- This topic is empty.
- Posts
Deploy Appliance (https://www.witfoo.com/tech-specs/)
It is highly recommended that appliances be thick provisioned to prevent performance and stability issues.Verify that the appliance has required resources outlined in the table.
- 300GB or 1.2TB Disk
- At least 24GB of RAM
- At least 8 CPU Cores
- Verify by running htop in each appliance
Access to the VM will be via the method assigned by the user during instance creation.
- Can be reached via SSH or via Console Interface
Enable NTP sync by either 1) allowing NTP connections to ntp.ubuntu.com on 123/udp or 2) configuring an internal NTP service on each node: https://ubuntu.com/server/docs/network-ntp
Configure the IP address of the appliance by clicking on the Network icon in the Console UI or in accordance with Ubuntu documentation (https://help.ubuntu.com/lts/serverguide/network-configuration.html). Alternatively, use a DHCP lease reservation for assigning the IP address.
Update Ubuntu packages as necessary.
Run ./register script following directions (see: https://vimeo.com/422153063)
- Ensure role option (1) is selected for All-In-One
Wait 30 minutes for systems to initialize and pull code updates
Create the first account at https://IP_OF_MANAGEMENT_NODE/auth/register (replace IP_OF_MANAGEMENT_NODE with the IP Address of the Management Node.)
In the interface go to Admin -> Settings -> General. Configure all settings.
Configure and test email integration at Admin -> Settings -> Email
Configure supported Integrations at Admin -> SOAR (see: https://community.witfoo.com/forums/forum/integrations/)
If configuring SAML with Office 365 see: https://community.witfoo.com/forums/topic/saml-with-azure-ad-office-365/
Send syslog to the IP address of the Streamer node on 514/udp (most common), 514/tcp or 6514/tcp (for SSL or TLS). See https://community.witfoo.com/forums/forum/integrations/ for integration specific guidance.
If sending Winlogbeats or NetFlow, create an additional Streamer for each. Send NetFlow to 2055/udp. Use the following settings for Winlogbeats: https://community.witfoo.com/forums/topic/winlogbeats/
Create additional user accounts at Admin -> Users
- You must be logged in to reply to this topic.