Prerequisites

Prerequisites


Hardware

Before proceeding with the installation, make sure you have the necessary VMs available. The table provided below will have the recommended specifications required for each machines. 

NoteThe specifications of each machine could be subject to adjustments based on the specific demands of the client.


#

Component

Specification

Operating System

Comments

1

Data Lake -Hot node


12vCPU

64GB RAM

2TB SSD

Red Hat Linux OS

Most Read/Write Intense node.

Recommending 100GB separate volume for OS

(With better RAID configuration)

2

Data Lake- Warm Node

8 – vCPU

32 GB Ram

4TB SSD/HDD Storage

Red Hat Linux OS

Less IOPS Intense than Hot Node

 

Recommending 100GB separate volume for OS

(With better RAID configuration)

3

Data Lake – Frozen Node


8 – vCPU

32 GB Ram

8TB HDD Storage

Red Hat Linux OS

This can be any storage of less cost, which can be mounted as a volume in Linux distributions natively

4

CYBOT - Platform


8vCPU

16GB RAM

500GB

Custom OS

Recommending 100GB separate volume for OS

(With better RAID configuration)

5

Log collector


8vCPU

8GB Ram

80GB

Red Hat Linux OS

Recommending 100GB separate volume for OS

(With better RAID configuration)

6

Reporting Engine and Dashboards


8vCPU

16GB RAM

80GB

Red Hat Linux OS

Recommending 100GB separate volume for OS

(With better RAID configuration)



Network

Ensure to whitelist below URLs for the proper installation of CyBot and its components.

#

From

URL

1

Data lake nodes


https://artifacts.opensearch.org/*

https://raw.githubusercontent.com/*

https://kb.active-bytes.com

https://pro.active-bytes.com

https://api-gw1.active-bytes.com

2

Log collector

https://kb.active-bytes.com

https://pro.active-bytes.com

https://pypi.python.org*

https://pypi.org*

https://pythonhosted.prg*

https://login.microsoftonline.com/

https://manage.office.com

https://api-gw1.active-bytes.com

https://outlook.office365.com

https://reports.office365.com

https://api.securitycenter.microsoft.com

https://api.security.microsoft.com

 

3

Cybot

https://artifacts.opensearch.org/*

https://kb.active-bytes.com/*

https://pro.active-bytes.com/*

https://raw.githubusercontent.com/*


https://iam.amazonaws.com/*

https://aws.amazon.com/*

https://s3.amazonaws.com/*

https://pypi.python.org*

https://pypi.org*

https://pythonhosted.org*

https://www.virustotal.com/api/v3/*

https://talosintelligence.com*

https://urlhaus-api.abuse.ch/*

https://checkpoint.com/*


https://otx.alienvault.com/api/v1/indicators/*

https://api-gw1.active-bytes.com

4

Report Engine

https://opensearch.org/*


https://pro.active-bytes.com

https://kb.active-bytes.com/*

https://api-gw1.active-bytes.com

https://login.microsoftonline.com/

https://manage.office.com

 


 

Firewall Ports

#

To

Port

Comments

1


Log-collector

 

22(SSH)

Remote Login (Internal) log collector

 

2


Hot-node

Warm-node

Frozen-node

22(SSH)

Remote Login (Internal) Analytical logs

3


Cybot

25352(SSH)

Remote Login (Internal) Cybot

4




Hot-node

Warm-node

Frozen-node

Reporting Engine

Cybot


9201(TCP)

5600(TCP)

9200(TCP)

9202(TCP)

9203(TCP)

9300(TCP)

5601(TCP)

Interface access

5




     
              Log-collector


514(UDP)

515(UDP)

516(UDP)

1514(TCP)

1515(TCP)

Log Forwarding

 










    • Related Articles

    • About CYBOT™

      Introduction to CYBOT™ CYBOT™ is a cutting-edge solution developed by ActiveBytes Innovations to address the challenges posed by the overwhelming volume and complexity of logs generated in today's enterprise landscape. This groundbreaking platform ...