Quick Starts

Quick starts are demonstrations of how SKI components can be used with open source security tools. The architecture includes traffic sources running SKI Sensor containers on client nodes, AWS DynamoDB as a key buffer and SKI Decryptor containers running on nodes where a security tool is installed. The tools used are Arkimi, Suricata, Zeek and Wireshark.

../_images/CFTlite001.png

Login to your AWS account and go to the Cloud Formation stack creation page. Use this URL: https://nubevalabs.s3.amazonaws.com/qs-lite/templates/nubeva-existing-vpc.template.yaml

../_images/CFTlite002.png

Specify the stack name, VPC/subnet information, as well as the “allowed” CIDR block for connectivity to the tools.

../_images/CFTlite003.png

Specify your Nubeva Token and select which tool(s) to deploy into your VPC. The last choice will deploy a client generating sample TLS traffic for each tool if “true”.

../_images/CFTlite004.png

Enter your administrator name & a password. Currently this applies only to arkime, but it is required for all tools. Leave the service-linked role as false. If you install the stack and it errors out due to “elastic search service-linked role missing”, then change this to “true” and reinstall the stack.

Select your SSH key name from that region and the default instance size for the tool(s).

../_images/CFTlite005.png

Please do NOT alter these values as they will probably break your installation.

../_images/CFTlite006.png

These are all of the parameters needed. Finish the install. Instructions for connecting to the tool or Kibana are located in the output of the CFT.

Tip

Nubeva also released an AWS TLS Quick Start for users who want to identify malicious activity, insider threats, and data leakage within their virtual private cloud (VPC) instances and Amazon Elastic Compute Cloud (Amazon EC2) instances with decrypted visibility.