Threat Response Auto Pull (TRAP) - Installation Guide

Similar documents
Proofpoint Threat Response

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Contents. Limitations. Prerequisites. Configuration

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi

Cisco Prime Collaboration Deployment

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline Collector 2.0

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Installing and Configuring vcloud Connector

Installing Cisco MSE in a VMware Virtual Machine

Sophos Virtual Appliance. setup guide

Installing Cisco CMX in a VMware Virtual Machine

Version 2.3 User Guide

SRA Virtual Appliance Getting Started Guide

Quick Start Guide ViPR Controller & ViPR SolutionPack

Connectra Virtual Appliance Evaluation Guide

CA Agile Central Administrator Guide. CA Agile Central On-Premises

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

Quick Start Guide ViPR Controller & ViPR SolutionPack

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

akkadian Global Directory 3.0 System Administration Guide

dctrack Quick Setup Guide (Recommended) Obtain a dctrack Support Website Username and Password

Free Download: Quick Start Guide

ITCorporation HOW DO I INSTALL A FRESH INSTANCE OF ANALYZER? DESCRIPTION RESOLUTION. Knowledge Database KNOWLEDGE DATABASE

VMware vrealize Log Insight Getting Started Guide

CA Agile Central Installation Guide On-Premises release

Installing and Configuring VMware Identity Manager for Linux. Modified MAY 2018 VMware Identity Manager 3.2

Installing and Configuring vcloud Connector

VMware vfabric Data Director Installation Guide

Deploy the ExtraHop Trace Appliance with VMware

VMware vfabric Data Director Installation Guide

Install and Configure FindIT Network Manager and FindIT Network Probe on a VMware Virtual Machine

Vembu VMware Virtual Appliance Installation Guide - OffsiteDR

Virtual Appliance Installation Guide

Using vrealize Operations Tenant App as a Service Provider

FusionHub. SpeedFusion Virtual Appliance. Installation Guide Version Peplink

Storage Manager 2018 R1. Installation Guide

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

Installing and Configuring vcenter Support Assistant

Connection Broker Advanced Connections Management for Multi-Cloud Environments

Deploy the ExtraHop Discover Appliance with VMware

Installing and Configuring VMware Identity Manager. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Deploy the ExtraHop Discover Appliance with VMware

KeyNexus Hyper-V Deployment Guide

Dell Storage Manager 2016 R3 Installation Guide

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

FusionHub. Evaluation Guide. SpeedFusion Virtual Appliance. Version Peplink

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

UDP Director Virtual Edition

IBM Single Sign On for Bluemix Version December Identity Bridge Configuration topics

Implementing Infoblox Data Connector 2.0

Installing and Configuring VMware Identity Manager

Installing or Upgrading ANM Virtual Appliance

Active Fabric Manager Installation Guide 1.5

vrealize Network Insight Installation Guide

Netwrix Auditor. Virtual Appliance and Cloud Deployment Guide. Version: /25/2017

Installing the Cisco Virtual Network Management Center

GX-V. Quick Start Guide. VMware vsphere / vsphere Hypervisor. Before You Begin SUMMARY OF TASKS WORKSHEET

Platform Compatibility... 1 Known Issues... 1 Resolved Issues... 2 Deploying the SRA Virtual Appliance... 3 Related Technical Documentation...

Installing and Configuring VMware Identity Manager. Modified on 14 DEC 2017 VMware Identity Manager 2.9.1

Version 1.26 Installation Guide for SaaS Uila Deployment

Version 1.26 Installation Guide for On-Premise Uila Deployment

QUICK SETUP GUIDE VIRTUAL APPLIANCE - VMWARE, XEN, HYPERV CommandCenter Secure Gateway

RecoverPoint for Virtual Machines

Global Management System (GMS) Virtual Appliance 6.0 Getting Started Guide

vcloud Usage Meter 3.6 User's Guide vcloud Usage Meter 3.6

Quick Start Guide for Vmware. Version 2.5 Vmware vsphere Instance

VMware IOInsight. v1.1.1 User Guide

HiveManager Virtual Appliance QuickStart

SteelCentral AppResponse 11 Virtual Edition Installation Guide

Installation and Upgrade

Installing vrealize Network Insight. VMware vrealize Network Insight 3.3

Installing vrealize Network Insight

Addendum. McAfee Virtual Advanced Threat Defense

vrealize Network Insight Installation Guide

WatchGuard XTMv Setup Guide Fireware XTM v11.8

Product Version 1.1 Document Version 1.0-A

WatchGuard XTMv Setup Guide

Deployment Guide for Unitrends Backup on VMware

Creating an IBM API Management Version 2.0 environment

VMware ESX ESXi and vsphere. Installation Guide

All - In - One for Hyper- V

Cisco IMC Supervisor Installation Guide for VMware vsphere and Microsoft Hyper-V, Release 2.0

Deploying the Cisco Tetration Analytics Virtual

GX-V. Quick Start Guide. Citrix Xen Hypervisor. Before You Begin SUMMARY OF TASKS WORKSHEET

SUREedge DR Installation Guide for Windows Hyper-V

CCC VMware Workstation Installation Guide Document Version build 007

Configuring the SMA 500v Virtual Appliance

IronKey EMS On-Prem 7.1 Quick Start Guide

Deploying Cisco UCS Central

WatchGuard Dimension v1.1 Update 1 Release Notes

on VMware Deployment Guide November 2018 Deployment Guide for Unitrends Free on VMware Release 10.3 Version Provide feedback

Basic Configuration Installation Guide

AT&T CLOUD SERVICES. AT&T Synaptic Compute as a Service SM. Using VMware vcloud Connector

Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

vcenter CapacityIQ Installation Guide

Installation. Power on and initial setup. Before You Begin. Procedure

SolarWinds. Virtualization Manager. Getting Started Guide. Version 7.0

Installation of Cisco Business Edition 6000H/M

vrealize Infrastructure Navigator Installation and Configuration Guide

Transcription:

Threat Response Auto Pull (TRAP) - Installation Guide Installation guide provides information on how to get Threat Response Auto Pull (TRAP) [/trapguides/trap-about/] up and running in your environment. The Installation guide includes the list of hardware requirements, all the major steps to install Threat Response Auto Pull image in VMware environment, con gure required bootstrap services, and perform initial con guration. TRAP installation requirements Virtual machine requirements TRAP Auto Pull (TRAP) is a stand-alone virtual appliance. It is distributed as an OVA le, and can be downloaded from the Proofpoint Customer Portal. The virtual machine requires the following, minimum hardware con guration for production deployments: 4x vcpu Cores (8x vcpu cores recommended) 8 GB RAM (16 GB RAM recommended) 20 GB HDD (base system)

500 GB HDD (local databases and backups) 1 network adaptor (default E1000) For administration and general usage, TRAP will need one IP address allocated to it for network access. If you plan to build a cluster for high-availability, you will need one local IP per-system, plus a single management IP to be shared between the systems. Active Directory Requirements Active Directory enables Threat Response Auto-Pull to gather details about users in alerts including information such as group membership, department, location, and more. Threat Response Auto-Pull requires read-only permissions in Active Directory. Exchange Web Services Requirements Threat Response Auto-Pull requires the connection with Exchange Web Services to perform email quarantine action. To con gure Exchange EWS, you will need the following information: Exchange Web Services: EWS URL: Based on your Exchange deployment you will need the Exchange Web Services URL. If you have a hybrid Exchange setup, you can con gure both Exchange on-premises and O ce365 EWS URLs. On-premise Exchange: https://yourexchangehost.yourdomain.com/ews/exchange.asmx In most cases, this host is same as the one that is hosting Exchange OWA service. O ce 365: https://outlook.office365.com/ews/exchange.asmx (Optional) EWS Certi cate: If you are using self-signed certi cate on Exchange CAS server for EWS service, you will need to import the cert to TRAP certi cate store.

Exchange Service Account: TRAP requires a service account with the privilege to quarantine message(s) in targeted mailboxes. This service account must meet the following requirements: The service account must have an associated mailbox The service account must have permission to scan targeted mailboxes. Choose one of the two supported exchange permission models: Application Impersonation role (recommended): Grant explicit application impersonation role to the Exchange service account used for TRAP. Please ensure that this use account has no other Exchange permissions or roles assigned. Full Access permission: The Exchange service account used for quarantining has Full Access permission. Exchange Throttle Setting: To enable faster email quarantine rates, we recommend exempting this service/user account from EWS Throttling limitations you may have con gured on Exchange CAS server. Supported Exchange Versions TRAP supports the following: Exchange on-premise: Exchange 2010, 2013, and 2016 O ce 365 Required ports for network communication TRAP requires the following ports to be opened for management purposes, and to allow it to communicate with your devices. Refer to the table below for a list of ports that should be allowed between TRAP and other systems.

Port Direction Purpose TCP/443 Any to TRAP TRAP GUI & HTTPS alert listeners TCP/8080 Admin Network to TRAP Appliance Management Console TCP/22 Admin Network to TRAP SSH access to CLI TCP/443 TRAP to overcast.netcitadel.com Communication with Overcast TCP/443 TRAP to Exchange Used to quarantine messages TCP/389 TRAP to LDAP Server Query LDAP for user details TCP/25 TRAP to Mail Server Noti cations & alerts via email UDP/53 TRAP to DNS Server DNS services UDP/123 TRAP to NTP Server NTP services TCP/443 TRAP to TAP Pulling alerts from TAP Supported browsers TRAP supports the following browsers: Browser Version Google Chrome 51.0 + Mozilla Firefox 47.0 + Supported hypervisors

Today TRAP supports the following virtualization environments: VmWare ESX/ESXi [http://www.vmware.com/products/vsphere-hypervisor.html] Initial TRAP con guration Building TRAP VM Importing TRAP to VMware This example shows how to con gure the Proofpoint TRAP on VMware ESX 5.5. Note This example assumes you have downloaded the OVA le from the Proofpoint Customer Portal as described in your Proofpoint Welcome letter. To install TRAP in a VMware environment: 1. Start the VMware vsphere Client on your workstation. 2. Log in to the VMware ESXi server that will host the VM. 3. Select File > Deploy OVF Template to open the Deploy OVF Template dialog box. Note: the installation steps are listed in the panel on the left. You can use this list to follow your progress. 4. Go to the Deploy from file eld and browse to the TRAP OVA le. 5. Click Open, then click Next. 6. Verify the OVF Template details then click Next. 7. Review the TRAP End User License Agreement. 8. Click Accept, then click Next. 9. Accept or change the default name in the Name and Location eld, then click Next. 10. Select the resource pool for this VM, then click Next.

11. Select the data store to use for the TRAP les, then click Next. 12. Map the networks in the OVF template to your networks, then click Next. Note: The managed devices must be reachable from the TRAP virtual appliance. 13. Review the settings and click Finish to begin installing TRAP. Note: The system takes a few minutes to import the virtual appliance. Do not shut down the application during this process. 14. In the Deployment Completed Successfully window, click Close. Initial con guration wizard Once you deployed the TRAP VM, you can proceed with the initial con guration. First of all you need to start TRAP. 1. In the vsphere Client, select the TRAP appliance that was just installed, rightclick the name, then click Power > Power On. 2. Click the Console tab to emulate a console port. 3. Go to the next section to begin con guring the TRAP appliance. Once TRAP is started, you can proceed with the initial con guration wizard. This will take up to 5 minutes. 1. Open a console window to start the initial con guration wizard. 2. Enter admin at the login prompt and press Enter. Note: If the system prompts you for a password, enter: proofpoint 3. Enter yes at the Do you want to use the wizard...? prompt and press Enter. 4. Enter a name you want to assign to this virtual machine at the Hostname prompt and press Enter. Note: Record it in the following Gather TRAP Con guration Information section. 5. (Optional) Select yes for DHCP and press Enter, if you want to use DHCP to get the IP address for TRAP.

6. Enter a password of your choice at the password prompt then press Enter. Record it in the following Gather TRAP Con guration Information section. 7. Re-enter your password when prompted and press Enter to save your changes and exit the program. Note: When you enter and re-enter your password, no keystrokes are displayed on the console; however, the password is being entered. 8. Enter your admin email address and press Enter. 9. Scroll through the list of available time zones to nd the code for your time zone. Enter n (for next) and press Enter to scroll to the next batch or p (for previous) and press Enter to scroll to the previous batch. Codes for the US mainland time zones are: US/Eastern: 509 US/Central: 507 US/Mountain: 513 US/Pacific: 514 10. Enter either the text string or the numeric value for the time zone then press Enter. 11. At the NTP Server prompt, enter your NTP server name if you want to use an NTP server or enter No if you do not then press Enter. 12. Review the information that you entered. To change an answer, enter the step number then press Enter. To proceed, press Enter to save changes and exit the wizard. Determining DHCP address If DHCP was selected during the setup wizard, use the steps below to display the system's IP address. 1. Log in to the TRAP console. 2. Enter enable at the hostname prompt and press Enter. 3. Enter show interfaces eth0 at the hostname# prompt and press Enter.

4. Note and record the IP address in the Gather TRAP Con guration Information section below since you will not be able to copy and paste it from the console script window. 5. Type exit to log out of the console. Gather TRAP con guration section This section provides you with an easy way to record important TRAP con guration information: Gather the following information Record information here Hostname VM username VM password TRAP IP address Hostname of virtual machine Use this information to open and get started using TRAP, as described in the next chapter. License installation Use the steps in this section to install the TRAP License. 1. Open the Proofpoint Welcome email containing your license. 2. Locate and copy the license key to use in step 7 below. 3. In the browser window, enter https://ptr_ip_address:8080. 4. Provide the Proofpoint username and password then press Enter to open the Proofpoint Appliance Management Console window.

Use the IP address assigned to the TRAP virtual machine in the Deploying the Virtual Machine section earlier in this chapter or go to the Gather TRAP Con guration Information if you recorded the IP address there. 5. Click the Setup tab then click Licensing in the left menu. 6. Paste the Proofpoint license key you copied from the Proofpoint Welcome email (in step 2 above) into the text eld below Add New License. 7. Click Add Licenses then click Save in the top right corner of the window to validate and save the license. Note TRAP licenses have expiration dates. Twenty-eight days before your license expires, TR opens a pop-up message each time you log in reminding that your license will expire soon. Once it expires, you will not be able to log in until you enter a new license in the Proofpoint Appliance Management console window. To renew your license, contact Sales at 1-877-634-7660. Logging into TRAP Use the steps in this section to run TRAP in a browser window. 1. Open a supported browser. 2. Navigate to to https://ptr_ip_address to open the Proofpoint TRAP login window. This is the IP address assigned to the TRAP virtual machine when you set up your virtual environment in the Deploying the Virtual Machine section of the previous chapter. 3. Enter your username and password into TRAP login window. This is the admin password you created for yourself when you set up the virtual machine in the Deploying the Virtual Machine section and recorded in the section, Gather TRAP Con guration Information. 4. Click Login to open the TRAP Dashboard window. Initially, this window will be empty of data.

Active Directory and LDAP LDAP / Active Directory support enables TRAP to map users to alerts that it receives, and to retrieve details about user accounts, such as location and group membership. The con guration is broken up into the two sections below. Server Con guration Create a server listing in TRAP to tell the systems which LDAP server to query for user information. Multiple servers can be created. 1. Log in to TRAP. 2. Navigate to System Settings > Contextual Data Sources > LDAP Servers. 3. Click the blue Add (+) button next to LDAP Servers to bring up the New LDAP Server panel. 4. Set the following elds: IP/Hostname: <ldap_hostname_or_ip> Port: <ldap_port> SSL: Check to enable SSL encryption Search Base: <directory_path> (e.g., DC=domain,DC=com) Requires Authentication (Optional) 5. Save changes. Note The authentication username may vary in syntax depending on your directory server's authentication requirements. In most cases, the full, distinguished name (DN) for the user should be used as the username. LDAP attribute selection TRAP allows you to con gure the user attributes that will be pulled from your LDAP / Active Directory server. By default, the system is con gured to collect and display

the following common user attributes: Display Name Telephone Number Mobile Number Email Address Company Department Street Address City State Country Group Memberships To add, or remove items from this list, use the steps below.

1. Log in to TRAP. 2. Navigate to Settings > Contextual Data Sources > Displayed User Attributes. 3. Select attribute that you would like to be displayed for users. Place a checkmark next to items in Available Attributes to select them Uncheck items in Selected Attributes to remove them 4. Re-order the Selected Attributes by dragging-and-dropping items into your preferred order. This is how they will be displayed in the UI. 5. Click Save Settings.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback