NDR: Deploying a Virtual Sensor in GCP

Notice

• This guide is intended to serve as an example only. Users must modify applicable details, such as IP addresses, subnets, and device names, to align with their specific environment.

•  

  Exercise caution when making changes to your firewall or environment, as unplanned modifications can result in downtime, depending on the complexity of the configuration and infrastructure.

•  

  Your experience may vary if you are using a different software version or a product from another brand or manufacturer. Please note that you are solely responsible for the configuration and management of your devices.

GCP Modular Sensor Deployment

CAUTION: The examples below are intended to be serve as general guidelines. Your platform or software version may differ, resulting in variations in images, screens, options, or other elements. 

Preparing

You must have:

• One IP address with access to a default gateway

To prepare for the installation:

1. Open firewall ports for log ingestion.
2. Open firewall ports for Network Traffic, Sandbox, and IDS features, as necessary.
3. Reply to your NDR integration ticket for access to the image. You must provide:
   • The GCP Gmail account name
   • Do this at least 3-5 business days before installing, so that there is enough time to deploy the images to your account.

Configuring and Launching the Instance

1. Log in to your Google Cloud Platform Console.

2. Use the dropdown in the toolbar to select the Project where you want to deploy the DP.

3. Select the Compute Engine | VM instances entry from the left navigation panel.

4. Click the Create Instance button.

5. Supply a Name, Region, and Zone for the instance.

6. Choose a Machine type for the instance. You can either choose one of the preconfigured GCP machine types or create a Custom machine type, so long as the instance meets the minimum specifications for your sensor.
   1. In the example below, we are creating a Custom Machine Type with 16 virtual cores and 32 GB of memory to serve as the foundation for our Modular Sensor:

7. Scroll down to the Boot disk section and click the CHANGE button.

8. Click on the CUSTOM IMAGES tab and then click the CHANGE button in the Source project for images entry, as illustrated below.

9. Click the SELECT A PROJECT button, set the Organization dropdown to NO ORGANIZATION, and choose the stellar-official-images project, as illustrated below.
   1. The stellar-official-images entry won't appear until we've made images available to your account. If you don't see the stellar-official-images entry, make sure your region is the same one where you asked Customer Success to deploy the images.

10. Select the entry for your sensor version and type from the Images dropdown.

11. Set the Boot disk type to Balanced persistent disk, choose a size of 100 GB, and click Select.

1. You are returned to the Create an instance wizard.

12. Click the Create button to create the instance.

1. You can launch the image but you cannot copy it. This means that the VM must be deployed in the GCP region where the image was authorized.

13. The VM is now running in the GCP cloud and appears in the Compute engine | VM instances list, as illustrated below. Copy the External IP address so you can use it to connect to the Sensor's console in the next section.