Controllers are installed on hosts within a network’s firewall, and used to facilitate and initiate agentless collection on behalf of the cloud console.
HUNT Worker: This micro service discovers endpoints in a network and interacts with the endpoints to deploy surveys.
HUNT Integration Worker: This microservice enables the Infocyte analysis to be exported in formats such as syslog to a Security Incident and Event Manager (SIEM). This is disabled by default as of 9/30/21.
Processor: |
Intel 2.0GHz+ Processor (2+ cores) |
Memory (RAM): |
4 GB |
Storage: |
200 MB |
Operating System: |
Microsoft Windows Server 2012 R2, 2016, 2019 |
NOTE: A dedicated server operating system for permanent deployments is recommended.
Installation of the Infocyte Controller
In your cloud instance, navigate to the Downloads section of the Admin page (Account->Admin->Downloads). There, you will locate HUNTControllerSetup.exe and download it to the machine which will host the Infocyte Controller.
APPROVE & ENABLE CONTROLLER
Once installed, the Controller will attempt to associate with the instance. You must log into the Console’s Admin Panel in order to complete the registration process by navigating to the Controllers section of the Admin Panel. Once there, locate the installed controller, select it, and choose enable.
Controller Groups
Infocyte offers the ability to use multiple controllers in a single network segment and can use controllers assigned to specific network segments which may not be able to communicate over the network. This is accomplished through a feature known as controller groups. To configure controller groups, simply navigate to the controller section of the administration panel. Once there, select controller groups.
Use case 1
Multiple controllers for the same network segment allow for more throughput and redundancy.
Use case 2
Multiple controller groups for disparate networks or network segments which are unable to communicate with each other.
Use case 3
Multiple controller groups with one controller group sitting idle until needed for expeditious requests—bypassing the task queue.
ANTI-VIRUS SOFTWARE Considerations
Infocyte is designed to safely handle malware. As a result, anti-virus software may detect Infocyte as malicious and may interfere with run-time. Prior to installation of the Controller, it is recommended you whitelist the controller installation, processes, and application. You may also need to remove or whitelist in the default AV (Defender) installed on Windows server.
Comments
0 comments
Please sign in to leave a comment.