Prerequisites
Ensure that you meet the following prerequisites before initiating the deployment. To use this guide successfully, Cyware recommends you be familiar with deploying software on Linux servers and installing databases on the Linux Enterprise server.
Note
The default shell that is used for the CTIX deployment is Bash.
Network Requirements
Share the public gateway IP address of your servers with the Cyware team, so that we can add the IP addresses to our Allow List and enable access to our repository domains.
You must configure a Virtual Network (VNET) CIDR private range with a /16 subnet mask.
You must create two private subnets with a /18 subnet mask and two public subnets with a /28 subnet mask.
Synchronize with NTP Server
Synchronize the server used in the Intel Exchange deployment with the Network Time Protocol server of the organization. To check if the system clock is synchronized and NTP is active, run the following command:
timedatectl
Tool Requirements
You must install the following tools to migrate Intel Exchange on Azure AKS:
Azure CLI (az): The Azure Command-Line Interface (CLI) is a command-line tool that allows you to manage Azure resources.
Azure Workload Identity (azwi): This tool simplifies managing and assigning identities for workloads running in AKS.
Helm: Helm helps you manage Kubernetes applications. Helm charts help you define, install, and upgrade the most complex Kubernetes applications.
kubectl: kubectl is the Kubernetes command-line tool to manage and control Kubernetes clusters.
Allow Cyware Domains
Add the following Cyware domains to your Allow List. You will require access to these domains during the deployment to download the installation package. You will also need access to the production license server and Cyware Support.
The Kubernetes registries from which the installer and configuration files can be downloaded:
https://packages.cyware.com/: Stores the Python libraries required to execute apps at the run-time.https://prod.packages.cyware.com: Stores the build packages of Cyware products.
https://cylms.cyware.com: License management repository that stores license properties and details allocated to an instance of Cyware product.https://support.cyware.com/hc/en-us: ITSM portal for customers to contact the Cyware support team for assistance.https://techdocs.cyware.com: Technical documentation portal of Cyware.https://appstore.cyware.com: Stores the Appstore apps and the custom apps.
Proxy Configuration
If you have a proxy that acts as a gateway between your users and the internet, it should be configured beforehand in all the servers that you use for deployment to ensure network connectivity to Cyware repositories.
Allow External URLs
(Optional) App URLs: Allow outbound connection to the third-party application URLs that you want to integrate with CTIX. For example, Crowd Strike, Alien Vault, and more.
(Optional) SSO/SAML URL: Add the embed URL of the SSO/SAML authentication app that you are using to the Allow List. For more information, see Configure SAML 2.0 as the Authentication Method.
(Optional) LDAP URL: Add the URL of the LDAP authentication app that you are using to the Allow List.
(Optional) Google Sign-In URL: Add the following URL to the Allow List to enable the Google Sign-In authentication method:
https://accounts.google.com/gsi/client.Google URL: Allow outbound connections to the following Google URLs:
https://fonts.gstatic.com: To render the Google fonts that are used in the CTIX application.https://maps.googleapis.com: To render Google Maps and display a map view of the IP threat data.
MITRE ATT&CK Navigator URL: Allow outbound connections to the following GitHub URLs to allow access to the MITRE ATT&CK Navigator repository:
https://github.com/mitre-attackhttps://raw.githubusercontent.com/mitre/https://raw.githubusercontent.com/MISP/
Public Suffix URL: Allow outbound connections to the following public suffix URL to render TLD-related widgets in the CTIX dashboards:
https://publicsuffix.org/list/public_suffix_list.dat