Introduction
Seceon aiSIEM, the only real-time threat detection and reporting platform is built on micro-services/container architecture. This allows versatility in terms of deployment choices, whether it is installed on a bare metal Hardware Server, on a Virtual Machine or on a public Cloud like Amazon AWS and Microsoft Azure. The performance of the OTM is neither influenced nor compromised based on the deployment option chosen, rather it is critical that the computing memory and disk performance that meets the Seceon OTM Hardware specification is available.
The application runs smoothly on Azure as long as the hardware requirements are met and the installation and configuration are done properly as described in subsequent sections of this document
Installation Pre-requisites
To get the OTM deployed on the Azure cloud, a customer needs:
...
All the above tar packages can be downloaded prior to the installation process using the dropbox links provided later in this article.
Microsoft Azure Cloud Platform
Microsoft Azure (formerly Windows Azure) is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through a global network of Microsoft-managed data centres. It provides software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems.
Seceon aiSIEM, being a containerized platform is compatible with a variety of installation environments. It has been commercially deployed and is running successfully on physical servers, AWS instances and Virtual machines (VMs) on ESXi servers, KVMs etc. For Azure also, a VM has to be created and then used for the aiSIEM Installation
Installation Process For aiSIEM on an Azure VM
Step1: Login to your Microsoft Azure Dashboard:
...
Step 2: Create VM
Go to the list on the right side of the dashboard and select “Virtual Machines”
...
Fill in the details as asked in the “Create virtual machine” form, using the information:
...
PROJECT DETAILS
Your existing Microsoft Azure subscription
a. Resource group to be used for creating the VM, from your existing subscription. You can also create a new resource group.
INSTANCE DETAILS
Virtual machine name: Based on your choice.
Region: Your Azure region.
Availability Option: Optional
Image: Select “CentOS based 7.5”
Size: Choose 4vCPUs, 4 GB RAM. The disk will be 30GB by default, we will increase it to our requirement in Section
Step 3: Change Disk Size
ADMINISTRATOR ACCOUNT
Authentication Type
Username
SSH Public Key
Setup your SSH login account.
Keep the rest of the settings default and create the VM. Once created, pick up the assigned IP, and login to that with the Administrator account created through ssh.
Step 3: Change Disk Size
Login to the created VM as administrator (root).
Change the disk size using instructions as below:
Check the root partition using the command “df –h”
...
| Code Block |
|---|
[seceon@cce-test ~]$ df -h Filesystem Size Used Avail Use% Mounted on /dev/sda2 200G 1.2G 199G 1% / devtmpfs 14G 0 14G 0% /dev tmpfs 14G 0 14G 0% /dev/shm tmpfs 14G 9.0M 14G 1% /run tmpfs 14G 0 14G 0% /sys/fs/cgroup /dev/sda1 497M 81M 417M 17% /boot /dev/sdb1 197G 61M 187G 1% /mnt/resource tmpfs 2.8G 0 2.8G 0% /run/user/1000 |
Step 4: Setup Seceon env
Login to the VM as administrator
Run the command “sudo -i”, to get into root mode.
Download the server setup package using the command given below:
...
Wait for the setup to get installed.
Then, reboot the VM using “reboot” command.
Step 5: Install CCE:
Login to the VM as seceon/seceon.
Download the CCE package using the command given below:
...
| Code Block |
|---|
wget -c https://www.dropbox.com/s/5cx8kxwuazv6m20/cce-global-config.yml |
Install.sh
| Code Block |
|---|
wget -c https://www.dropbox.com/s/zgk6rvmiicw1x1t/install.sh |
...