Orchestrator Installation Guide - Linux Operating System Legacy Deployment - 7.9.x

The following article contains a summary of the NetWitness® Orchestrator 7.9 Installation Guide for Legacy Linux Operating System Deployments. To see the full guide, go to Attachments on this article and download the associated PDF.

Summary of the NetWitness® Orchestrator 7.9 Installation Guide for Legacy Linux Operating System Deployments

The document is a technical installation guide for deploying NetWitness® Orchestrator software on a Linux operating system, detailing system requirements, installation procedures, and configuration steps. This installation guide is for non-containerized deployments. If you are looking for the guide concerning containerized deployment, please see Orchestrator Upgrade Guide for Containerized Deployments

System Requirements for NetWitness® Orchestrator Installation

This section outlines the necessary hardware and software requirements for installing NetWitness® Orchestrator on a Linux operating system. ​

Hardware Requirements

• Application Server: Minimum 16 GB RAM, 8 CPU cores, 50 GB storage (no playbooks); 48 GB RAM, 8 CPU cores, 150 GB storage (with playbooks).
• Database Server: Varies from 12 GB RAM for 0-2 million indicators to 64 GB RAM for 10+ million indicators.
• OpenSearch Server: Minimum 12 GB RAM for 0-2 million indicators, 32 GB RAM for 5-10 million indicators.

Software Requirements:

• Operating System: RHEL 6, 7, 8 or CentOS 6, 7.
• Java 17, OpenSearch 2.6.0, Python 3.6.x and 3.11.x, Redis 7.2.4.
• Database options: MySQL 8.0.x, SAP HANA 2.0 SPS 02, PostgreSQL v14.

Database and SMTP Server Requirements

This section details the database and SMTP server requirements for NetWitness® Orchestrator. ​

Database Requirements

• Must have MySQL 8.0, PostgreSQL v14, or SAP HANA 2.0 installed.
• Permissions needed to create users, databases, and tables. ​
• Recommended to run the database on a separate machine.

SMTP Server Requirements

• An SMTP server is required for sending email alerts. ​
• Must be routable from the NetWitness® Orchestrator server. ​
• Options for SSL or TLS during installation. ​

Network Configuration and Whitelist Requirements

This section describes the necessary network configurations and whitelist requirements for NetWitness® Orchestrator. ​

Network Traffic Ports

• Port 443 (HTTPS) for user connections. ​
• Port 62000 for UI connection to the message broker.

Whitelist Requirements

• Whitelist api.threatconnect.com, broker.threatconnect.com, and feeds.threatconnect.com for application communication.

OpenSearch Installation Guidelines

This section provides instructions for installing OpenSearch, including hardware and software requirements. ​

Hardware Requirements

• Minimum 12 GB RAM for 0-2 million indicators, 32 GB RAM for 5-10 million indicators.

Software Requirements

• Requires Java 17 and OpenSearch Server 2.6.0.

Installation Steps

• Download and install OpenSearch using RPM.
• Configure SSL if needed and set up security settings.

MySQL Installation and Configuration Steps

This section outlines the steps to install and configure MySQL for NetWitness® Orchestrator. ​

Installation Steps

• Download and install MySQL 8.0 using the repository.
• Configure lower_case_table_names and other settings in my.cnf.

Database Creation

• Create a database named "threatconnect" and a user "tcuser" with appropriate privileges.

NetWitness® Orchestrator Application Server Preparation

This section details the preparation steps for the NetWitness® Orchestrator application server. ​

File Limits Configuration

• Set open file limits in /etc/security/limits.conf and /etc/sysctl.conf.

User Account Creation

• Create a service account named "threatconnect" and configure JAVA_HOME.

Redis Server Installation and Setup

This section provides instructions for installing and configuring the Redis server. ​

Installation Steps

• Install necessary developer packages and compile Redis from source.
• Configure Redis to run as a non-root user for security.

Configuration Settings

• Set maxmemory to 6 GB and configure memory policies. ​

Redis Installation and Configuration Steps

This section outlines the process for installing and configuring Redis on an application server.

• Redis dependencies are installed using yum install with a comprehensive list of packages. ​
• The source code for Redis 7.2.4 is downloaded and extracted.
• Compiled dependencies are built, and Redis is compiled with systemd support. ​
• The redis.conf file is modified to set properties like bind, protected-mode, and maxmemory. ​
• A systemd service file is created and modified to run Redis as a non-root user. ​
• Ownership of relevant directories is changed to the redis user, and the service is started and verified. ​

Python 3.6 Installation Process

This section details the steps to install Python 3.6 from source on the application server. ​

• Developer packages are installed to support the compilation of Python. ​
• The source code for Python 3.6.15 is downloaded and extracted. ​
• Configuration commands are run to set up the installation directory and optimizations.
• Python is compiled and installed, followed by creating a symbolic link for easier access. ​
• Permissions for Python site-packages are updated to avoid permission issues. ​
• TcEx CLI is installed using pip. ​

Python 3.11 Installation Process

This section describes the installation of Python 3.11 from source, including specific steps for CentOS and RHEL. ​

• Additional software collections are installed for CentOS 7 and RHEL 7.
• Dependencies specific to Python 3.11 are installed. ​
• The source code for Python 3.11.1 is downloaded, extracted, and configured for installation. ​
• Python is compiled and installed, with a symbolic link created for easier access. ​

NetWitness® Orchestrator Installation Overview

This section provides a guide for downloading and installing NetWitness® Orchestrator on the application server. ​

• Users must obtain Onehub credentials to access the NetWitness® Orchestrator installation files. ​
• The ThreatConnect folder contains necessary files, including a zip file for installation. ​
• The zip file is unzipped to create the installation directory structure. ​
• Permissions are adjusted to allow the threatconnect user ownership of the files. ​

TC Exchange Setup and User Configuration

This section outlines the setup of TC Exchange and user permissions for enhanced security.

• A separate user tc-job is created for running TC Exchange jobs. ​
• Permissions are updated for the exchange directory to control access.
• PAM configuration is modified to allow the tc-job user to run jobs.
• Sudoers configuration is updated to allow the threatconnect user to run jobs as tc-job. ​

NetWitness® Orchestrator Initial Setup and Configuration

This section details the initial setup process for NetWitness® Orchestrator after installation. ​

• Users must set the server's timezone to UTC for proper timestamping. ​
• The initial setup prompts users for database, SMTP, and memory configuration. ​
• Users select the server type and enter a server name for identification.
• Database properties must be configured, including name, port, host, username, and password. ​

PostgreSQL Installation and Configuration

This section describes how to install and configure PostgreSQL for use with NetWitness® Orchestrator. ​

• PostgreSQL is installed using yum, and the database is initialized. ​
• Firewall settings are configured to allow access to the PostgreSQL database. ​
• A password is set for the postgres user, and access configurations are updated. ​
• Database and user roles are created for NetWitness® Orchestrator, granting necessary permissions. ​

SSL Configuration for NetWitness® Orchestrator

This section explains how to configure SSL for secure communication in NetWitness® Orchestrator. ​

• Users are guided to generate a CA-signed SSL certificate for secure connections.
• The keystore is created and configured with the necessary certificates. ​
• The NetWitness® Orchestrator configuration is updated to use SSL for database connections. ​

Securing Redis for NetWitness® Orchestrator

This section outlines the steps to secure Redis when used with NetWitness® Orchestrator. ​

• A Redis master password and user credentials are created for secure access. ​
• Redis configuration is updated to require a password for connections. ​
• Commands are provided to create and enable a Redis user with specific permissions. ​

Diagnostic Utility for NetWitness® Orchestrator

This section describes how to run diagnostic checks on the NetWitness® Orchestrator instance. ​

• Dependencies are installed for running diagnostic scripts.
• A Python script is executed to verify file permissions, directory access, and OpenSearch connectivity.
• The process ensures that the NetWitness® Orchestrator instance is configured correctly and functioning as expected. ​

For More Information:
For Release Notes and Documentation on NetWitness® Orchestrator 7.9, please visit our NetWitness® Orchestrator page on the NetWitness® Community.
For data sheets and other similar content, visit the Security Automation and Orchestration page on NetWitness.com.

Attachments:
Orchestrator Installation Guide_Linux Operating System Legacy Deployment_Software Version 7.9.pdf