ThreatConnect Environment Server System Requirements

Last Updated: Jun 03, 2019 10:43AM EDT
System Administrator


Multi-environment orchestration allows ThreatConnect® users that have an Environment Server behind a firewall to use their instance to communicate with that server and run applications inside their firewall. This article provides the system requirements for installing an instance of the ThreatConnect Environment Server. See Playbook Environments for information about how to administrate an Environment and configure an Environment to an Environment Server.

System Requirements

In order to install an instance of the ThreatConnect Environment Server, the requirements in the following sections must be met.


The ThreatConnect Environment Server platform requires a server, virtual or physical, that meets the following minimum specifications:

  • 4 CPU/vCPU Cores (2 GHz)
  • 4 GB of memory
  • 10 GB of storage

NOTE: These requirements apply specifically to the Environment Server, not to the ThreatConnect server operating system in general. Minimum memory and storage requirements must be available to the Environment Server. Operating system requirements may vary.

As the number or frequency of jobs increases, the need to increase system resources will likely occur. The listing in Table 1 highlights typical TC Exchange apps and their specific system-resource needs.

Table 1

App Name Frequency CPU Used Memory Used
ArcSight EMS Extract Daily 1.44 75
Tanium Extract v2.0 Daily < 1 < 50
QRadar® Extract v2.0 Daily < 1 < 50
Palo Alto PAN-OS® Block List Daily .10 2.5


The ThreatConnect Environment Server and its supporting packages require the following software environment in order to run properly:

  • Operating System: Red Hat® Linux® variant—either Red Hat Enterprise Linux® (RHEL) or CentOS 6 or 7
  • Java® Development Kit (JDK): Access to a local installation of Java 8 (JDK version 1.8)
  • Python®: Installation of Python 3.6.x for Linux

End-User Web Browser

It is recommended that secure WebSockets be allowed from the ThreatConnect user's browser out to the cloud instance so that the Environment Server metrics can be monitored from the user interface. The specific traffic that needs to be allowed is wss://FQDN-of-cloud-instance:62000.

SMTP Server

TC Exchange requires an available Simple Mail Transfer Protocol (SMTP) server to send email alerts and to correspond with users. This server must be routable from the server running the platform, and if SMTP authorization is required, the ThreatConnect Environment Server will need access to a username and password in order to generate these emails.

TC Exchange is a trademark of ThreatConnect, Inc.
ArcSight is a trademark of the Hewlett Packard Enterprise Company.
QRadar® is a registered trademark of the IBM Corporation.
Linux® is a registered trademark of Linus Torvalds.
Java® is a registered trademark of the Oracle Corporation.
PAN-OS® is a registered trademark of Palo Alto Networks.
Python® is a registered trademark of the Python Software Foundation.
Red Hat® and Enterprise Linux® are registered trademarks and CentOS is a trademark of Red Hat, Inc.
Tanium is a trademark of Tanium, Inc.

20081-02 EN Rev. A

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found