Probe Node Setup in AWS
Create the EC2 instance
In the EC2 dashboard, click Launch Instance.
Enter the name in the Name field.
In Application and OS images, click Ubuntu with AMI as ami-0c65adc9a5c1b5d7c.
In Architecture, select 64-bit (x86).
In the Instance type, select r5.8xlarge (for 5gbps) and r5.16xlarge (for 10gbpd).
Select the required keypair that is customer environment-specific.
Go to Network Settings and then click Edit.
Select VPC and Subnet.
To create a security group, do the following:
Add the name and description.
Select the inbound rule to allow traffic through UDP port 4789.
Add all the required rules for the probe node to communicate with the CCN and UXN instances. For more information, see LogRhythm NDR Prerequisites.
Configure the required storage.
Disk 1: 1x200 GB → GP2
Disk 2: 23 TB (for 5 Gbps) and 46 TB (for 10 Gbps).
Partition Disk 2 as opt and data with the specification given in the above reference document.
Add the required advanced configurations that are customer-specific.
Install Salt-Minion by following the below steps:
Use command:
CODEsudo apt-get -y updateUse command:
CODEsudo apt-get install -y python3-software-propertiesUse the below command:
To download, go to https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3005/salt-archive-keyring.gpgCODEsudo curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpgUse the below command:
For more information, see https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3005 focal main" | sudo tee /etc/apt/sources.list.d/salt.listCODEecho "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64]Enter the below command:
CODEmkdir -p /etc/salt-2023Use command:
CODEmv /etc/salt/minion /etc/salt-2023/Enter command:
CODEsudo apt-get -y updateEnter the below command:
CODEsudo apt-get install -y salt-minionUse command:
CODEsudo systemctl enable salt-minion.serviceEnter the below command:
CODEsudo systemctl restart salt-minion.service