Multi-environment orchestration allows ThreatConnect® users that have an Environment Server behind a firewall to use their instance to communicate with that server and run applications inside their firewall. This article provides the system requirements for installing an instance of the ThreatConnect Environment Server. See Playbook Environments for information about how to administrate an Environment and configure an Environment to an Environment Server.
In order to install an instance of the ThreatConnect Environment Server, the requirements in the following sections must be met.
The ThreatConnect Environment Server platform requires a server, virtual or physical, that meets the following minimum specifications:
- 4 CPU/vCPU Cores (2 GHz)
- 4 GB of memory
- 10 GB of storage
NOTE: These requirements apply specifically to the Environment Server, not to the ThreatConnect server operating system in general. Minimum memory and storage requirements must be available to the Environment Server. Operating system requirements may vary.
As the number or frequency of jobs increases, the need to increase system resources will likely occur. The listing in Table 1 highlights typical TC Exchange™ apps and their specific system-resource needs.
|App Name||Frequency||CPU Used||Memory Used|
|ArcSight™ EMS Extract||Daily||1.44||75|
|Tanium™ Extract v2.0||Daily||< 1||< 50|
|QRadar® Extract v2.0||Daily||< 1||< 50|
|Palo Alto PAN-OS® Block List||Daily||.10||2.5|
The ThreatConnect Environment Server and its supporting packages require the following software environment in order to run properly:
- Operating System: Red Hat® Linux® variant—either Red Hat Enterprise Linux® (RHEL) or CentOS™ 6 or 7
- Java® Development Kit (JDK): Access to a local installation of Java 8 (JDK version 1.8)
- Python®: Installation of Python 3.6.x for Linux
End-User Web Browser
It is recommended that secure WebSockets be allowed from the ThreatConnect user's browser out to the cloud instance so that the Environment Server metrics can be monitored from the user interface. The specific traffic that needs to be allowed is wss://FQDN-of-cloud-instance:62000.
TC Exchange requires an available Simple Mail Transfer Protocol (SMTP) server to send email alerts and to correspond with users. This server must be routable from the server running the platform, and if SMTP authorization is required, the ThreatConnect Environment Server will need access to a username and password in order to generate these emails.
TC Exchange™ is a trademark of ThreatConnect, Inc.
ArcSight™ is a trademark of the Hewlett Packard Enterprise Company.
QRadar® is a registered trademark of the IBM Corporation.
Linux® is a registered trademark of Linus Torvalds.
Java® is a registered trademark of the Oracle Corporation.
PAN-OS® is a registered trademark of Palo Alto Networks.
Python® is a registered trademark of the Python Software Foundation.
Red Hat® and Enterprise Linux® are registered trademarks and CentOS™ is a trademark of Red Hat, Inc.
Tanium™ is a trademark of Tanium, Inc.