Pre-requisites

1.Hardware configuration for APE should be in accordance with the specification.

Refer to Hardware Specifications Required for Seceon APE to witness the specification for trial purpose.

2. Be ready with , either VM or Baremetal with Seceon customized OS. Refer to the link Rocky Linux - VM Creation and Seceon Server Set-up using Dropbox

3.Refer to link https://seceon.atlassian.net/l/c/VtkWnNWv and make sure that all the required ports are open.

Hardware Verification Command

nproc (To check core ) should be a minimum 32 Core//64 core

free -h (To check memory ) should be a minimum 128 GB

df -h (To check disk size ) should be a minimum 3.2 TB SSD

otmdoc -p ( To check iops , should be 50K/90K)

APE Installation Steps

APE Installation on VMs:

1.Login on PUTTY as a “seceon” user , ensure the path as “/home/seceon” (crossverify by “pwd” command) , and download the package using the Seceon Latest Package Download Link if the APE server has internet connectivity.

If the server does not own internet then , first download the package, and transfer the package,via WinSCP in /home/seceon path to the server .

2. To ensure that you are settled with correct APE package , crossverify the legitimacy by md5checksum “md5sum <downloaded seceon ape link>”

3. Put the server in “screen” mode , so that the installation should not stop even if the system shuts down ( this step is optional though important ) . “screen “ command should be ran and then enter.

4. Finally, run the command ./install.sh -a for installation to proceed.

(INSTALLATION WILL TAKE AROUND 45MINUTES TO COMPLETE )

Verification Of Installation

Need to run command “otmdoc -m” to check all the containers are up and running.

1. Double check the completion by “https://<IP of the APE>” and “proceed to safe” .

2. Then it will show Host ID and ask for license

3. Apply the license key on UI shared by Seceon team.

https://seceon.atlassian.net/wiki/spaces/PIG/pages/725352545

Troubleshooting:

1. Click on below link if you get Nextgen/v1 Error while installing APE https://seceon.atlassian.net/wiki/pages/createpage.action?spaceKey=PP&title=Troubleshooting%20%3A%20Cannot%20GET%20nextgen%2Fv1%20Error

Installation of APE on Azure cloud:

• Overview

  • Installation Pre-requisites

    • Microsoft Azure Cloud Platform

  • Installation Process For APE on an Azure VM

    • Step1: Login to your Microsoft Azure Dashboard:

    • Step 2: Create VM

    • Step 3: Setup the APE Machine.

• Verification

The application runs smoothly on Azure as long as the hardware requirements are met and the installation and configuration are done properly as described in subsequent sections of this document.

Overview

The scope of this document is to detail the steps to install OTM on Azure cloud. It is meant to be used by the customer (Enterprise or MSSP) for their own purpose. Partners may also use it for their demo environment.

Please note that the OTM has two installation components, APE and CCE. But the scope of this document is limited to the instructions of installation of APE only on Azure cloud for now.

Installation Pre-requisites

To get the OTM deployed on the Azure cloud, a customer needs:

• Server setup package

• APE package

All the above tar packages can be downloaded prior to the installation process using the dropbox links provided later in this article.

Microsoft Azure Cloud Platform

Microsoft Azure (formerly Windows Azure) is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through a global network of Microsoft-managed datacenters. It provides software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems.

Seceon aiSIEM, being a containerized platform is compatible with a variety of installation environments. It has been commercially deployed and is running successfully on physical servers, AWS instances and Virtual machines (VMs) on ESXi servers, KVMs etc. For Azure also, a VM has to be created and then used for the aiSIEM Installation.

Installation Process For APE on an Azure VM

Step1: Login to your Microsoft Azure Dashboard:

Open

Step 2: Create VM

• Go to the list on the right side of the dashboard and select “Virtual Machines”

  Open

  

• On the “Virtual Machines” screen, select “+Add” option and select the “Virtual machine”.

• Fill in the details as asked in the “Create virtual machine” form, using the information:

• Click on the dropdown of the “Image” option and then click on “See all images”.

• Now Search “Rocky-8-6” in the search box.

• Now select rocky-8-6-x86_64-free-Gen2 Image from the list

• To select the size click on see all sizes.

• Now select any VM size with specs suggested by Seceon Team.

• Now select the Authentication type as Password and give username and password.

• Now click on Next: Disk.

• Now select the OS disk type Standard SSD.

• Now click on create and attached a new disk.

• Click on change size.

• Now select Disk SKU as standard SSD. Select Size suggested by Seceon and click on OK.

• Now click on Next:Networking → Next:Management → Next:Advantage → Next:Tags → Next:Review+Create

• Now Click on the “Create” button to create the VM. When your deployment is complete “go to resource”.

• Now stot the VM by clicking on “Stop” → “OK”

• Now go on the Disk and Click on the first Disk name.

• Now Go on “Size+Performance” select the size suggested by seceon and click on Resize.

• Now go on the Overview and you see “Disk size” will be updated.

• Now click on the VM name which you will see above on the path and then go into “Disk” and click on the “Refresh” button. Now here you will see OS disks and Data disks are updated.

• Now click on the “Overview” and Start the VM.

• Now copy the Public IP address.

• Now SSH using this Public IP and give the Username and Password.

• Now do df -h and you will see 510 GB allocated to root.

Step 3: Setup the APE Machine.

• Now download the server setup package using the below command.

• Now go into the Root using the following command.

• Now untar the server-setup package using the tar -xvzf <package name> command.

  [root@ayush-12345 APE-Test]# tar -xvzf seceon-server-setup-7.0.2.tar.gz seceon-server-setup-8.0.0/ seceon-server-setup-8.0.0debug-tools.tar.gz seceon-server-setup-8.0.0/seceon-pkg.tar.gz seceon-server-setup-8.0.0mount_disk.sh seceon-server-setup-8.0.0/setup-docker-logrotate.sh seceon-server-setup-8.0.0/otmdoc seceon-server-setup-8.0.0/configure-seceonrepo.sh seceon-server-setup-8.0.0/seceon-setup.sh seceon-server-setup-8.0.0/docker.tar.gz seceon-server-setup-8.0.0/yum-utils.tar.gz seceon-server-setup-8.0.0/docker-py.tar.gz seceon-server-setup-8.0.0/ansible.tar.gz seceon-server-setup-8.0.0/setup-direct-lvm-minimal.sh seceon-server-setup-8.0.0/mount_kdisk.sh seceon-server-setup-8.0.0/seceon_tech_support seceon-server-setup-8.0.0/setup-direct-lvm.sh [root@ayush-12345 APE-Test]#

• Now go into the package using the cd command, do ls and install the package using ./seceon-setup.sh command

• Now run the ./mount_disk.sh command.

• Now reboot the VM using reboot command.

• Now login in to this machine with username- seceon and password - seceon

• Now run the command df -h. You will be able to see both Data disk and OS disk in provided to root and /mnt/disk1.

• Now download cce-globel-config and install. sh file using the wget -c command.

• Make these files executable using the below command.

Step 4: Install the APE package

• Download the APE package. (#Seceon Latest Packages)

• Go into the screen mode using the screen command and install the APE package using the below command.

Verification

On the APE machine, logged in as “ seceon “ and verify with the following:

• Command to be run as “seceon” user

  • $ otmdoc -m

Note: Status of all the APE should be up and running

Done!

Installation of APE on AWS

Overview

The steps given here are simple and is to help installing Rocky Linux on AWS and installation of CCE, however, you must have an AWS account, without it, we won’t be able to install anything on this cloud computing service.

• AWS account

• Internet connection

.

AWS Instance Setup Steps

Log in to AWS and access the EC2 Dashboard

Here I am assuming that you already have created an account on Amazon Web services, hence now go to Ec2 Dashboard. Alternatively, you can use this link. https://ap-south-1.console.aws.amazon.com/ec2/v2/home.

Launch a New Instance

Once you are on the AWS Ec2 Dashboard, click on the Instances option from the left side given menu, and then hit the “Launch Instances” button.

After that this screen will open:

Put instance Name:

Choose Rocky Linux 8 Amazon Machine Image

Now, select “AWS Marketplace” and then in the search box type – Rocky Linux. Soon, you will see the official Rocky Linux 8 Amazon Machine Image to select.

Note: In case you face any problem while connecting official Rocky Linux AMI then go for the “Rocky Linux 8 w/Latest Updates” Image offered by pro computers on the same page.

This AMI is also eligible to run on the Free tier of AWS, hence just click on the “Select” button. (Name is just an example below. Please use the name such as Primary APE)

After that hit the “Continue” button.

Chose an amazon machine image (AMI) and Click on AWS marketplace AMIs (304)

Choose Ec2 Instance Type

In this step, we will select the hardware resources we want to assign to our Rocky Linux Instance. You can use the free trial for the initial start and later scale the resource. However, if you want this Linux to start providing commercial services then select the resources- CPU, RAM, and other things as per the requirements. Here we are going for the Free Trail one.

Once you have selected, click on the “Review and Launch“.

Download an existing key pair or create a new one

To connect the created Rocky Linux Ec2 Instance remotely via SSH, we need a Key Pair. So, for that either use the existing one or simply select “Create a new key pair” and then give some name to your key, for example here we are giving “Rocky”. After that click on the “Download Key Pair” and the “Launch Instances” button.

Note: Save the Key pair somewhere safe…

Create Network setting

Configure storage:

Review Rocky Linux Instance Launch

Here we can edit any present hardware resources, we want. Such as those who want to increase the Storage space that is by default will be – 10 GB, need to hit the Edit button given in front of it. However, if you are already satisfied with the default settings then simply click on the “Launch” button.

After the above setting click on the lunch instance button which is shown in the above screenshot.

After that this screen will show:

After that click on connect button:

Setup Rocky Linux Instance

Open your local system command terminal or prompt and go where you keep pem file and use the following command syntax:

ssh -i "rockylinux.pem" rocky@ec2-35-84-180-85.us-west-2.compute.amazonaws.com

Replace path-to-downloaded-keypair with the path where your actual key is located.

Or else you can use the SSH client such as MobaXterm. For more detail, you can see our article-

How to SSH AWS ec2 Linux Instances remotely:

 Note: rocky is the default username, not ec2-user or root because the image is not provided by Amazon itself. However, in the future, it would be.

Ensure that you become root instead of rocky user. You will do that by running the command “sudo su”

After that run this command for seceon server setup

curl https://si.seceon.com:8444/repos/env/8.0.0/seceon-env-setup.txt --output ./seceon-env-setup.sh -k && bash ./seceon-env-setup.sh 

Note:  After finishing the above command server will restart and user rocky user automatically log out. 

Again you will need to login to the AWS instance with seceon user. At this time, it will ask for a change password. Please replace the “ec2-35-84-180-85.us-west-2.compute.amazonaws.com” in the command below with your own instance name.

“ssh seceon@ec2-35-84-180-85.us-west-2.compute.amazonaws.com”

After that server will restart again and the user needs to log in again with the seceon user and password which is put in the above steps.

Verification

Verification can be done once the server is setup and we can see the install command.

APE Installation on OCI

Overview:

This document will help you in creating VM using Oracle VM VirtualBox and Seceon server setup (Rocky Linux)

VM Creation on Oracle Virtual Box

You need to install virtual box on your windows server:

https://www.virtualbox.org/

Step 1: Open Oracle VM VirtualBox Manager

Step 2: Click On Machine-->New

Step 3: Put the VM Name, Type, and Version respectively.

Step 4: Click next and select memory size

Step 5: Click Next Create Virtual Hard Disk

Step 6: Hard disk file type VDI

Step 7: Click Next Storage on physical hard disk “Dynamically allocated“

Step 8: Select file location and size

Step 9: Click on create

Step10: Right-click on your VM and click on setting option

Step 11: Now click on storage -->Empty -->Disk symbol and choose seceon iso-(Rocky Linux) >OK

Step 12: In Network option, NAT should be selected.

Step13: Click on Start

Server Setup (Rocky Linux)

STEP 1: Select option 1 “ Install Rocky Linux 8”

Step 2: Select Language

STEP 3: Installation Destination

Ensure that the “INSTALLATION DESTINATION” under the “SYSTEM” is “Custom partitioning selected” as shown in the figure below:

Rocky Linux Installation- Seceon Setup-Installation Destination

Rocky Linux Installation- Installation Destination-Kickstart Insufficient

STEP 4: Network & Host Name Setting

Scrolling down in the same screen, choose the option “NETWORK & HOST NAME” as shown in the figure below:

Network & Host Name

For Manual Configuration using a Static IP: Put the Ethernet Connection as “OFF” as it has to be configured and then switched on.

Now scroll down the screen and click on “Configure” as shown in the screen below:

Put the Method as

“Manual”, Click “Add” and then provide the Client’s network details in the boxes shown in the figure above.

Addresses: The user will have to add an available IP address. This IP Address will help to identify the User’s computer on the network.

Netmask and Gateway for User’s network have to be provided.

DNS Servers: IP addresses of Domain Name Servers are used to resolve Host Names. It is required to use a comma, to separate the different Domain Name Server Addresses. For machines open to the outside world, google DNS server (8.8.8.8) can be an option.

After providing all the details, click on “Save”

Click “Done” from the top left corner as shown in the figure below.

STEP 5: Begin Installation

To start the process, Click “Begin Installation” as shown in figure below:

Please note that Installation Details remain as Custom Partitioned (Unlike the Installing Rocky Linux with Minimal setup).

STEP 6: Create Root User

As the User clicks on “Begin Installation”, it takes to a screen as shown in the figure below:

User Settings

1. On selecting the “ROOT PASSWORD” option, the User will get into a screen as shown below:

It will require the user to enter a confidential Root Password; confirm it and then click

Click on“Done” in the top left corner.

Please note that in case of a weak password being provided, “Done” has to be clicked twice

By default, the ISO has user “seceon”.

STEP 7: Reboot

After the complete installation as shown in the figure below, click on “Reboot”

STEP 8: Log in to the machine

Now, the VM/server is up with Seceon Rocky Linux ISO. Login to the server/VM using the credentials “seceon/seceon” and follow the instruction.

1.Login on PUTTY as a “seceon” user , ensure the path as “/home/seceon” (crossverify by “pwd” command) , and download the package using the Seceon Latest Package Download Link if the APE server has internet connectivity.

If the server does not own internet then , first download the package, and transfer the package,via WinSCP in /home/seceon path to the server .

1. To ensure that you are settled with correct APE package , crossverify the legitimacy by md5checksum “

md5sum <downloaded seceon ape link>”

1. Put the server in “screen” mode , so that the installation should not stop even if the system shuts down ( this step is optional though important ) .

“screen “ command should be ran and then enter.

1. Finally, run the command

./install.sh -a for installation to proceed.

(INSTALLATION WILL TAKE AROUND 45MINUTES TO COMPLETE )

Verification Of Installation

Need to run command “otmdoc -m” to check all the containers are up and running.

1. Double check the completion by “https://<IP of the APE>” and “proceed to safe” .

1. Then it will show

Host ID and ask for license

1. Apply the

license key on UI shared by Seceon team.

https://seceon.atlassian.net/wiki/spaces/PIG/pages/725352545

Troubleshooting:

1. Click on below link if you get Nextgen/v1 Error while installing APE https://seceonhelp.freshdesk.com/en/support/solutions/articles/81000410839-troubleshooting-cannot-get-nextgen-v1-error

2. p & Support?

Please send us an email at support@seceon.com, in case of any issues or questions.