Skip to content

Configuring an ActZero VM from script

Estimated Time to Complete: 30 minutes

Configure an ActZero virtual machine (VM) in your environment enables ActZero to:

  1. Collect the log file information it needs to monitor and detect events in your environment for signs of suspicious activity.
  2. Initiate network vulnerability scans.

During installation, you will be able to select either or both roles.

Use the following instructions to provision a VM by running a bash script.

VM Networking Prerequisites

The VM requires access to some web services to provide the required coverage. If you have a web proxy or strict firewall rules please ensure the VM has access to the following sites:

CrowdStrike - for EDR security on the VM

  • api.us-2.crowdstrike.com
  • ts01-gyr-maverick.cloudsink.net
  • lfo down01-gyr-maverick.cloudsink.net

Docker - for docker components on the VM

  • registry.hub.docker.com
  • download.docker.com
  • production.cloudflare.docker.com

Ubuntu - for security updates on the VM (note that many Ubuntu mirrors are set up for HTTP and port 80/443 should be allowed)

  • changelogs.ubuntu.com
  • us.archive.ubuntu.com
  • esm.ubuntu.com
  • security.ubuntu.com

Python - for Python components of the VM

  • pypi.org
  • files.pythonhosted.org

VM Communication - for cloud connection

  • warden.mdr-prod.intelligonetworks.com (allow outbound UDP 4501 and TCP 443)
  • vm.prod.data-platform.actzero.ai
  • repo.charm.sh

Network Scanner Role only - for downloading the latest scanner

  • www.tenable.com

_Note: If your firewall does not accept FQDN entries the above sites will need to be entered as IPs and will need to be updated on a periodic basis as IPs can change over time. To find and extract the IPs for a FQDN run the following: nslookup <address>

VM System Requirements

Presently Ubuntu is the only Linux distribution supported. To install Ubuntu refer to your hypervisor or cloud provider documentation.

System Requirements
Operating System 64 bit Intel Ubuntu 22.04 or later (Server edition, LTS recommended)
CPU Minimum 4 vCPU
RAM Minimum 8 GB
Disk space Minimum 50 GB

Run the script from a sudo enable user

  1. Login to the Ubuntu system with a user that can sudo. (either via SSH or from the hypervisor console)

  2. Escalate to root using sudo -i (depending on your setup you may be prompted for a password) 

    username@computer:~$ sudo -i
[sudo] password for 'username':
root@computer:~#

  3. Note that running the script without root privileges will cause a warning. 

    Please run this script as root. e.g. sudo -i or sudo su to elevate privileges
username@computer:~$

  4. Run the script using the command below and follow the instructions. 

    curl -sSLf http://agent.actzero.ai/installer.sh | bash

  5. Enter the activation code from the ActZero portal 

    Please enter the 16 character activation code
e.g. E9YK2X4P3Lkh1Kho

  6. Select one or more roles to be installed. 

    Select one or more VM roles
[x] Log Collector
[x] Network Scanner

  7. Take note of the IP used for syslog forwarding and/or vulnerability scanning. 

    Log collector installed, please forward syslog traffic to xx.xx.xx.xx
TCP UDP port 514
TLS port 1514
Network scanner is installed, please allow traffic from xx.xx.xx.xx to all internal subnets to be scanned