Support2024-07-05T15:31:35-07:00

Getting Started

Getting Started Guide | ObjectSecurity OT.AI Platform | SaaS2024-07-05T13:57:14-07:00

This Getting Started Guide serves to help new users login into the ObjectSecurity OT.AI Platform for the first time. This guide also briefly explains how to analyze your first OT/ICS asset binary files for weaknesses (CWEs), vulnerabilities (CVEs), and unpublished vulnerabilities (Zero-Days).

1. Receiving the first invite link to and navigating to the application.

In order to begin using the application, another user must send you an invitation link. This link will appear in the following format

https://staging.objectsecurity.io/#/setpassword?invite=some_code

Where “some_code” will be replaced by a code unique to you. Simply follow this link to move on to the next step.

2. Creating a password.

You will then be prompted to create a password:

Please choose a secure password, and enter the same password twice to continue.

3. Setting up Google Authenticator.

You will then be prompted to set up Google Authenticator. Google Authenticator can be downloaded on your mobile device using one of the following links:

Once you have downloaded the Google Authenticator app on your mobile device, add your account by following the instructions listed below the QR code. Once your account has been added to Google Authenticator, you will see a 6-digit code that updates every second or so. Please enter this code now, as well as when prompted on subsequent logins.

4. Starting your first analysis.

To start analyzing your first asset, please select the big-blue plus button in the top left corner of the screen:

This will then prompt you for information regarding the asset including asset type, name, and a set of binary files:

Binary files can be uploaded using the “Upload Files” button, or by simply dropping any number of binary files onto the page.

Once you are satisfied with your asset, press “Start Analysis” to begin the analysis process. This process may take several minutes. Analysis progress is shown in the top right corner of the screen.

5. Viewing the produced analysis results.

Once your asset has finished analyzing, the following numbered blue icon will appear next to the Binary Analysis Page navigation link:

Please click on this navigation link to navigate to the Binary Analysis Page. There, you will see your newly-analyzed asset displayed:

Click on the asset to view it in detail. The binary files you uploaded with your asset will also appear and may be clicked on to view in further detail.

Congratulations on analyzing your first asset!

FAQ’s

How Do I Obtain My Copy of ObjectSecurity OT.AI Platform? (Offline only)2024-07-05T14:52:34-07:00

To Receive the Virtual Appliance Package File:

  • Via ObjectSecurity Provided Secure FTP – The ObjectSecurity OT.AI Platform Support Team will provide the user with login credentials to access the ObjectSecurity SFTP portal, where the .OVA package can be downloaded from.
  • Via End User Provided Secure FTP – Please provide the ObjectSecurity OT.AI Platform Support Team with the login credentials to upload the .OVA package to your secure file transfer system.

Troubleshooting

Troubleshooting – Analysis Not Initiating for Offline Distributions | ObjectSecurity OT.AI Platform2024-07-05T14:56:53-07:00

Troubleshooting Options  – An analysis does not initiate after a prolonged period of time on Offline VM Distributions

If you have encountered issues with analyses not beginning after a prolonged period of time on offline distributions, consider trying some of these solutions to resolve your issue. 

Try these solutions in order and move on to the next if one does not work. If you still encounter issues after attempting these solutions, please reach out to an ObjectSecurity OT.AI Platform support team member, or submit a ticket through the ticketing portal.

Solutions:

  1. Sanity Check: Refresh the page, log out and log back in, then attempt to restart the analysis.
  2. Expiration Check: Ensure that the VM isn’t expired. If the VM isn’t expired, it will display a countdown in the bottom right of the page after logging in. The time of the host machine may affect this expiration.
  3. Hardware Check: Turn the VM off and on. Check that the specs are met (# vCPUs, 16GB RAM, 443 port forwarded). Ensure the host machine also meets the hardware specs.
  4. Organization Check: In the Platform, navigate to the Settings Page and create a new Organization. Swap to the new organization from the top navigation bar. Attempt to restart the analysis.
  5. Reinstall: Reinstall the VM. Give the import a new name to avoid any issues that exist in some versions of VirtualBox. Ensure the specs in step 3 are met before ever starting the VM.

Release notes

ObjectSecurity OT.AI Platform | v2.2.0 Release Notes2024-07-05T15:05:27-07:00

TABLE OF CONTENTS

What’s Changed with This Release:

What’s New:

  1. Added the Binary Delta Feature, accessible from a new tab in the user interface.

What’s Updated:

  1. Improved the descriptions of various CWEs. When detected, these CWEs are reported with more context than before.

  2. Added the ability to recover a user’s password via email from the sign-in screen.

  3.  Fixed bugs and performance issues relating to user authentication.

Feature details

New Feature: Binary Delta Feature

The Binary Delta Feature allows you to compare binary assessment results for different versions of the same binary executable or firmware image (e.g., between updates, patches, upgrades, mergers, debloats, remediation, etc.). This can be used to verify that a remediation removed an issue, or that a merger did not introduce new vulnerabilities.

You may select two assets for which to generate a Binary Delta Report. The Binary Delta Report is viewable in the user interface and may be exported to PDF. The Binary Delta Report will report any Binaries that are added, updated, removed, or unchanged between the two assets.

Updated Feature: Improved the descriptions of various CWEs.

When detected, some CWEs are reported with more context than before. 

Updated Feature: Added the ability to recover a user’s password via email from the sign-in screen 

Passwords can now be reset via email directly from the sign-in screen.

Title

Go to Top