and then copy the Redirect URI and Service provider entity ID (copy must be done after entering the alias)

...

Select SAML 2.0
Enter the Single sign-on URL (the Redirect URI from step 5) and the Audience URI (service provider entity ID from step 5).
1. in Name ID format select EmailAddress
2. in Application username select Email
continue Continue with the rest of the application setup
copy Copy the Metadata URL
Assign the application to the users you want