Quick Start

Get your organization protected with KYRA MDR in four simple steps: sign up, install the collector, connect a data source, and see your first alert.

---

Step 1: Sign Up

1. Go to https://kyra-mdr-console.seekerslab.com/signup
2. Enter your business email and create a password
3. Fill in your organization name and select your industry
4. Choose a service tier (FREE tier available for evaluation)
5. Check your email for verification and click the activation link

After verification, you will be redirected to the KYRA MDR Console at https://kyra-mdr-console.seekerslab.com.

---

Step 2: Install the Collector

The KYRA Collector is a lightweight agent that runs in your network and securely forwards security telemetry to the KYRA platform.

Linux (Recommended)

curl -sSL https://install.kyra.ai/collector | sudo bash

The installer will:

• Download and install the collector binary
• Register with your KYRA MDR tenant automatically
• Start the kyra-collector systemd service
• Begin listening for syslog on port 514

Verify Installation

sudo systemctl status kyra-collector

You should see Active: active (running). The collector will appear in the Console under Settings > Collectors within 60 seconds.

For Windows, Docker, or advanced installation options, see the Collector Installation Guide.

---

Step 3: Connect Your First Data Source

The quickest integration is forwarding firewall or server syslog to the collector.

Forward Syslog from Any Device

Point your firewall, switch, or Linux server syslog to the collector’s IP address:

Syslog Server: <collector-ip>
Port: 514
Protocol: UDP (or TCP)

Example: Linux rsyslog

Add to /etc/rsyslog.conf:

*.* @<collector-ip>:514

Then restart rsyslog:

sudo systemctl restart rsyslog

For vendor-specific guides, see:

• FortiGate Integration
• Windows Event Log
• AWS CloudTrail

---

Step 4: See Your First Alert

Once logs are flowing, KYRA MDR’s AI engine begins analyzing events in real time.

1. Open the Console at https://kyra-mdr-console.seekerslab.com
2. Navigate to Dashboard — you should see event ingestion metrics within minutes
3. Go to Alerts to view detected threats
4. Click any alert to see:
   • Severity classification (Critical / High / Medium / Low / Info)
   • MITRE ATT&CK mapping with tactic and technique details
   • Evidence — the raw log events that triggered the alert
   • AI Analysis — automated investigation summary and recommended actions

Generate a Test Alert

To verify end-to-end detection, trigger a known-bad event:

# Simulate a brute-force SSH login (generates failed auth events)
for i in $(seq 1 20); do
  ssh -o ConnectTimeout=1 invalid-user@localhost 2>/dev/null
done

Within 1-2 minutes, you should see a “Brute Force Authentication Attempt” alert in the Console.

---

What’s Next?

• Collector Installation — Advanced install options (Windows, Docker, proxy)
• FortiGate Integration — Connect your FortiGate firewall
• API Reference — Automate with the REST API
• FAQ — Common questions answered
• Service Tiers — Compare plans and features

---

Need Help?

• Email: kyra@seekerslab.com
• Console: Click the chat icon in the bottom-right corner
• KakaoTalk (카카오톡): Search for “KYRA MDR” and add our support channel