Prerequisites
Ensure that the following prerequisites are met before initiating deployment. To use this guide successfully, Cyware recommends users to be familiar with virtual machine environments, deploying software on Linux servers, and installing a database on the Linux Enterprise Server.
Note
The default shell that is used for the Collaborate deployment is Bash.
Network Requirements
Share the public gateway IP address of your servers with the Cyware team, so that we can add the IP addresses to our Allow List and enable access to our repository domains.
Cyware recommends you provision and assign Elastic IP addresses to the deployed EC2 instances to ensure that the IP addresses do not change during routine AWS maintenance. If you choose to assign Elastic IP addresses to the instances, share the IP addresses with the Cyware team.
Synchronize with NTP Server
Synchronize the servers used for the Collaborate deployment with the Network Time Protocol (NTP) server of the organization. To check if the system clock is synchronized and NTP is active, run the following command:
timedatectl
Allow Cyware Domains
Add the following Cyware domains to your Allow List. You will require access to these domains during the deployment to download the installation package. You will also need access to the production license server and Help Center for Collaborate.
The Docker registries from which the installer and configuration files can be downloaded:
https://packages.cyware.com/
https://prod.packages.cyware.com
https://cylms.cyware.com
: License management repository that stores license properties and details allocated to an instance of Cyware product.https://support.cyware.com/hc/en-us
: ITSM portal for customers to contact the Cyware support team for assistance.https://techdocs.cyware.com
: Technical documentation portal of Cyware.https://feeds.cyware.com
: Stores the threat feeds provided by Cyware.Note
This URL also enables you to retrieve automated RSS alerts.
Intranet Connectivity
Source | Destination | Direction | Port | Comments |
---|---|---|---|---|
Proxy/Firewall | Web App Server | Unidirectional | 443 | To enable inbound traffic. |
Web App Server | Database Servers | Unidirectional | 5432, 6379, 9000 | To enable Docker communications to the database services. |
Proxy Configuration
If you have a proxy that acts as a gateway between your users and the internet, it should be configured beforehand in all the servers that you use for deployment to ensure network connectivity to Cyware repositories. You can configure the proxy for Collaborate in the vars.yml
file. For more information, see the section Update Vars File in Deploy Collaborate Web Application.
For more information on how to configure proxy on a Linux server, see Configure Proxy on Linux Server.
Domain Details
If you need the Collaborate platform to be available on a specific domain name, have these handy:
Domain Name: Custom domain name on which you want to access the application. For example:
https://tenantcode.myorg.com
. You can configure the domain and tenant code of the application in thevars.yml
file during deployment. For more information, see section Update Vars File in Deploy Collaborate Web Application.SSL Certificates are required with the following details:
Note
You can also generate and use a self-signed SSL certificate. For more information, see Create Self-Signed SSL Certificate.
Root, Intermediate, and Domain certificates in
.crt
formatThe private key of the domain certificate
Store the SSL Certificate (
.crt
) and Key (.key
) files in the/etc/ssl
directory asssl.crt
andssl.key
respectively.
DNS Configuration on Public/Internal DNS server: Configure domain name resolution on the application’s Web/Virtual IP/Loadbalancer’s IP address.
Any rules defined for backend load balancer or backend targets.
Allow External URLs
Allow outbound connections to the following URLs from the Application servers:
(Optional) SSO/SAML URL: Add the embed URL of the SSO/SAML authentication app that you are using to the Allow List. For more information, see Configure SAML 2.0 as the Authentication Method.
(Optional) LDAP URL: Add the URL of the LDAP authentication app you are using to the Allow List.
(Optional) Google Sign-In URL: Add the following URL to the Allow List to enable the Google Sign-In authentication method:
https://accounts.google.com/gsi/client
(Optional) Data sync: Add the URL of the data sync app that you are using to the Allow List
Google URLs: To render a widget in the Collaborate application that shows the Indicators of Compromise (IOCs) by country. The widget uses these APIs to render the world map.
www.gstatic.com
maps.googleapis.com
Note
The Google APIs are required to render a widget in the Collaborate application that shows the Indicators of Compromise (IOCs) by country. The widget uses these APIs to render the world map.
ATT&CK URLs: To fetch information from MITRE ATT&CK and populate Tactics and Techniques in the ATT&CK Heatmap feature of the application.
https://cti-taxii.mitre.org:443
https://cti-taxii.mitre.org/stix/collections/
https://raw.githubusercontent.com
Threat Defender Library URL: To fetch information from Amazon S3 buckets and populate the data into the OSINT Repo of the Threat Defender Library feature in the application.
https://defender-high-fidelity-prod.s3.amazonaws.com
Third-party Integration Feed URLs: By default, Collaborate provides integrations with some third-party apps to receive feeds. Add the following URLs to receive alerts from the apps:
Intel471:
https://api.intel471.com/
AbuseIPDB:
https://api.abuseipdb.com/api/v2/
Flexera:
https://app.secunia.com/api/
andhttps://api.app.secunia.com/api/
AlienVault:
https://otx.alienvault.com/
ThreatStream:
https://optic.threatstream.com/api/