Getting Started with CyberVault

Follow these steps to deploy security agents, configure monitoring policies, and verify your first threat detection cycle in under 15 minutes.

📋 Prerequisites

✓ Active CyberVault Enterprise Account

✓ Root/Admin access on target hosts

✓ Outbound HTTPS (port 443) to api.cybervault.io

✓ TLS 1.2+ enabled on network endpoints

✓ Compatible OS: Linux (Kernel 5.4+), Windows 10/11, macOS 12+

✓ 512MB RAM & 200MB disk per agent

Access Your Organization Dashboard

Log into your CyberVault account and navigate to the Organization Settings. Generate a unique tenant_id and API key for agent registration.

# 1. Authenticate & retrieve tenant configuration
curl -X POST https://api.cybervault.io/v1/auth/token \
  -H "Content-Type: application/json" \
  -d '{"email":"admin@company.com","token":"your_oauth_token"}'

# Response includes your tenant_id and base_agent_url

Deploy Security Agents

Install the lightweight monitoring agent on your endpoints. The agent auto-configures based on your network topology and begins telemetry collection immediately.

# Linux (Debian/Ubuntu)
wget https://install.cybervault.io/v2/cv-agent.deb
sudo dpkg -i cv-agent.deb

# Initialize with your tenant ID
sudo cv-agent configure --tenant-id "tv_a1b2c3d4e5" --mode "auto-discover"

For Windows or macOS, use the respective MSI or PKG installers available in your dashboard under Deployments › Agent Packages.

Configure Monitoring Policies

Define what events should trigger alerts, quarantine actions, or forensic snapshots. Policies are evaluated locally for sub-millisecond response times.

# Apply a baseline detection policy via CLI
cv-agent policy set \
  --name "baseline-enterprise" \
  --sensitivity "high" \
  --auto-contain true \
  --log-level "info"

Custom policies can also be managed through the SOC Dashboard using our visual policy builder or exported/imported via JSON/YAML.

Verify Threat Detection

Run a safe simulation to confirm your agents are reporting correctly and the detection engine is classifying events as expected.

# Execute built-in test payload (safe, non-destructive)
cv-agent simulate --type "suspicious_process" --env "test"

# Expected output:
> Simulation complete. Event ID: evt_8f7g6h5j
> Status: DETECTED & CONTAINED
> Dashboard sync: SUCCESS

✅ Verification Complete

If you see "Dashboard sync: SUCCESS", your agent is fully operational. Navigate to Dashboard › Live Feed to see real-time telemetry. All agents now report encrypted telemetry every 5 seconds.

❓ Common Setup Questions

Why is my agent showing "Disconnected"? ▼

Ensure outbound port 443 is not blocked by a firewall or proxy. Agents use mTLS to communicate with ingest.cybervault.io. Run cv-agent diagnostics --network to verify connectivity.

Can I deploy agents in air-gapped environments? ▼

Yes. Use the offline installer package and sync telemetry via our secure batch relay service. Configure --relay-mode "batch" during initialization.

How do I rotate API keys without downtime? ▼

CyberVault supports key rotation via our double-key system. Generate a new key, deploy it to agents, then revoke the old one. Agents auto-sync within 60 seconds.

← Back to Overview Next: Threat Detection Engine →