Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Introduction

Seceon aiSIEM, the only real-time threat detection and reporting platform is built on micro-services/container architecture. This allows versatility in terms of deployment choices, whether it is installed on a bare metal Hardware Server, on a Virtual Machine or on a public Cloud like Amazon AWS and Microsoft Azure. The performance of the OTM is neither influenced nor compromised based on the deployment option chosen, rather it is critical that the computing memory and disk performance that meets the Seceon OTM Hardware specification is available.

The application runs smoothly on Azure as long as the hardware requirements are met and the installation and configuration are done properly as described in subsequent sections of this document

Installation Pre-requisites

To get the OTM deployed on the Azure cloud, a customer needs:

  • Server setup package (Seceon-server-setup-5.0.0-tar.gz)

  • CCE package

All the above tar packages can be downloaded prior to the installation process using the dropbox links provided later in this article.

Microsoft Azure Cloud Platform

Microsoft Azure (formerly Windows Azure) is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through a global network of Microsoft-managed data centres. It provides software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems.

Seceon aiSIEM, being a containerized platform is compatible with a variety of installation environments. It has been commercially deployed and is running successfully on physical servers, AWS instances and Virtual machines (VMs) on ESXi servers, KVMs etc. For Azure also, a VM has to be created and then used for the aiSIEM Installation

Installation Process For aiSIEM on an Azure VM

Step1: Login to your Microsoft Azure Dashboard:

Step 2: Create VM

  • Go to the list on the right side of the dashboard and select “Virtual Machines”

  • On the “Virtual Machines” screen, select “+Add” option

  • Fill in the details as asked in the “Create virtual machine” form, using the information:

PROJECT DETAILS

Your existing Microsoft Azure subscription

a. Resource group to be used for creating the VM, from your existing subscription. You can also create a new resource group.

INSTANCE DETAILS

  • Virtual machine name: Based on your choice.

  • Region: Your Azure region.

  • Availability Option: Optional

  • Image: Select “CentOS based 7.5”

  • Size: Choose 4vCPUs, 4 GB RAM. The disk will be 30GB by default, we will increase it to our requirement in Section

Step 3: Change Disk Size

ADMINISTRATOR ACCOUNT

  • Authentication Type

  • Username

  • SSH Public Key

  • Setup your SSH login account.

Keep the rest of the settings default and create the VM. Once created, pick up the assigned IP, and login to that with the Administrator account created through ssh.

Step 3: Change Disk Size

  • Login to the created VM as administrator (root).

  • Change the disk size using instructions as below:

  • Check the root partition using the command “df –h”

 

Filesystem      Size           Used    Avail Use%  Mounted on

/dev/sda2        30G           1.2G   29G     5%       /

devtmpfs         14G           0      14G     0%       /dev

tmpfs            14G           0      14G     0%       /dev/shm

tmpfs            14G           9.0M   14G     1%       /run

tmpfs            14G           0      14G     0%       /sys/fs/cgroup

/dev/sda1        497M          81M    417M   17%      /boot

/dev/sdb1        197G          61M     187G   1%       /mnt/resource

tmpfs            2.8G           0      2.8G   0%       /run/user/1000

Here root is mounted as /dev/sda2

  • Go to Azure Portal, go to VM -> Disk -> Select OSDisk -> Configuration and increase OS Disk Size to 200GB.

  • Start up the VM

  • Use FDISK to delete the older partition and recreate it. Subsequent commands to be used are listed below:

 sudo fdisk /dev/sda
· u
Command (m for help): u

Changing display/entry units to cylinders (DEPRECATED!).

· p - (print) – take note of Start of /dev/sda2 (eg. 64

Command (m for help): p

Disk /dev/sda: 214.7 GB, 214748364800 bytes, 419430400 sectors

Units = cylinders of 16065 * 512 = 8225280 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes

Disk label type: dos

Disk identifier: 0x000ecbd2

Device Boot          Start         End      Blocks   Id  System

/dev/sda1   *           1          64      512000   83  Linux

/dev/sda2              64        3917    30944256   83  Linux

· d - (delete) – delete the required partition

Command (m for help): d

Partition number (1,2, default 2): 2

Partition 2 is deleted
· n - (create new partition) – recreate the deleted partition 

. p - select primary partition

Command (m for help): n

Partition type:

   p   primary (1 primary, 0 extended, 3 free)

   e   extended

Select (default p): p

Partition number (2-4, default 2): 2

First cylinder (64-26108, default 64):

Using default value 64

Last cylinder, +cylinders or +size{K,M,G} (64-26108, default 26108):

Using default value 26108

Partition 2 of type Linux and of size 199.5 GiB is set
Press w to, write the changes

Command (m for help): w

The partition table has been altered!
[seceon@cce-test ~]$ sudo reboot 
  (reboot the system)

[seceon@cce-test ~]$ sudo xfs_growfs /dev/sda2 
  (resize the partition to cover the full disk)
[seceon@cce-test ~]$ sudo xfs_growfs /dev/sda2
meta-data=/dev/sda2              isize=512    agcount=4, agsize=1934016 blks

         =                       sectsz=512   attr=2, projid32bit=1

         =                       crc=1        finobt=0 spinodes=0

data     =                       bsize=4096   blocks=7736064, imaxpct=25

         =                       sunit=0      swidth=0 blks

naming   =version 2              bsize=4096   ascii-ci=0 ftype=1

log      =internal               bsize=4096   blocks=3777, version=2

         =                       sectsz=512   sunit=0 blks, lazy-count=1

realtime =none                   extsz=4096   blocks=0, rtextents=0

data blocks changed from 7736064 to 52299871
  •  Verify size has increased by using df -h:

[seceon@cce-test ~]$ df -h

Filesystem      Size  Used Avail Use% Mounted on

/dev/sda2       200G  1.2G  199G   1% /

devtmpfs         14G     0   14G   0% /dev

tmpfs            14G     0   14G   0% /dev/shm

tmpfs            14G  9.0M   14G   1% /run

tmpfs            14G     0   14G   0% /sys/fs/cgroup

/dev/sda1       497M   81M  417M  17% /boot

/dev/sdb1       197G   61M  187G   1% /mnt/resource

tmpfs           2.8G     0  2.8G   0% /run/user/1000

Step 4: Setup Seceon env

  • Login to the VM as administrator

  • Run the command “sudo -i”, to get into root mode.

  • Download the server setup package using the command given below:

wget –c https://www.dropbox.com/s/m46ciwi1om3v5du/seceon-server-setup-5.0.0.tar.gz
  • Untar the server setup package using the command:

tar –xvzf seceon-server-setup-5.0.0.tar.gz
  • Get inside the folder, and run the setup script:

cd seceon-server-setup-5.0.0
./seceon-setup.sh
  • Wait for the setup to get installed.

  • Then, reboot the VM using “reboot” command.

Step 5: Install CCE:

  • Login to the VM as seceon/seceon.

  • Download the CCE package using the command given below:

wget –c https://www.dropbox.com/s/7vxts85zvxksv0n/seceon-cce-5.2.1-193.tar.gz
  • Match the md5sum of the package using the command given below:

md5sum seceon-cce-5.2.1-193.tar.gz | grep    eb90dd8dfa8c013e70f6d6b84e311990  

You should see the output:

eb90dd8dfa8c013e70f6d6b84e311990   seceon-cce-5.2.1-193.tar.gz

If you don’t see this output, your download is not correct. Please download again.

  • Run the command: 

ssh seceon@127.0.0.1
  • Download the “cce-global-config.yml” and “install.sh files”, as given below:

1.cce-gobal-config.yml:

wget -c https://www.dropbox.com/s/5cx8kxwuazv6m20/cce-global-config.yml
  1. Install.sh

wget -c https://www.dropbox.com/s/zgk6rvmiicw1x1t/install.sh
  • Change the privilege of the install script using the command: chmod 775 install.sh

  • Run the commands:

screen
./install.sh –c

  • Answer the questions:

Do APE & CCE coexist?

In an Enterprise, CCE and APE may co-exist; but in MSSP Enterprise, they are unlikely to coexist.

If you press Yes, it will ask for confirmation else it will prompt you for The Tenant Id: In case of Enterprise you can just press enter else Type in the Tenant ID given by the MSSP.

APE IP address:

Do you want secure communication between CCE & APE using Ssh Tunnel?

This will be Yes only if APE is not on VPN and has a public IP and there is no VPN tunnel between APE &CCE.

 SSH Tunnel Port: 22 (Default)

 

  • No labels