# Brain deployment ## Brain Deployment Process Overview {% stepper %} {% step %} ### A trial or purchase decision is made for a QUX deployment Please work with your Vectra account team in either case. {% endstep %} {% step %} ### [Deploy a Brain appliance](#brain-deployment-documentation-links) * Deployment can be done by the customer, partner, or with the assistance of Vectra. {% endstep %} {% step %} ### [Login and change the admin password](#login-and-change-the-admin-password-1) Once you can login to your Brain appliance QUX UI, changing the default **admin** administrator login password is recommended. {% endstep %} {% step %} ### Setup SAML SSO Setup SSO if desired for admin and analyst access (links to guides below): * [Setup SAML SSO with and IdP (Quadrant UX)](https://docs.vectra.ai/configuration/access/saml-sso-qux/any-idp-saml-qux) * [Setup SAML SSO with Azure AD (Quadrant UX)](https://docs.vectra.ai/configuration/access/saml-sso-qux/entra-id-azure-ad-saml-qux) * [Setup SAML SSO with Okta (Quadrant UX)](https://docs.vectra.ai/configuration/access/saml-sso-qux/okta-saml-qux) * [Setup SAML SSO with Ping Identity (Quadrant UX)](https://docs.vectra.ai/configuration/access/saml-sso-qux/ping-identity-saml-qux) * [Setup SAML SSO with ADFS (Quadrant UX)](https://docs.vectra.ai/configuration/access/saml-sso-qux/adfs-saml-qux) Additional external authentication options such as [LDAP](https://docs.vectra.ai/configuration/access/external-authentication-qux/ldap-qux), [RADIUS](https://docs.vectra.ai/configuration/access/external-authentication-qux/radius-qux), and [TACACS+](https://docs.vectra.ai/configuration/access/external-authentication-qux/tacacs-qux) are available in *Configuration → ACCESS → Authentication.* {% endstep %} {% step %} ### [Configure initial settings](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment/initial-configuration) Guidance for intial QUX configuration settings in the next page of this guide. {% endstep %} {% step %} ### Cloud data sources can be added at any time Cloud (non-network data sources) such as IDR for Azure AD (Entra ID), CDR for M365, and CDR for AWS can be added at any time. See [configuring data sources](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment/configuring-data-sources) for details. {% endstep %} {% step %} ### Add network data sources (Sensors) Network Sensors allow you to capture network traffic for analysis by your Vectra deployment. See [configuring data sources](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment/configuring-data-sources) for details. * Sensors are deployed and paired with your Vectra Brain. * Traffic capture is initiated. * Traffic is validated to ensure the observed traffic meets quality standards for algorithm processing. {% endstep %} {% step %} ### [Perform recommended next steps](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment/recommended-next-steps) See this page of the guide for best practices, configuring backup for your Brain appliance, and other recommended next steps. {% endstep %} {% endstepper %} ## Login and Change the “admin” Password Once an IP has been configured for the MGT1 interface of your Brain, you can access it using a modern browser such as Edge, Chrome, or Safari (see [Vectra UI Supported Browsers](https://docs.vectra.ai/reference/vectra-ui-supported-browsers) for more detail) at or the hostname (if configured in your DNS). The GUI can also be accessed via MGT2 (on physical appliances) at . The default username is **admin** and the default password is **changethispassword** . Please note that by default, Vectra uses a self-signed certificate to secure the user interface. As a result, the certificate causes SSL warnings in most web browsers. Instructions for how to replace this with a customer-provided signed certificate can be found in the following Vectra support portal article: * [SSL Certificate Installation](https://docs.vectra.ai/configuration/qux-specific/ssl-certificate-installation) After logging in to the GUI, it is recommended to immediately change the **admin** password. * Navigate to **My Profile** on the left-hand side of the screen * Click on **Change Password** in the username/password area, fill in and save the form * Password requirements - must be at least 8 characters long and contain at least * 1 digit (0-9), 1 upper case letter (A-Z), 1 lower case letter (a-z) * One symbol from: (\~!@#$%^&\*\_-+=\`| \ ( ){ }\[ ]:;”’<>,.?/) ## Brain Deployment / Documentation Links Deploy your Brain appliance using one of the linked guides below. After deployment, come back here and continue. * For physical Brain appliances * You will need CLI (Command Line Interface) access to the appliance. * The initial configuration at the CLI is covered in the Quick Start Guide for your appliance. * Please refer to that guide to configure an IP address, network mask, and default gateway. * If required, a proxy can also be configured at the CLI but can also be done later in the GUI. * Quick start guides for physical appliances that can support Brain or Mixed mode use are listed here: * [X-Series guides](https://docs.vectra.ai/deployment/ndr-physical-appliances/x-series) - These appliances support Brain or Mixed mode deployment. * [B-Series guides](https://docs.vectra.ai/deployment/ndr-physical-appliances/b-series) - These appliances only support Brain mode deployment. * The quick start physical appliance guides are meant just for getting the appliance installed and available on your network. * For virtual Brains deployed in traditional hypervisor environments (VMware, Nutanix, etc) or in IaaS clouds (AWS, Azure, GCP, etc) * Please the Brain guide for your platform in [NDR virtual / cloud appliances](https://docs.vectra.ai/deployment/ndr-virtual-cloud-appliances). * Please see the appropriate deployment guide below for your supported IaaS cloud: * [AWS Brain Deployment Guide](https://docs.vectra.ai/deployment/ndr-virtual-cloud-appliances/aws-brain) * [Azure Brain Deployment Guide](https://docs.vectra.ai/deployment/ndr-virtual-cloud-appliances/azure-brain) You may have already configured DNS following the QuickStart for your physical appliance or the deployment guide for your virtual Brain. If you did not configure DNS as part of your initial Brain deployment, this guide will cover configuration of DNS later in the [Data Sources > Network > Brain Setup](https://docs.vectra.ai/deployment/getting-started/initial-configuration#data-sources-greater-than-network-greater-than-brain-setup) section. It is recommended have your Brain registered in your DNS to make failover scenarios easier to deal with.