Select Page

WitFoo Precinct Deployment Checklist

Welcome Forums Appliance and OS WitFoo Precinct Deployment Checklist

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • #2195
    Mike RiforgiateMike Riforgiate
    Keymaster

    Deploy Appliances (https://www.witfoo.com/tech-specs/) 
    It is highly recommended that appliances be thick provisioned to prevent performance and stability issues.

    • >Data Node (Recommend 3)
    • Streamer Node (Recommend 1 for each transport type: syslog, NetFlow, Splunk, eStreamer, Beats)
    • IE/Management Node (Recommend 1)

    Verify that each appliance has required resources outlined in the table.

    • At least 8GB of RAM on IE/Streamer nodes(12GB ideal)
    • At least 12GB of RAM on Data nodes(16GB ideal)
    • At least 4 CPU Cores (8 Cores ideal)
    • Verify by running htop in each appliance

     

    Default log in on each appliance is witfooadmin : F00theN0ise! 

    • Can be reached via SSH or via Console Interface 

    Configure the IP address of the appliance by clicking on the Network icon in the Console UI or in accordance with Ubuntu documentation (https://help.ubuntu.com/lts/serverguide/network-configuration.html). Alternatively, use a DHCP lease reservation for assigning the IP address. 

    Run ./register script following directions (see: https://vimeo.com/422153063) 

    • Run on Data nodes 
    • Run on Management nodes 
    • Run on Streamer nodes 

    Wait 30 minutes for systems to initialize and pull code updates 

    Create the first account at https://IP_OF_MANAGEMENT_NODE/auth/register (replace IP_OF_MANAGEMENT_NODE  with the IP Address of the Management Node.) 

    In the interface go to Admin -> Settings -> General. Configure all settings. 

    Configure and test email integration at Admin -> Settings -> Email 

    Configure supported Integrations at Admin -> Settings -> Integrations (see: https://community.witfoo.com/forums/forum/integrations/) 

    If configuring SAML with Office 365 see: https://community.witfoo.com/forums/topic/saml-with-azure-ad-office-365/ 

    Send syslog to the IP address of the Streamer node on 514/udp (most common), 514/tcp or 6514/tcp (for SSL or TLS). See https://community.witfoo.com/forums/forum/integrations/ for integration specific guidance. 

    If sending Winlogbeats or NetFlow, create an additional Streamer for each. Send NetFlow to 2055/udp. Use the following settings for Winlogbeatshttps://community.witfoo.com/forums/topic/winlogbeats/ 

    Create additional user accounts at Admin -> Users 

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.