Skip to main content

Cyware Threat Intelligence eXchange

Prerequisites

Ensure that you meet the following prerequisites before initiating the deployment. To use this guide successfully, Cyware recommends you to be familiar with deploying software on Linux servers and installing databases on the Linux Enterprise server.

Note

The default shell that is used for the CTIX deployment is Bash.

CTIX License

Ensure that you have a valid CTIX license key before you deploy the CTIX application and database services. After a successful deployment, you must enter the license key to activate and access the CTIX application. Contact Cyware support to get the license key.

Privileges

You must have sudo user privileges for performing the deployment and installation on your servers. The sudo command allows you to run programs as the root user and execute specific system commands at the root level of the system. You must have passwordless sudo privileges to execute commands without a password prompt on all the required servers. Share the system hardening controls that may have been applied to the Operating System before handing over the server to the Cyware team.

SSH Communication

You must enable passwordless SSH authentication to allow SSH communication from the installer server to the Web App and Database servers. For more information, see Set up Passwordless SSH Authentication.

Network Requirements

Share your Public Gateway IP address with the Cyware team, so that we can add your IP address to our Allow Lists and enable your access to our repository domains.

Server Requirements 

  • The supported OS version for installation and configuration of CTIX is RHEL and CentOS version 7.7, 7.8, 7.9, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, and 9.0.

  • Synchronize the server used in the CTIX deployment with the Network Time Protocol server of the organization. To check if the system clock is synchronized and NTP is active, run the following command:

    timedatectl
Allow Cyware Domains

Add the following Cyware domains to your Allow List. You will require access to these domains during the deployment to download the installation package. You will also need access to the production license server and Cyware Support.

  • The Docker registries from which the installer and configuration files can be downloaded:

    • https://packages.cyware.com 

    • https://prod.packages.cyware.com 

  • https://cylms.cyware.com/v2: License management repository that stores license properties and details allocated to an instance of Cyware product.

  • https://support.cyware.com/hc/en-us: ITSM portal for customers to contact the Cyware support team for assistance.

  • https://techdocs.cyware.com: Technical documentation portal of Cyware.

Intranet Connectivity

Source

Destination

Direction

Port

Comments

Installer Server

Web App and Database Servers

Unidirectional

22

To enable SSH communication between the installer server and the Web App and Database servers.

Port 22 is required only during installation and upgrade. 

Proxy/Firewall

Web App Server

Unidirectional

443

To enable inbound traffic.

Web App and Database Servers

Web App and Database Servers

Bidirectional

TCP 2377 and 7946, UDP 7946 and 4789

To enable Docker Swarm-related communications.

Disk or Mount Point Requirements

Identify the details of storage mount points that are used for the installation of the application and database services. The expected mount point is /apps/cyware/. Make sure that the mount point has sufficient free storage space with storage disks mounted.

Proxy Configuration

If you have a proxy that acts as a gateway between the users and the internet, you must configure the proxy in all servers that you use for deployment to ensure network connectivity to the Cyware repositories. You can configure the proxy for CTIX in the vars.yml file. For more information see the Update Vars File section in Deployment Procedure.

For more information on how to configure proxy on a Linux server, see Configure Proxy on Linux Server.

Domain Details

If you need the CTIX platform to be available on a specific domain name, have these handy:

  • Domain Name: Custom domain name on which you want to access the application. For example: https://tenantcode.myorg.com. You can configure the domain and tenant code of the application in the vars.yml file during deployment. For more information, see section Update Vars File in Deployment Procedure.

  • SSL Certificates are required with the following details:

    Note

    You can also generate and use a self-signed SSL certificate. For more information, see Create Self-Signed SSL Certificate.

    • Root, Intermediate, and Domain certificates in .crt format

    • The private key of the domain certificate

      Store the SSL Certificate (.crt) and Key (.key) files in the /etc/ssl directory as ssl.crt and ssl.key respectively.

  • DNS Configuration on Public/Internal DNS server: Configure domain name resolution on the application’s Web/Virtual IP/Loadbalancer’s IP address.

Docker Requirements

The CTIX application and database services run as Docker containers. Ensure that you meet all the prerequisites to install Docker. For more information, refer to the following prerequisites based on your OS:

Install Python

You must install Python version 3.9 on the installer server to run the Ansible script that deploys the CTIX application and database services.

To install Python on the installer server, run the following commands.

sudo yum install wget -y
wget https://packages.cyware.com/repository/cyware/installer/python/install-python39.sh
bash install-python39.sh

Note

Installing Python version 3.9 does not affect an earlier version of Python if already installed on the server.

Add Cyware Repository

Add the Cyware repository in your RedHat and CentOS-based distributions for the OS-level library installer to download the CTIX installer package, CTIX application images, and the OS dependencies that are required by CTIX.

To add the Cyware repository to the installer server, do the following:

  1. To create and open a docker.repo file in the /etc/yum.repos.d/ directory, run the following command:

    vi /etc/yum.repos.d/docker.repo
  2. Update the docker.repo file with the Cyware repository details. Based on the version of your CentOS and RHEL distribution, see the Cyware repository details below and update.

  3. Save and exit.

[cyware-docker]
name=Docker CE Stable
baseurl=https://packages.cyware.com/repository/docker-yum-proxy/7/$basearch/stable
enabled=1
gpgcheck=0
priority=1


[centosplus]
name=CentOS-7 - Plus
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/centosplus/$basearch/
gpgcheck=0
enabled=1



[extras]
name=CentOS-7 - Extras
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/extras/$basearch/
gpgcheck=0
enabled=1


[cr]
name=CentOS-7 - cr
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/cr/$basearch/
gpgcheck=0
enabled=1



[fasttrack]
name=CentOS-7 - fasttrack
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/fasttrack/$basearch/
gpgcheck=0
enabled=1

[os]
name=CentOS-7 - fasttrack
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/os/$basearch/
gpgcheck=0
enabled=1
[cyware-docker]
name=Docker CE Stable
baseurl=https://packages.cyware.com/repository/docker-yum-proxy/linux/centos/8/$basearch/stable
enabled=1
gpgcheck=0
priority=1

[centosplus]
name=CentOS-8-stream - Plus
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/centosplus/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[extras]
name=CentOS-8-stream - Extras
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/extras/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[cr]
name=CentOS-8-stream - cr
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/cr/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[Appstream]
name=CentOS-8-stream - Appstream
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/AppStream/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[BaseOS]
name=CentOS-8-stream - BaseOS
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/BaseOS/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[PowerTools]
name=CentOS-8-stream - PowerTools
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/PowerTools/$basearch/os/
gpgcheck=0
enabled=1
priority=2
[cyware-docker]
name=Docker CE Stable
baseurl=https://packages.cyware.com/repository/docker-yum-proxy/linux/centos/9/$basearch/stable
enabled=1
gpgcheck=0
priority=1


[Appstream]
name=CentOS-9-stream - Appstream
baseurl=https://packages.cyware.com/repository/centos-9-proxy/AppStream/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[BaseOS]
name=CentOS-9-stream - BaseOS
baseurl=https://packages.cyware.com/repository/centos-9-proxy/BaseOS/$basearch/os/
gpgcheck=0
enabled=1
priority=3
Update Path Variable

To update the path variable, do the following:

  1. Open the following files: ~/.bash_profile and ~/.bashrc.

    Note

    You need sudo privileges to modify these files. Use the sudo command to open these files. For example, sudo vi ~/.bashrc.

  2. Insert the following path variable at the end of the files.

    PATH=$PATH:/usr/local/bin:$HOME/bin
  3. Save and exit.

  4. Run the following commands:

    source ~/.bash_profile
    source ~/.bashrc
Install Ansible

You must install Ansible to run the Ansible script that deploys the CTIX application and database services.

To install Ansible on the installer server, run the following command:

pip3.9 install ansible -i https://packages.cyware.com/repository/pypi-group/simple/

To verify if Ansible is installed, run the following command:

ansible --version

Sample Output 

 [root@ip-10-xx-xx-64 bin]# ansible --version
ansible [core 2.13.6]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.13 (main, Nov 18 2022, 05:59:41) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
  jinja version = 3.1.2
  libyaml = True
Install Unzip Command

You must install the unzip command to extract the CTIX installer package. To install the unzip command, run the following command:

sudo yum install -y unzip
Allow External URLs
  • (Optional) App URLs: Allow outbound connection to the third-party application URLs that you want to integrate with CTIX. For example, CrowdStrike, AlienVault, and more.

  • (Optional) SSO/SAML URL: Add the embed URL of the SSO/SAML authentication app that you are using to the Allow List. For more information, see Configure SAML 2.0 as the Authentication Method.

  • (Optional) LDAP URL: Add the URL of the LDAP authentication app that you are using to the Allow List.

  • (Optional) Google Sign-In URL: Add the following URL to the Allow List to enable the Google Sign-In authentication method:

    https://accounts.google.com/gsi/client
  • Google URL: Allow outbound connections to the following Google URLs:

    • https://fonts.gstatic.com: To render the Google fonts that are used in the CTIX application

    • https://maps.googleapis.com: To render Google Maps and display a map view of the IP threat data.

  • MITRE ATT&CK Navigator URL: Allow outbound connections to the following GitHub URLs to allow access to the MITRE ATT&CK Navigator repository: 

    • https://github.com/mitre-attack 

    • https://raw.githubusercontent.com/MISP/ 

    • https://raw.githubusercontent.com/mitre/ 

  • Public Suffix URL: Allow outbound connections to the following public suffix URL to render TLD-related widgets in the CTIX dashboards: https://publicsuffix.org/list/public_suffix_list.dat