Requirements
Before installing ACSIA SOS, make sure your system matches the needed requirements.
Introductory note
This article shows how to:
- Install the ACSIA manager.
- Use the administrative back end to create tenants and users and how to associate them.
- Load sigma rules on a tenant.
The process guides you through several steps to accomplish these goals, so you can follow this guide as is when performing a new installation.
How to install the ACSIA manager
Environment configuration
Step 1: install make
$ sudo apt install make
Step 2: Add keys for ubuntu
user
$ ssh-keygen
Step 3: create the destination folder for the installation
Call xdrplus
the destination folder:
$ mkdir xdrplus
Step 4: download xdrplus-xxx.tar.gz
file into the /home/ubuntu/xdrplus
folder
Download the file you received into the /home/ubuntu/xdrplus
folder.
Step 5: prepare the SSL certificates and put it into the virtual machine
Set up the certificates based on your domain and put them into the virtual machine.
You can set up certificates with Let's Encrypt or any vendor you prefer.
Create the /certs
folder:
$ mkdir certs
Put the privatekey and the full chain file into the /home/ubuntu/certs
folder.
ACSIA manager installation
After the environment configuration, you can install the ACSIA manager using the following procedure.
Step 1: unpack the archive
If your archive is named xdrplus-6.4.x.tar.gz
unpack it like so:
$ tar xvf xdrplus-6.4.x.tar.gz -C xdrplus/
With this command, the package is unpacked in the folder of xdrplus created before
Step 2: go into the folder where you unpacked the archive
$ cd xdrplus/
Step 3: make the configuration
$ make configure
You'll be asked to insert:
- The backend domain:
- For the on-premises version of ACSIA: your backend domain.
- For the SaaS version of ACSIA: https://app.xdrplus.com, 168.63.110.116.
- Your private key. Copy and paste the path to your
certs/
folder that is:/home/ubuntu/certs/privkey.pem
- The domain full chain. Copy and paste the path to your
certs/
folder that is:/home/ubuntu/certs/fullchain.pem
- The credentials to pull the Docker:
- User: the user you received.
- Password: the token you received.
Step 4: run the stack
$ make up
Step 5: verify that everything runs correctly
Verify that the containers run without any error by typing:
$ docker compose ps
Users and tenants management
After the installation, you must create users and tenants.
Step 1: Login to the administration back end
Go to the URL domain/iam-admin
(wheredomain
is the domain associated with the ACSIA manager) and log in with the admin user as follows:
- User name.
- Password.
Step 2: Create a new tenant
Once logged in to the administration backend, create a new tenant as follows:
ORGANIZATION > Organizational Tenants > ADD ORGANIZATIONAL TENANT
Then:
- Compile the
name
field. - Verify the
is active
box is flagged. - Save.
Step 3: create a user
Once logged in to the administration backend, create a new user as follows:
USERS AUTHENTICATION AND AUTHORIZATION > user > ADD USER
Then:
- Compile the
name
field. - Set a secure
password
. - Confirm your
password
. - Verify the
is active
box is flagged. - Click on
Save and continue to modify
.
Compile the following fields:
- Name.
- Surname.
- Email address.
- Click on
Save
.
Step 4: affiliate a user with a tenant
After creating a new tenant and a new user, you have to affiliate the user to the tenant.
Here's how to do so:
ORGANIZATION > user affiliations> ADD USER AFFILIATION
Then:
- In
Organization
choose the tenant. - In
user
choose the user. - Set date and hour.
- Verify the
is active
box is flagged. - Click on
Save
.
Make the user admin of the tenant by selecting the user, then:
- Action > sign as tenant amin.
Step5: create Google or Microsoft logins
After the creation of a new tenant and a new user and their affiliation, you can set Google or Microsoft logins.
ACCOUNT > email address > ADD EMAIL ADDRESS
Then:
- In
user
choose the user. -
Email address
. Paste the Microsoft or Google email of the user. - Check the
verified
box. - Click on
Save
.
Loading sigma rules
After the creation of a new tenant, it is mandatory to load the Sigma Rules for that specific tenant. This procedure must be done only once, and it needs to be executed for each tenant created, before installing any device.
For the procedure, contact our Support Team at support@dectar.com