DTM Extension Installation Instruction Manual - secbuzzer/DetectionEdge GitHub Wiki
This instruction manual is designed for users who already had installed ESM and would like to experience the DTM Extension feature. For detailed assessments, please contact SecBuzzer team beforehand.
-
The DTM Extension feature installation would run by the script, in which several parts of the kit would be installed and updated, so make sure the environment can be connected to "Ubuntu Repository".
-
The required file for installation has not been disclosed yet, please contact SecBuzzer team if needed.
-
For basic measurements, messages would pop up in green when the step was done successfully, otherwise in red.
-
Please run the script as root.
1. After placing deployment.tgz in the ESM edge host and unzip, users would get DeployDTM.sh、dtm.tar.gz
tar -zxvf deployment.tgz
2. When running the DeployDTM.sh script, it should be noted that the first parameter would be the name of the monitored network interface card, the second parameter is the network segment where intranet has to be filtered, in order to prevent false reports during internal transmission.
./DeployDTM.sh <NIC Name> <HOME_NET>
3. Installation successful
1. Functional verification can be done by foolproof test that sends testing messages at every 12:33 both a.m and p.m.
2. Manual verification code:
docker exec -it dtm_checker sh
cd image/
sh suricata_checker.sh
3. Press 'Ctrl+C' and type 'exit' to quit the Container Console interface, testing site event messages can be found later in Elasticsearch on premise or the SecBuzzer ESM Cloud Platform
For any further question, please contact SecBuzzerESM team, thank you.