This document describes how to deploy the Cequence Zeek Sensor to a target host without Internet access. The Cequence Zeek Sensor serves as an integral component within the comprehensive Cequence Unified API Protection (UAP) platform, safeguarding your critical APIs.
Hardware Requirements
| Component | Requirement |
|---|---|
| CPU | 4 vCPU (x86_64 architecture) |
| Memory | 16 GB RAM |
| Storage | 60 GB SSD |
Operating System and software requirements
Before you begin, confirm that your operating environment meets the listed requirements.
- Operating system: Either RHEL (the 8.x and 9.x releases) or Ubuntu (the 22.04 or 24.04 releases). As a best practice, use the newest release available.
- Access to a user account on that host with root privileges.
- Access to local or remote repositories for OS package installation.
- Development packages installed.
- Confirm that the /var directory has at least 20GB of available storage.
- Confirm that the /opt directory has at least 10GB of available storage.
- Confirm that a static IP address, gateway, and DNS settings for the server are configured and working properly.
- Disable on-startup behavior for the firewalld and SELinux services.
- Configure the firewall to enable SSH access from the jump server.
- Configure the firewall to enable HTTPS access from the network.
- Confirm that the Cequence UAP platform is installed and operating correctly.
- Confirm that the Cequence Bridge virtual machine can reach the Cequence UAP platform at port 443.
- Identify the name of the ethernet interface on the Cequence Sensor host that is active or in use for traffic mirroring, such as eth0 or bond0.
Note: When using a single mount point, 40GB for the root (/) partition is sufficient.
Generating a client ID and client secret
Several Cequence components must authenticate to the Cequence UAP platform in order to transmit and receive data. Create authentication credentials in the Cequence UAP platform to enable this authentication.
- Log in to the UAP management portal UI.
The URL for the management portal is typically of the form https://ui.<your-tenant-name>.<domain>. Replace <your-tenant-name> with the name of your Cequence tenant organization. Replace <domain> with your domain name. - Select General Settings > User Management.
The User Management pane appears. - Click the Clients tab.
- Click Add New Client.
The new client dialog box appears. - Type the client name in the Client Name field.
This name is the client ID. Note the client ID for later use. - Enable the Traffic Management toggle.
- (Optional) To change the token lifespan from the default of 1800 seconds, type a whole number of seconds in Token Lifespan.
- Click Save.
A dialog box with the client secret appears. - Click the blue Copy icon to copy the secret to the clipboard, then click Close.
The client is now set up. Note the client name for future use.
The client list appears. - Note the value of the client secret for later use. This value will not be shown again later on the UI for security reasons.
Installing the Cequence Zeek Sensor
- Download the airgapped version of the Cequence Zeek Sensor for your operating system.
- Transfer the downloaded files to the server where the Cequence Zeek Sensor will run.
- When Docker is already present on the host, skip this step.
Install the podman package using the following command.sudo yum install podman -y - Using SSH, log in to the server with the credentials for the user account.
See Operating System and software requirements for specifics. - Run the following command to create the Cequence directory.
sudo mkdir /opt/cequence - Run the following command to extract the downloaded archive file.
sudo tar zxvf <path>/cequence-sensor-bundle-xxx.tar.gz -C /opt - Run the following commands to set appropriate permissions on the Cequence directory.
sudo chown -R root:$USER /opt/cequence sudo chmod -R 775 /opt/cequence - Run the setup script with required parameters. Replace items in <angle brackets> with values applicable to your use case.
/opt/cequence/bin/setup.sh <subdomain.com> <client-id> <client-secret> <network-interface-id> <podman or docker>
Refer to the in-product Cequence documentation for advanced configuration options and detailed troubleshooting procedures.