Quick starts are demonstrations of how SKI components can be used with open source security tools. The architecture includes traffic sources running
SKI Sensor containers on client nodes,
AWS DynamoDB as a
key buffer and
SKI Decryptor containers running on nodes where a security tool is installed. The tools used are Arkimi, Suricata, Zeek and Wireshark.
Login to your AWS account and go to the Cloud Formation stack creation page. Use this URL: https://nubevalabs.s3.amazonaws.com/qs-lite/templates/nubeva-existing-vpc.template.yaml
Specify the stack name, VPC/subnet information, as well as the “allowed” CIDR block for connectivity to the tools.
Specify your Nubeva Token and select which tool(s) to deploy into your VPC. The last choice will deploy a client generating sample TLS traffic for each tool if “true”.
Enter your administrator name & a password. Currently this applies only to arkime, but it is required for all tools. Leave the service-linked role as false. If you install the stack and it errors out due to “elastic search service-linked role missing”, then change this to “true” and reinstall the stack.
Select your SSH key name from that region and the default instance size for the tool(s).
Please do NOT alter these values as they will probably break your installation.
These are all of the parameters needed. Finish the install. Instructions for connecting to the tool or Kibana are located in the output of the CFT.
Nubeva also released an AWS TLS Quick Start for users who want to identify malicious activity, insider threats, and data leakage within their virtual private cloud (VPC) instances and Amazon Elastic Compute Cloud (Amazon EC2) instances with decrypted visibility.