Skip to content

DPM Log Ingestion Node

Specs and Requirements#

Requirement TypeRequirementDescription
ServerCPU

Small: 4x CPU

Med: 8x CPU

ServerRAM

Small: 8 GB

Medium: 24 GB

ServerDisk 175 GB root HD
ServerDisk 2

Small: 200 GB unformatted HD

Medium: 600 GB unformatted HD

NetworkReserved IP for each nodeIf deploying an ingestion mesh, please also reserve an IP for the software load balancer
Firewall PortsRemote ManagementPlease ensure that your firewall allows the Ingestion Appliance(s) to communicate outbound on UDP/9993
Firewall WhitelistingNode Health and Management

Please allow the nodes access to the following FQDNs on TCP/443:

  • *.*.databahn.app
  • zabbix.SolCyber.us
  • repo.zabbix.com
  • usea1-001-mssp.sentinelone.net
  • install.zerotier.com

Deploying and Configuring the Ingestion Nodes#

VMWare and other Hypervisors with OVA support #

SolCyber will provide links to download the OVA. Since the file is large, we will provide two options for download:

  • Option 1: a single link to download the entire file
  • Option 2: multiple parts (usually 4) that will be combined

We recommend Option 2, so that the zip utility can verify that the files are downloaded correctly and completely.

If you’re extracting the OVA on Windows, we recommend using the free 7z utility (https://7-zip.org/download.html). The built in Windows extraction utility does not always handle zip parts successfully.

Prior to deployment, SolCyber will determine if a single node is sufficient, or if a node mesh is required.

  1. Import the OVA to the hypervisor. If deploying a node mesh, follow this process as many times as needed for each node required. IMPORTANT: Do not clone the VM.
  2. The OVA is configured with the minimum hardware setting, and may need to be modified for your site. Please go to the hypervisor settings for your imported VM and modify the resourcing as necessary.

Hyper-V#

  1. Create a new virtual machine running Ubuntu 24.04.x LTS, with the specifications indicated above. NOTE: Do not format the 2nd drive, and do not install anything additional on the appliance.
  2. Validate:
    • Double-check the disks with lsblk -o NAME,SIZE,FSTYPE,MOUNTPOINT,LABEL,UUID
    • Confirm that the secondary HD shows up and is unmounted & unformatted.
  3. SolCyber will send you 3 files to use in the deployment process. Copy the files to VM, ensuring they are in the same folder:
    • new_ingester_vx.sh (filename may be slightly different)
    • sc_payload_x.x.x.x
    • sc-answer.ini
  4. Run sudo bash new_ingester_vx.sh and choose Option 1