Skip to main content

Cyware Situational Awareness Platform

Deployment Methods

You can deploy the Collaborate web application and database services using one of the following methods:

  • VMDK: This deployment method creates virtual machines and deploys the web application and database services on a virtualization platform, such as VMware vSphere. For more information, see Deploy Using VMDK.

  • AWS Cloud: This deployment method creates EC2 instances on AWS and deploys the application and database services. For more information, see Deploy on AWS Cloud.

  • Ansible: This deployment method deploys the application and database services on your servers using an Ansible script. For more information, see Deploy Using Ansible.

Deploy Using VMDK

Virtual Machine Disk (VMDK) is a file format for disk image files that describes the containers for the virtual hard disk drives to be used in virtual machines. Virtualization platform users can use this method to create virtual machines and deploy the Collaborate services using the .vmdk files provided by Cyware.

Ensure that you have a valid Collaborate license key before you start the deployment. After a successful deployment, you must enter the license key to activate and access the Collaborate application. Contact Cyware Support to get a license key.

Refer to the following steps to deploy the Collaborate web application and database services:

  1. Download Disk Images

  2. Upload Disk Images on Virtual Platform

  3. Create Virtual Machines

  4. Prerequisites

  5. Deploy Collaborate Web Application

Download Disk Images

Download the disk images (.vmdk files) for both the web application and database servers and use them to create virtual machines.

Note

Share your Public Gateway IP address with the Cyware team to add your IP address to Cyware's Allow List. This enables you to access the Cyware repository domains and download the .vmdk files. 

To download the .vmdk files, use the following Cyware repository URLs:

  • .vmdk file for the web application server: https://packages.cyware.com/repository/cyware/installer/vmdk/csap/csap-app.vmdk

  • .vmdk file for the database server: https://packages.cyware.com/repository/cyware/installer/vmdk/csap/csap-db.vmdk

Upload Disk Images on Virtual Platform

Upload the .vmdk files for the Collaborate database and web application servers on the virtualization platform. The .vmdk files will be used as the disk image of the virtual machines. 

This topic provides the steps to upload the .vmdk files on VMware vSphere v7.0 or later versions. The steps may vary based on the virtualization platform you are using. Refer to the documentation of your virtualization platform to upload the .vmdk files.

Based on the VMware virtualization client you are using, follow the steps mentioned in the following topics to upload the disk images:

Important

The .vmdk files for the Collaborate database and web application servers are generic disk images and must be converted as per the virtualization platform you are using. For example, if you are using the VMware vSphere platform refer to the vmkfstools documentation and convert the disk image files.

Upload Disk Images Using vCenter

To upload the .vmdk file of the Collaborate database server on the VMware vSphere platform using vCenter, do the following:

  1. Sign in to VMware vSphere Client.

  2. Click Storage on the left and select a host.

  3. Right-click the datastore you want to use to create virtual machines and select Browse Files.

  4. Select a folder to upload the .vmdk file and click UPLOAD FILES.

  5. Select the .vmdk file for the Collaborate database server and click Open.

Refresh the datastore file browser to view the uploaded .vmdk file on the list. Similarly, upload the .vmdk file of the Collaborate web application server.

Upload Disk Images Using ESXi Host Client

To upload the .vmdk file of the Collaborate database server on the VMware vSphere platform using the ESXi host client, do the following:

  1. Sign in to VMware ESXi Host Client.

  2. Go to Navigator > Storage.

  3. Click Datastore browser and select the datastore and directory to store the .vmdk file.

  4. Click Upload.

  5. Select the .vmdk file for the Collaborate database server and click Open.

Similarly, upload the .vmdk file of the Collaborate web application server.

Create Virtual Machines

Create virtual machines on the virtualization platform to deploy the Collaborate web application and database services. This topic provides the steps to create virtual machines on VMware vSphere v7.0 or later versions. The steps may vary based on the virtualization platform you are using. Refer to the documentation of your virtualization platform to create virtual machines.

For more information on how to create a virtual machine on the VMware vSphere platform, see Create a Virtual Machine on VMware vSphere

Based on the VMware virtualization client you are using, follow the steps mentioned in the following topics to create virtual machines:

Create Virtual Machines Using vCenter

To create a virtual machine for the Collaborate database server on the VMware vSphere platform using vCenter, do the following:

  1. Sign in to VMware vSphere Client.

  2. Select the host or cluster on which you want to create the virtual machine.

  3. Click Actions > New Virtual Machines.

  4. In Select a creation type, select Create a new virtual machine and click NEXT.

  5. In Select a name and folder, do the following and click NEXT.

    • Enter a name for the virtual machine. For example, Collaborate DB Server.

    • Select a location to store the virtual machine. For example, ESXi U2 7.0 virtual machine.

  6. In Select a compute resource, select the destination compute resource to run the virtual machine. After selecting a compute resource, if Compatibility displays Compatibility checks succeeded then everything is correct and you can continue.

  7. In Select storage, select a datastore where the virtual machine and virtual disk files will be stored and click NEXT.

  8. In Select compatibility, select compatibility for this virtual machine depending on the ESXi hosts used in your environment, and click NEXT. For example, ESXi U2 7.0 virtual machine.

  9. In Select a guest OS, enter the following details and click NEXT:

    • Guest OS family: Select Linux as the operating system family.

    • Guest OS version: Select Centos 7 (64 bit).

  10. In Customize hardware, do the following and click NEXT:

    • In New Network, choose the correct port group for your environment and select the Adapter Type as E1000e.

    • Remove the existing hard disk.

    • Click ADD NEW DEVICEExisting Hard Disk and select the converted .vmdk file for the Collaborate database server.

    • Configure the number of CPUs, memory, and storage for the Collaborate database server. For more information, see System Requirements.

  11. Review the virtual machine settings and click FINISH.

A virtual machine creation task is initiated. After the task is completed, a virtual machine is created with all the Collaborate database services deployed.

Similarly, follow the above-mentioned steps to create a virtual machine using the .vmdk file for the web application server. Creating a virtual machine for the web application server does not deploy the web application services automatically. Refer to the Prerequisites and Deploy Collaborate Web Application to deploy the web application services.

After creating the virtual machines, Cyware recommends you sign in to the operating system of the virtual machines and update the password of the operating system. The default credentials to sign in to the operating system are:

  • Username: centos

  • Password: centos

Create Virtual Machines Using ESXi Client

To create a virtual machine for the Collaborate database server on the VMware vSphere platform using the ESXi host client, do the following:

  1. Sign in to VMware ESXi Host Client.

  2. Go to Navigator > Virtual Machines and click Create/Register VM.

  3. In Select creation type, select Create a new virtual machine and click NEXT.

  4. In Select a name and guest OS, do the following and click NEXT.

    • Name: Enter a name for the virtual machine to identify in VMware ESXi Host Client. For example, Collaborate DB Server.

    • Compatibility: Select the ESXi version of the virtual machine. For example, ESXi 7.0 U2 virtual machine.

    • Guest OS family: Select Linux as the operating system family.

    • Guest OS version: Select Centos 7 (64 bit).

  5. In Select storage, select a datastore and click NEXT.

  6. In Customize settings, do the following and click NEXT:

    1. In Network Adapter 1, select the Adapter Type as E1000e.

    2. Remove the existing hard disk Hard disk 1.

    3. Click Add hard disk > Existing hard disk and select the converted .vmdk file for the Collaborate database server.

    4. Configure the number of CPUs, memory, and storage for the Collaborate database server. For more information, see System Requirements.

  7. Review the virtual machine settings and click FINISH.

VMware ESXi Host Client adds a task to the queue to create the virtual machines and deploy the web application and database services. You can track the progress in Recent Tasks. After the task is completed, the virtual machine is created with all the Collaborate database services deployed.

Similarly, follow the above-mentioned steps to create a virtual machine using the .vmdk file for the web application server. Creating a virtual machine for the web application server does not deploy the web application services automatically. Refer to the Prerequisites and Deploy Collaborate Web Application to deploy the web application services.

After creating the virtual machines, Cyware recommends you sign in to the operating system of the virtual machines and update the password of the operating system. The default credentials to sign in to the operating system are:

  • Username: centos

  • Password: centos

Prerequisites

Ensure that the following prerequisites are met before initiating deployment. To use this guide successfully, Cyware recommends that users be familiar with virtual machine environments, deploying software on Linux servers, and installing a database on the Linux Enterprise Server.

Note

The default shell that is used for the Collaborate deployment is Bash.

  1. Network Requirements

  2. Synchronize with NTP Server

  3. Allow Cyware Domains

  4. Intranet Connectivity

  5. Proxy Configuration

  6. Domain Details

  7. Allow External URLs

  8. Operating System Requirements

Network Requirements

Share the public gateway IP address of your servers with the Cyware team, so that we can add the IP addresses to our Allow List and enable access to our repository domains.

Synchronize with NTP Server

Synchronize the servers used for the Collaborate deployment with the Network Time Protocol (NTP) server of the organization. To check if the system clock is synchronized and NTP is active, run the following command:

timedatectl
Allow Cyware Domains

Add the following Cyware domains to your Allow List. You will require access to these domains during the deployment to download the installation package. You will also need access to the production license server and Help Center for Collaborate.

  • The Docker registries from which the installer and configuration files can be downloaded:

    • https://packages.cyware.com/

    • https://prod.packages.cyware.com

  • https://cylms.cyware.com: License management repository that stores license properties and details allocated to an instance of Cyware product.

  • https://support.cyware.com/hc/en-us: ITSM portal for customers to contact the Cyware support team for assistance.

  • https://techdocs.cyware.com: Technical documentation portal of Cyware.

  • https://feeds.cyware.com: Stores the threat feeds provided by Cyware.

    Note

    This URL also enables you to retrieve automated RSS alerts.

  • https://central-mfa.cyware.com: Required to access the user interface for specific features such as Threat Defender Library and Intelligence Requirements.

Intranet Connectivity

Source

Destination

Direction

Port

Comments

Proxy/Firewall

Web App Server

Unidirectional

443

To enable inbound traffic.

Web App Server

Database Servers

Unidirectional

5432, 6379, 9000

To enable Docker communications to the database services.

Proxy Configuration

If you have a proxy that acts as a gateway between your users and the internet, it should be configured beforehand in all the servers that you use for deployment to ensure network connectivity to Cyware repositories. You can configure the proxy for Collaborate in the vars.yml file. For more information, see the section Update Vars File in Deploy Collaborate Web Application.

For more information on how to configure proxy on a Linux server, see Configure Proxy on Linux Server.

Domain Details

If you need the Collaborate platform to be available on a specific domain name, have these handy:

  • Domain Name: Custom domain name on which you want to access the application. For example: https://tenantcode.myorg.com. You can configure the domain and tenant code of the application in the vars.yml file during deployment. For more information, see section Update Vars File in Deploy Collaborate Web Application.

  • SSL Certificates are required with the following details:

    Note

    You can also generate and use a self-signed SSL certificate. For more information, see Create Self-Signed SSL Certificate.

    • Root, Intermediate, and Domain certificates in .crt format

    • The private key of the domain certificate

      Store the SSL Certificate (.crt) and Key (.key) files in the /etc/ssl directory as ssl.crt and ssl.key respectively.

  • DNS Configuration on Public/Internal DNS server: Configure domain name resolution on the application’s Web/Virtual IP/Loadbalancer’s IP address.

  • Any rules defined for backend load balancer or backend targets.

Allow External URLs

 Allow outbound connections to the following URLs from the Application servers:

  • (Optional) SSO/SAML URL: Add the embed URL of the SSO/SAML authentication app that you are using to the Allow List. For more information, see Configure SAML 2.0 as the Authentication Method.

  • (Optional) LDAP URL: Add the URL of the LDAP authentication app you are using to the Allow List.

  • (Optional) Google Sign-In URL: Add the following URL to the Allow List to enable the Google Sign-In authentication method:

    https://accounts.google.com/gsi/client

  • (Optional) Data sync: Add the URL of the data sync app that you are using to the Allow List

  • Google URLs: To render a widget in the Collaborate application that shows the Indicators of Compromise (IOCs) by country. The widget uses these APIs to render the world map.

    • www.gstatic.com

    • maps.googleapis.com 

    Note

    The Google APIs are required to render a widget in the Collaborate application that shows the Indicators of Compromise (IOCs) by country. The widget uses these APIs to render the world map.

  • ATT&CK URLs: To fetch information from MITRE ATT&CK and populate Tactics and Techniques in the ATT&CK Heatmap feature of the application.

    • https://cti-taxii.mitre.org:443

    • https://cti-taxii.mitre.org/stix/collections/

    • https://raw.githubusercontent.com

  • Threat Defender Library URL: To fetch information from Amazon S3 buckets and populate the data into the OSINT Repo of the Threat Defender Library feature in the application.

    • https://defender-high-fidelity-prod.s3.amazonaws.com

  • Third-party Integration Feed URLs: By default, Collaborate provides integrations with some third-party apps to receive feeds. Add the following URLs to receive alerts from the apps:

    • Intel471: https://api.intel471.com/

    • AbuseIPDB: https://api.abuseipdb.com/api/v2/

    • Flexera: https://app.secunia.com/api/ and https://api.app.secunia.com/api/

    • AlienVault: https://otx.alienvault.com/

    • ThreatStream: https://optic.threatstream.com/api/

Operating System Requirements

RHEL 8.x (Red Hat Enterprise Linux 8) OS versions are supported for deployment, ensuring compatibility with necessary system requirements.

Deploy Collaborate Web Application

Review the Prerequisites before you start the deployment. The steps to deploy the web application services are:

  1. Update Vars File

  2. Deploy Collaborate Application Stack

Update Vars File

The vars.yml file includes variables, such as IP address of the database server, base path, database passwords, and endpoints, that are needed for the Collaborate application and database services.

Before you Start 

Ensure that you have configured static IP addresses for the database and web application servers.

Steps 

To update the vars.yml file, do the following:

  1. Run the following command on the web application server to open the vars.yml file in edit mode:

    vi /home/centos/csap-installer/vars/csap/vars.yml

  2. Update the respective values, such as base and log paths, database URLs and passwords, and more.

  3. Save and exit.

Deploy Collaborate Application Stack

To deploy the web application services, go to the /home/centos/ directory and run the following command on the web application server:

bash app.sh

Note

The app.sh script takes some time to run. Do not interrupt while the script is running.

Sample Output
PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [10.xx.xx.20]

TASK [deploy/deploy-csap : Change ansible python interpreter to python3] *******
ok: [10.xx.xx.20]

TASK [deploy/deploy-csap : create directory if they don't exist] ***************
changed: [10.xx.xx.20] => (item=/apps/cyware/conf)
changed: [10.xx.xx.20] => (item=/apps/cyware/data)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/csap)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/webapp)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/dashboard)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/celery-beat)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/celery-notification)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/celery-worker)
changed: [10.xx.xx.20] => (item=/apps/cyware/shared_apps)
changed: [10.xx.xx.20] => (item=/apps/cyware/fusionexport/data)
changed: [10.xx.xx.20] => (item=/apps/cyware/configs)

TASK [deploy/deploy-csap : Change ansible python interpreter to python2] *******
ok: [10.xx.xx.20]

TASK [deploy/deploy-csap : Copy config.yaml] ***********************************
changed: [10.xx.xx.20]

TASK [deploy/deploy-csap : Copy csap.env] **************************************
changed: [10.xx.xx.20]

TASK [deploy/deploy-csap : Copy csap stack file] *******************************
changed: [10.xx.xx.20]

TASK [deploy/deploy-csap : Change ansible python interpreter to python3] *******
ok: [10.xx.xx.20]

TASK [deploy/deploy-csap : Remove CSAP stack] **********************************
21:47:22  changed: [10.xx.xx.2
.
.
.
.
TASK [deploy/deploy-csap : Deploy csap stack from a compose file] **************
changed: [10.xx.xx.20]

TASK [deploy/deploy-csap : Wait for services to become healthy] ****************
Pausing for 90 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [10.xx.xx.20]

PLAY RECAP *********************************************************************
10.xx.xx.20                 : ok=18   changed=12   unreachable=0    failed=0    skipped=0    rescued=0    ignored=1   
Deploy on AWS Cloud

Use this deployment method to create EC2 instances on the Amazon Web Services (AWS) platform and deploy the Collaborate web application and database services. Refer to the following steps to deploy the Collaborate web application and database services:

  1. Get Collaborate AMIs

  2. Create EC2 Instances

  3. Prerequisites

  4. Deployment Procedure

Get Collaborate AMIs

Note

To deploy Collaborate on AWS GovCloud, contact Cyware Support to get the AMIs.

Amazon Machine Images (AMIs) for the Collaborate web application and database servers are available on AWS as shared AMIs. You can use the AMIs to create EC2 instances for the Collaborate servers. The Collaborate AMIs include an image of the CentOS 7 operating system.

To enable Cyware to share the AMIs with you, share the following details:

  • AWS account ID

  • Region

AWS account ID is a 12-digit unique identification number of your AWS account. You can retrieve your account ID in the following ways:

  • In the AWS console, you can find it in the account details. 

  • In the AWS command line interface, to retrieve your account ID run the following command:

sts get-caller-identity 

After you share your AWS account ID and region, Cyware shares the AMIs with your AWS account ID. Also, Cyware shares the ID of the AMIs with you to identify the shared AMIs on AWS.

Create EC2 Instances

Use the AMIs shared by Cyware to create EC2 instances for the Collaborate web application and database servers.

To create an EC2 instance on AWS for the Collaborate database server, do the following:

Note

The steps to create an instance may change. Follow the AWS Knowledge Center to create an instance.

  1. Sign in to AWS and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, go to Images > AMIs.

  3. Click the Owned by me drop-down and select Private images.

  4. Search for the ID of the Intel Exchange database AMI shared by Cyware.

  5. Click Select next to the AMI, and then click Launch Instance with AMI.

  6. Enter the following details for the instance:

    • Name and tags: Enter a unique name to identify the instance. For example, Collaborate Database.

    • Application and OS Images (Amazon Machine Image): The Intel Exchange database AMI is preselected.

    • Instance type: Select an instance type based on the number of CPUs and memory required for the instance. For more information, see System Requirements.

      Note

      • Collaborate supports T3 or newer x86 instance types only.

      • Currently, Collaborate does not support T2 or ARM (AWS Graviton) instance types.

    • Key pair (login): You can use a key pair to securely connect to your instance. For more information, see Amazon EC2 key pairs.

    • Network settings: Choose your VPC and Subnet.

    • Configure storage: Configure the required storage for the instance. For more information, see System Requirements.

  7. Under Summary, click Launch instance.

You can view the status of the instance in the Instances list. After the instance is created, a virtual machine is created with all the Collaborate database services deployed.

Similarly, follow the above-mentioned steps to create an EC2 instance using the AMI for the Collaborate web application server. Creating an instance for the web application server does not deploy the web application services automatically. Refer to the Prerequisites and Deploy Collaborate Web Application to deploy the web application services.

After creating the EC2 instances, Cyware recommends you sign in to the operating system of the instances and update the password of the operating system. The default credentials to sign in to the operating system are:

  • Username: centos

  • Password: centos

Prerequisites

Ensure that the following prerequisites are met before initiating deployment. To use this guide successfully, Cyware recommends users to be familiar with virtual machine environments, deploying software on Linux servers, and installing a database on the Linux Enterprise Server.

Note

The default shell that is used for the Collaborate deployment is Bash.

  1. Network Requirements

  2. Synchronize with NTP Server

  3. Allow Cyware Domains

  4. Intranet Connectivity

  5. Proxy Configuration

  6. Domain Details

  7. Allow External URLs

  8. Operating System Requirements

Network Requirements

Share the public gateway IP address of your servers with the Cyware team, so that we can add the IP addresses to our Allow List and enable access to our repository domains.

Cyware recommends you provision and assign Elastic IP addresses to the deployed EC2 instances to ensure that the IP addresses do not change during routine AWS maintenance. If you choose to assign Elastic IP addresses to the instances, share the IP addresses with the Cyware team.

Synchronize with NTP Server

Synchronize the servers used for the Collaborate deployment with the Network Time Protocol (NTP) server of the organization. To check if the system clock is synchronized and NTP is active, run the following command:

timedatectl
Allow Cyware Domains

Add the following Cyware domains to your Allow List. You will require access to these domains during the deployment to download the installation package. You will also need access to the production license server and Help Center for Collaborate.

  • The Docker registries from which the installer and configuration files can be downloaded:

    • https://packages.cyware.com/ 

    • https://prod.packages.cyware.com 

  • https://cylms.cyware.com: License management repository that stores license properties and details allocated to an instance of Cyware product.

  • https://support.cyware.com/hc/en-us: ITSM portal for customers to contact the Cyware support team for assistance.

  • https://techdocs.cyware.com: Technical documentation portal of Cyware.

  • https://feeds.cyware.com: Stores the threat feeds provided by Cyware.

    Note

    This URL also enables you to retrieve automated RSS alerts.

  • https://central-mfa.cyware.com: Required to access the user interface for specific features such as Threat Defender Library and Intelligence Requirements.

Intranet Connectivity

Source

Destination

Direction

Port

Comments

Proxy/Firewall

Web App Server

Unidirectional

443

To enable inbound traffic.

Web App Server

Database Servers

Unidirectional

5432, 6379, 9000

To enable Docker communications to the database services.

Proxy Configuration

If you have a proxy that acts as a gateway between your users and the internet, it should be configured beforehand in all the servers that you use for deployment to ensure network connectivity to Cyware repositories. You can configure the proxy for Collaborate in the vars.yml file. For more information, see the section Update Vars File in Deploy Collaborate Web Application.

For more information on how to configure proxy on a Linux server, see Configure Proxy on Linux Server.

Domain Details

If you need the Collaborate platform to be available on a specific domain name, have these handy:

  • Domain Name: Custom domain name on which you want to access the application. For example: https://tenantcode.myorg.com. You can configure the domain and tenant code of the application in the vars.yml file during deployment. For more information, see section Update Vars File in Deploy Collaborate Web Application.

  • SSL Certificates are required with the following details:

    Note

    You can also generate and use a self-signed SSL certificate. For more information, see Create Self-Signed SSL Certificate.

    • Root, Intermediate, and Domain certificates in .crt format

    • The private key of the domain certificate

      Store the SSL Certificate (.crt) and Key (.key) files in the /etc/ssl directory as ssl.crt and ssl.key respectively.

  • DNS Configuration on Public/Internal DNS server: Configure domain name resolution on the application’s Web/Virtual IP/Loadbalancer’s IP address.

  • Any rules defined for backend load balancer or backend targets.

Allow External URLs

Allow outbound connections to the following URLs from the Application servers:

  • (Optional) SSO/SAML URL: Add the embed URL of the SSO/SAML authentication app that you are using to the Allow List. For more information, see Configure SAML 2.0 as the Authentication Method.

  • (Optional) LDAP URL: Add the URL of the LDAP authentication app you are using to the Allow List.

  • (Optional) Google Sign-In URL: Add the following URL to the Allow List to enable the Google Sign-In authentication method:

    https://accounts.google.com/gsi/client

  • (Optional) Data sync: Add the URL of the data sync app that you are using to the Allow List

  • Google URLs: To render a widget in the Collaborate application that shows the Indicators of Compromise (IOCs) by country. The widget uses these APIs to render the world map.

    • www.gstatic.com 

    • maps.googleapis.com  

    Note

    The Google APIs are required to render a widget in the Collaborate application that shows the Indicators of Compromise (IOCs) by country. The widget uses these APIs to render the world map.

  • ATT&CK URLs: To fetch information from MITRE ATT&CK and populate Tactics and Techniques in the ATT&CK Heatmap feature of the application.

    • https://cti-taxii.mitre.org:443 

    • https://cti-taxii.mitre.org/stix/collections/ 

    • https://raw.githubusercontent.com 

  • Threat Defender Library URL: To fetch information from Amazon S3 buckets and populate the data into the OSINT Repo of the Threat Defender Library feature in the application.

    • https://defender-high-fidelity-prod.s3.amazonaws.com 

  • Third-party Integration Feed URLs: By default, Collaborate provides integrations with some third-party apps to receive feeds. Add the following URLs to receive alerts from the apps:

    • Intel471: https://api.intel471.com/

    • AbuseIPDB: https://api.abuseipdb.com/api/v2/

    • Flexera: https://app.secunia.com/api/ and https://api.app.secunia.com/api/

    • AlienVault: https://otx.alienvault.com/

    • ThreatStream: https://optic.threatstream.com/api/

Operating System Requirements

RHEL 8.x (Red Hat Enterprise Linux 8) OS versions are supported for deployment, ensuring compatibility with necessary system requirements.

Deployment Procedure

Review the Prerequisites before you start the deployment. The steps to deploy the web application services are:

  1. Update Vars File

  2. Deploy Collaborate Application Stack

Update Vars File

The vars.yml file includes variables, such as IP address of the database server, base path, database passwords, and endpoints, that are needed for the Collaborate application and database services.

Before you Start

Ensure that you have configured static IP addresses for the database and web application servers.

Steps

To update the vars.yml file, do the following:

  1. Run the following command on the web application server to open the vars.yml file in edit mode:

    vi /home/centos/csap-installer/vars/csap/vars.yml

  2. Update the respective values, such as base and log paths, database URLs and passwords, and more.

  3. Save and exit.

Deploy Collaborate Application Stack

To deploy the web application services, go to the /home/centos/ directory and run the following command on the web application server:

bash app.sh

Note

The app.sh script takes some time to run. Do not interrupt while the script is running.

Sample Output
PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [10.xx.xx.20]

TASK [deploy/deploy-csap : Change ansible python interpreter to python3] *******
ok: [10.xx.xx.20]

TASK [deploy/deploy-csap : create directory if they don't exist] ***************
changed: [10.xx.xx.20] => (item=/apps/cyware/conf)
changed: [10.xx.xx.20] => (item=/apps/cyware/data)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/csap)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/webapp)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/dashboard)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/celery-beat)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/celery-notification)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/celery-worker)
changed: [10.xx.xx.20] => (item=/apps/cyware/shared_apps)
changed: [10.xx.xx.20] => (item=/apps/cyware/fusionexport/data)
changed: [10.xx.xx.20] => (item=/apps/cyware/configs)

TASK [deploy/deploy-csap : Change ansible python interpreter to python2] *******
ok: [10.xx.xx.20]

TASK [deploy/deploy-csap : Copy config.yaml] ***********************************
changed: [10.xx.xx.20]

TASK [deploy/deploy-csap : Copy csap.env] **************************************
changed: [10.xx.xx.20]

TASK [deploy/deploy-csap : Copy csap stack file] *******************************
changed: [10.xx.xx.20]

TASK [deploy/deploy-csap : Change ansible python interpreter to python3] *******
ok: [10.xx.xx.20]

TASK [deploy/deploy-csap : Remove CSAP stack] **********************************
21:47:22  changed: [10.xx.xx.2
.
.
.
.
TASK [deploy/deploy-csap : Deploy csap stack from a compose file] **************
changed: [10.xx.xx.20]

TASK [deploy/deploy-csap : Wait for services to become healthy] ****************
Pausing for 90 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [10.xx.xx.20]

PLAY RECAP *********************************************************************
10.xx.xx.20                 : ok=18   changed=12   unreachable=0    failed=0    skipped=0    rescued=0    ignored=1
Deploy Using Ansible

Notice

This deployment method has been deprecated from November 1, 2023, and is no longer supported. This page is retained solely for historical reference.

Use this deployment method to deploy on dedicated servers for the web application and database services. This method uses an Ansible script to deploy the services on the servers from an installer server via SSH.

Prerequisites

Ensure that the following prerequisites are met before initiating deployment. To use this guide successfully, Cyware recommends that users to be familiar with deploying software on Linux servers and installing a database on the Linux Enterprise Server.

Note

The default shell that is used for the Collaborate deployment is Bash.

  1. Collaborate License

  2. Privileges

  3. Create OS User

  4. SSH Communication

  5. Network Requirements

  6. Allow Domains and URLs

  7. Intranet Connectivity

  8. Disk or Mount Point Requirements

  9. Proxy Configuration

  10. Domain Details

  11. Docker Requirements

  12. Install Python

  13. Add Cyware Repository

  14. Update Path Variable

  15. Install Ansible

  16. Install Unzip Command

  17. Operating System Requirements

Collaborate License

Ensure that you have a valid Collaborate license key before you deploy the Collaborate application and database services. After a successful deployment, you must enter the license key to activate and access the Collaborate application. Contact Cyware support to get the license key.

Privileges

You must have sudo user privileges for performing the deployment and installation on your servers. The sudo command allows you to run programs as the root user and execute specific system commands at the root level of the system. You must have passwordless sudo privileges to execute commands without a password prompt on all the required servers. Share the system hardening controls that may have been applied to the Operating System before handing over the server to the Cyware deployment team.

Create OS User

You must create a user in the OS with the user and group ID as 1000 on each server. To create a user in the OS, run the following command:

sudo useradd -u 1000 <username>
SSH Communication

You must enable passwordless SSH authentication for the user with user and group ID 1000 on each server. This allows seamless SSH communication from the installer server to the Web App and Database servers. For more information, see Set up Passwordless SSH Authentication.

Network Requirements

Share your Public Gateway IP address with the Cyware team, so that we can add your IP address to our Allow Lists and enable your access to our repository domains.

Server Requirements

  • The supported OS version for installation and configuration of Collaborate is RHEL and CentOS version 7.7, 7.8, 7.9, 8.1, 8.2, 8.3, 8.4, 8.5, and 8.6.

  • Synchronize the server used in the Collaborate deployment with the Network Time Protocol server of the organization. To check if the system clock is synchronized and NTP is active, run the following command:

    timedatectl
Allow Domains and URLs

Cyware Domains

Add the following Cyware domains to your Allow List. You will require access to these domains during the deployment to download the installation package. You will also need access to the production license server and Help Center for Collaborate.

  • The Docker registries from which the installer and configuration files can be downloaded:

    • https://packages.cyware.com/

    • https://prod.packages.cyware.com

  • https://cylms.cyware.com: License management repository that stores license properties and details allocated to an instance of Cyware product.

  • https://support.cyware.com/hc/en-us: ITSM portal for customers to contact the Cyware support team for assistance.

  • https://techdocs.cyware.com: Technical documentation portal of Cyware.

  • https://feeds.cyware.com: Stores the threat feeds provided by Cyware.

    Note

    This URL also enables you to retrieve automated RSS alerts.

  • https://central-mfa.cyware.com: Required to access the user interface for specific features such as Threat Defender Library and Intelligence Requirements.

External URLs

Allow outbound connections to the following URLs from the Application servers:

  • (Optional) SSO/SAML URL: Add the embed URL of the SSO/SAML authentication app that you are using to the Allow List. For more information, see Configure SAML 2.0 as the Authentication Method.

  • (Optional) LDAP URL: Add the URL of the LDAP authentication app you are using to the Allow List.

  • (Optional) Google Sign-In URL: Add the following URL to the Allow List to enable the Google Sign-In authentication method:

    https://accounts.google.com/gsi/client

  • (Optional) Data sync: Add the URL of the data sync app that you are using to the Allow List

  • Google URLs: To render a widget in the Collaborate application that shows the Indicators of Compromise (IOCs) by country. The widget uses these APIs to render the world map.

    • www.gstatic.com

    • maps.googleapis.com 

    Note

    The Google APIs are required to render a widget in the Collaborate application that shows the Indicators of Compromise (IOCs) by country. The widget uses these APIs to render the world map.

  • ATT&CK URLs: To fetch information from MITRE ATT&CK and populate Tactics and Techniques in the ATT&CK Heatmap feature of the application.

    • https://cti-taxii.mitre.org:443

    • https://cti-taxii.mitre.org/stix/collections/

    • https://raw.githubusercontent.com

  • Threat Defender Library URL: To fetch information from Amazon S3 buckets and populate the data into the OSINT Repo of the Threat Defender Library feature in the application.

    • https://defender-high-fidelity-prod.s3.amazonaws.com

  • Third-party Integration Feed URLs: By default, Collaborate provides integrations with some third-party apps to receive feeds. Add the following URLs to receive alerts from the apps:

    • Intel471: https://api.intel471.com/

    • AbuseIPDB: https://api.abuseipdb.com/api/v2/

    • Flexera: https://app.secunia.com/api/ and https://api.app.secunia.com/api/

    • AlienVault: https://otx.alienvault.com/

    • ThreatStream: https://optic.threatstream.com/api/

Intranet Connectivity

Source

Destination

Direction

Port

Comments

Installer Server

Web App and Database Servers

Unidirectional

22

To enable SSH communication between the installer server and the Web App and Database servers.

Port 22 is required only during installation and upgrade.

Proxy/Firewall

Web App Server

Unidirectional

443

To enable inbound traffic and outbound connection to the Apple server for iOS mobile app push notifications.

Web App Server

Proxy/Firewall

Unidirectional

TCP 5228, 5229, and 5230

UDP 5228, 5229, and 5230

To enable outbound connection to the Google server for Android mobile app push notifications.

Web App and Database Servers

Web App and Database Servers

Bidirectional

TCP 2377 and 7946

UDP 7946 and 4789

To enable Docker Swarm-related communications.

Disk or Mount Point Requirements

Identify the details of storage mount points that are used for the installation of the application and database services. The expected mount point is /apps/cyware/. Make sure that the mount point has sufficient storage with storage disks mounted.

Proxy Configuration

If you have a proxy that acts as a gateway between your users and the internet, it must be configured in all the servers that you use for deployment to ensure network connectivity to Cyware repositories. You must share the proxy details with Cyware to configure the environment files. You can configure the proxy for Collaborate in the vars.yml file. For more information, see the Update Vars File section in Deployment Procedure.

For more information on how to configure the proxy on a Linux server, see Configure Proxy on Linux Server.

Domain Details

If you need the Collaborate platform to be available on a specific domain name, have these handy:

  • Domain Name: Custom domain name on which the platform should be accessible. For example: https://csap.myorg.com. You must add this domain to the Allow List to access the Collaborate application.

  • SSL Certificates are required with the following details:

    Note

    You can also generate and use a self-signed SSL certificate. For more information, see Create Self-Signed SSL Certificate. You must share the self-signed certificate with Cyware to use it with Nginx and the application packages.

    • Root, Intermediate, and Domain certificates in .crt format

    • The private key of the domain certificate

      Store the SSL Certificate (.crt) and Key (.key) files in the /etc/ssl directory as ssl.crt and ssl.key respectively.

  • DNS Configuration on Public/Internal DNS server: Configure domain name resolution on the application’s Web/Virtual IP/Loadbalancer’s IP address.

  • Any rule defined for backend load balancer or backend targets.

  • Share the traffic routing details from the user to the backend with Cyware.

Docker Requirements

The Collaborate application and database services run as Docker containers. Ensure that you meet all the prerequisites to install Docker. For more information, refer to the following prerequisites based on your OS:

Add Cyware Repository

Add the Cyware repository in your RedHat and CentOS-based distributions for the OS-level library installer to download the Collaborate installer package, Collaborate application images, and the OS dependencies that are required by Collaborate.

To add the Cyware repository to the installer server, do the following:

  1. To create and open a docker.repo file in the /etc/yum.repos.d/ directory, run the following command:

    vi /etc/yum.repos.d/docker.repo

  2. Update the docker.repo file with the Cyware repository details. Based on your CentOS and RHEL distribution version, see the Cyware repository details below and update.

  3. Save and exit.

For CentOS 7.x and RHEL 7.x
[cyware-docker]
name=Docker CE Stable
baseurl=https://packages.cyware.com/repository/docker-yum-proxy/7/$basearch/stable
enabled=1
gpgcheck=0
priority=1


[centosplus]
name=CentOS-7 - Plus
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/centosplus/$basearch/
gpgcheck=0
enabled=1



[extras]
name=CentOS-7 - Extras
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/extras/$basearch/
gpgcheck=0
enabled=1


[cr]
name=CentOS-7 - cr
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/cr/$basearch/
gpgcheck=0
enabled=1



[fasttrack]
name=CentOS-7 - fasttrack
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/fasttrack/$basearch/
gpgcheck=0
enabled=1

[os]
name=CentOS-7 - fasttrack
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/os/$basearch/
gpgcheck=0
enabled=1
For CentOS 8.x and RHEL 8.x
[cyware-docker]
name=Docker CE Stable
baseurl=https://packages.cyware.com/repository/docker-yum-proxy/linux/centos/8/$basearch/stable
enabled=1
gpgcheck=0
priority=1

[centosplus]
name=CentOS-8-stream - Plus
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/centosplus/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[extras]
name=CentOS-8-stream - Extras
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/extras/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[cr]
name=CentOS-8-stream - cr
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/cr/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[Appstream]
name=CentOS-8-stream - Appstream
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/AppStream/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[BaseOS]
name=CentOS-8-stream - BaseOS
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/BaseOS/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[PowerTools]
name=CentOS-8-stream - PowerTools
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/PowerTools/$basearch/os/
gpgcheck=0
enabled=1
priority=2
Install Python

You must install Python version 3.9 on the installer server to run the Ansible script that deploys the Collaborate application and database services.

To install Python on the installer server, run the following commands.

sudo yum install wget -y
wget https://packages.cyware.com/repository/cyware/installer/python/install-python39.sh
bash install-python39.sh

Note

Installing Python version 3.9 does not affect an earlier version of Python if already installed on the server.

Update Path Variable

To update the path variable, do the following:

  1. Open the following files: ~/.bash_profile and ~/.bashrc.

    Note

    You need sudo privileges to modify these files. Use the sudo command to open these files. For example, sudo vi ~/.bashrc.

  2. Insert the following path variable at the end of the files.

    PATH=$PATH:/usr/local/bin:$HOME/bin

  3. Save and exit.

  4. Run the following commands:

    source ~/.bash_profile
source ~/.bashrc
Install Ansible

You must install Ansible to run the Ansible script that deploys the Collaborate application and database services.

To install Ansible on the installer server, run the following command:

python3.9 -m pip install ansible -i https://packages.cyware.com/repository/pypi-group/simple/

To verify if Ansible is installed, run the following command:

ansible --version

Sample Output

 [root@ip-10-xx-xx-20 bin]# ansible --version
ansible [core 2.13.6]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.13 (main, Nov 18 2022, 05:59:41) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
  jinja version = 3.1.2
  libyaml = True
Install Unzip Command

You must install the unzip command to extract the Collaborate installer package. To install the unzip command, run the following command:

sudo yum install -y unzip
Operating System Requirements

RHEL 8.x (Red Hat Enterprise Linux 8) OS versions are supported for deployment, ensuring compatibility with necessary system requirements.

Deployment Procedure

Review the Prerequisitesbefore you start the deployment. The steps to deploy the Collaborate application are:

Download Installer Package

To download the latest version of the Collaborate installer package, run the following command:

wget https://packages.cyware.com/repository/cyware/installer/csap/installer-csap-release-latest.zip

Note

To download a previous version of the Collaborate installer package, contact the Cyware team for the download URL.

Extract Installer Package

To extract the Collaborate installer package, run the following command:

unzip installer-csap-release-latest.zip

After extracting the installer package, run the following command to go to the Collaborate installer folder to proceed with the deployment:

cd csap-installer
Update Hosts File

The hosts file includes the IP addresses of the servers on which you want to deploy the Collaborate application and database services. In a one-tier deployment architecture, enter the same server IP address in the swarm_managers and swarm_workers variables. To deploy the services in different servers, you can enter the IP addresses of the servers in the hosts file.

To update the hosts file, do the following:

  1. Run the following command to open the hosts file:

    sudo vi vars/csap/hosts

  2. Update the host variables.

  3. Save and exit.

Update Vars File

The vars.yml file includes variables, such as base path, database passwords, and endpoints, that are needed for the Collaborate application and database services.

To update the vars.yml file, do the following:

  1. Run the following command to open the vars.yml file:

    sudo vi vars/csap/vars.yml

  2. Update the respective values, such as base and log paths, database URLs and passwords, and more.

  3. Save and exit.

Install Docker and Set up Cluster

The Collaborate application and database services run as Docker containers. You must install Docker on all servers where you want to deploy the Collaborate services.

To install Docker on all servers, do the following on the installer server:

  1. Run the following command to download the Docker dependencies:

    yum install https://packages.cyware.com/repository/cyware-yum-hosted/libselinux-python-2.9-2.1.module_el8.2.0+308+f56412f1.x86_64.rpm

  2. Run the following command to install Docker and set up the cluster:

    ansible-playbook -i vars/csap/hosts run-setup.yml -e"client=csap" -u <ssh-user>
Sample Output
 root@ip-10-xx-xx-20 csap-installer]# ansible-playbook -i vars/csap/hosts run-setup.yml -e"client=csap" -u cent

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [10.xx.xx.20]

TASK [setup/docker : Start AWS CSOL deployment] ********************************
changed: [10.xx.xx.20]

TASK [setup/docker : Add the cyware docker repo] *******************************
skipping: [10.xx.xx.20]

TASK [setup/docker : Add the cyware docker 8 repo] *****************************
skipping: [10.xx.xx.20]

TASK [setup/docker : create docker directory if they don't exist] **************
changed: [10.xx.xx.20] => (item=/apps/cyware/docker)

TASK [setup/docker : Install the docker in the rhel/centos server] *************
skipping: [10.xx.xx.20]

TASK [setup/docker : Install the docker in the aws server] *********************
 changed: [10.xx.xx.20]
 
 TASK [setup/docker : Install python2 package] **********************************
ok: [10.xx.xx.20]
.
.
.
.

TASK [setup/docker-network : Create overlay network] ***************************
changed: [10.xx.xx.20]

PLAY RECAP *********************************************************************
10.xx.xx.20                 : ok=33   changed=21   unreachable=0    failed=0    skipped=6    rescued=0    ignored=4
Deploy Database Stack

To deploy the Collaborate database stack, run the following command on the installer server:

ansible-playbook -i vars/csap/hosts deploy-db-stack.yml -e"client=csap" -u <ssh-user>
Sample Output
postgres
Deploy Collaborate Application Stack

To deploy the Collaborate application stack, run the following command on the installer server:

ansible-playbook -i vars/csap/hosts deploy-csap.yml -e"client=csap" -u <ssh-user>
Sample Output
 root@ip-10-xx-xx-20 csap-installer]# ansible-playbook -i vars/csap/hosts deploy-csap.yml -e"client=csap" -u centos

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [10.xx.xx.20]

TASK [deploy/deploy-csap : Change ansible python interpreter to python3] *******
ok: [10.xx.xx.20]

TASK [deploy/deploy-csap : create directory if they don't exist] ***************
changed: [10.xx.xx.20] => (item=/apps/cyware/conf)
changed: [10.xx.xx.20] => (item=/apps/cyware/data)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/csap)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/webapp)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/dashboard)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/celery-beat)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/celery-notification)
changed: [10.xx.xx.20] => (item=/apps/cyware/logs/celery-worker)
changed: [10.xx.xx.20] => (item=/apps/cyware/shared_apps)
changed: [10.xx.xx.20] => (item=/apps/cyware/fusionexport/data)
changed: [10.xx.xx.20] => (item=/apps/cyware/configs)

TASK [deploy/deploy-csap : Change ansible python interpreter to python2] *******
ok: [10.xx.xx.20]

TASK [deploy/deploy-csap : Copy config.yaml] ***********************************
changed: [10.xx.xx.20]

TASK [deploy/deploy-csap : Copy csap.env] **************************************
changed: [10.xx.xx.20]

TASK [deploy/deploy-csap : Copy csap stack file] *******************************
changed: [10.xx.xx.20]

TASK [deploy/deploy-csap : Change ansible python interpreter to python3] *******
ok: [10.xx.xx.20]

TASK [deploy/deploy-csap : Remove CSAP stack] **********************************
21:47:22  changed: [10.xx.xx.2
.
.
.
.
TASK [deploy/deploy-csap : Deploy csap stack from a compose file] **************
changed: [10.xx.xx.20]

TASK [deploy/deploy-csap : Wait for services to become healthy] ****************
Pausing for 90 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [10.xx.xx.20]

PLAY RECAP *********************************************************************
10.xx.xx.20                 : ok=18   changed=12   unreachable=0    failed=0    skipped=0    rescued=0    ignored=1   
In this section: