CyFlare Migration

Incident Report for CyFlare

Update

Just a reminder that starting next week on 9/7/22, we will begin the migration process. Please ensure the aforementioned firewalls rules are put in place if outbound communications are restricted. Of course, as always, if you have any issues or questions, please contact your customer success manager or the SOC utilizing the below methods:

1. Create a ticket at https://login.socportal.cloud/
2. Email us at socir@cyflare.com
3. Contact your Customer Success Manager directly
4. Call us at 877-729-3527

Posted Sep 02, 2022 - 14:24 EDT

Monitoring

Dear customer,

At CyFlare, our goal is to protect you 100% of the time. Therefore, in an ongoing effort to enhance our resilience, we will strengthen our cloud infrastructure and architecture. These infrastructure changes will go into effect on September 7, 2022. Customers will be migrated in batches between September 7 and September 30.

When Will the Changes Go Into Effect?
The infrastructure changes will go into effect on September 7, 2022

What Does It Mean For Me?
Between September 7 and September 30, CyFlare will migrate your account to our new infrastructure. Therefore, we ask that you make the following changes before September 7 on your end to ensure no loss of service:

New Firewall Rules To Be Added (do not remove old rules)

The following BDS Firewall Rules will be needed to allow your appliances and the security sensors to communicate outbound. No inbound ports or rules need to be configured.

A. Outbound From the appliance Static IP:

● To destination IP address 91.189.89.90 over TCP port 80
● To destination IP address 91.189.90.173 over TCP port 80

B. Outbound from the sensor and Linux Agent static IP:

Addresses to be added
● 6640-6648 TCP to cm-cyflare.stellarcyber.cloud, 141.148.147.188
● 8443 TCP to cm-cyflare.stellarcyber.cloud, 141.148.147.188
● 8888 TCP to receiver-cyflare.stellarcyber.cloud, 152.70.135.38
● 8472 UDP to 54.176.232.64
● 4789 UDP to 54.176.232.64

C. Outbound from any Windows Servers with SIEM agents deployed:

● TCP on port 8888 to receiver-cyflare.stellarcyber.cloud, 152.70.135.38
● TCP on port 8443 to cm-cyflare.stellarcyber.cloud, 141.148.147.188
● TCP on ports 6640-6648 to cm-cyflare.stellarcyber.cloud, 141.148.147.188

NOTE: IP addresses are provided in case your firewall will not allow an FQDN. Use FQDN where allowed.

After the migration, you will need to use this link to access the XDR Management Platform: https://cyflare.stellarcyber.cloud. Your credentials will remain the same.

What If I Have Questions or Concerns?
Please reach out to us with any questions in the following ways:

1. Create a ticket at https://login.socportal.cloud/
2. Email us at socir@cyflare.com
3. Contact your Customer Success Manager directly
4. Call us at 877-729-3527

Posted Aug 30, 2022 - 13:04 EDT

This incident affects: Breach Detection Service.