-- Keep only critical alerts beyond 1 year ALTER TABLE alerts POLICY FOR SELECT WHERE severity != 'info' AND time > now() - INTERVAL 1 YEAR; | Problem | Diagnostic | Solution | |---------|------------|----------| | No data in dashboards | Check cv-ingestion status | Restart service: systemctl restart cv-ingestion | | License expired | cv-license info | Upload new .lic file | | Agent not connecting | tail -f /var/log/cyberview-agent.log | Verify TLS certificate and proxy settings | | High memory usage | cv-top (internal tool) | Increase max_memory_usage in ClickHouse config | | Playbook fails | Check cv-orchestrator logs --playbook-id <id> | Verify API credentials for firewall/EDR |
curl -X GET "https://cv/api/v1/incidents?status=open&limit=50" \ -H "Authorization: Bearer <JWT>" cyberview cs
1. Introduction to CyberView CS CyberView CS (Cyber Situational Awareness & Command System) is an enterprise-grade cybersecurity orchestration, visualization, and response platform. It aggregates data from SIEMs, endpoint detection (EDR), network sensors, threat intelligence feeds, and cloud APIs into a single-pane-of-glass interface. The "CS" denotes Converged Security – unifying IT, OT, and cloud security operations. -- Keep only critical alerts beyond 1 year
# Full backup (daily) cv-backup create --full --path s3://cyberview-backups/cluster1/ cv-backup enable-wal-archiving --sink s3://cyberview-wal/ The "CS" denotes Converged Security – unifying IT,
curl -X POST https://cv/api/v1/auth/login \ -H "Content-Type: application/json" \ -d '"username":"admin","password":"..."' \ --cacert /opt/cyberview/ca.pem # Returns JWT token