Set up OVA to use EDR feature
This feature helps you deploy OVA on the VirtualBox. OVA (Open Virtualization Appliance) file contains a compressed version of a virtual machine with Live Query and MISP server features. When you deploy an OVA file, the virtual machine is extracted and imported into the virtualization software installed on your computer.
OVA Details
- OVA File name: edr_ova.ova
- Oracle Virtual box version: 7.0.6
Prerequisites
- Thirtyseven4 EDR Security 8.2 Server is installed and reachable from the host machine where the virtual machine (VM) is installed.
- Disk space: Minimum 25 GB; Recommended 100 GB and above.
- CPU: Minimum 2 vCPU; Recommended 4 vCPU and above.
- Enable Virtualization in the BIOS of the host machine where the VM will be created. You can refer to your hardware documentation; how to enable virtualization."
- Oracle VM Virtual Box Manager, 7.0.6 or later
- RAM: Minimum 4 GB; Recommended 8 GB and above.
- edr_ova.ova build file
- Internet connection is mandatory to use EDR feature.
Step 1: Download EDR Setup – Fresh Install
- Log on to Thirtyseven4 EDR Security 8.2.
- Go to Configuration > EDR.
- Click the Download EDR Setup button to download the setup OVA file. The OVA file is downloaded.
This is one-time activity to configure EDR setup.
Step 2: Deploy OVA on VirtualBox
- Download and install Oracle VM VirtualBox Manager.
- Open the Oracle VM VirtualBox Manager.
- Go to File > Import Appliance.
- In this step, choose a virtual appliance file to import. Click Browse and select OVA file downloaded as mentioned above.
- Click Next and follow the wizard.
- Click Import.
- In the Application Settings, verify the requirement of RAM and HDD. If required, edit the values.
- Click Finish. OVA is imported successfully on the VM.
- Click Start icon to start the VM. The VM is ready for use.
Step 3: Configure EDR Setup
- Start the VM by double-clicking the icon.
- Enter Username and password.
username – livequery
password – LQfeature001#
When the user logs in for the first time, a one-time initialization script is invoked.
This is an interactive communication where the user is required to provide the requested inputs as follows. - Enter hostname (FQDN) and hit [Enter]. This Hostname is used for logging into the MISP server and configuring live Query on the Thirtyseven4 EDR Security console.
- A message about Certificate management appears. To generate a new certificate, type 1 and hit [Enter].
If the certificate already exists, type 2 and hit [Enter]. Copy and paste the certificate content and hit [Enter]. - Set the console URL. Provide the IP/Hostname of the Thirtyseven4 EDR Security server.
- Enter Port Number for Live Query TLS server. TLS Server port number is 6443 by default. You can change it if required. To continue, hit [Enter].
- Port number for MISP Server is 8443. You can change it if required. To continue, hit [Enter].
- Live Query TLS server will be configured. Wait for a few seconds as the Live Query TLS server is initializing.
The success message appears.
Link to access MISP UI appears. Note down the link.
MISP credentials appear. Note down username and password which are required to generate an “Authentication Key” to be entered on Thirtyseven4 EDR Security Console UI.
MISP and Live Query server are installed successfully.
After OVA configuration, to initialize the system the following options are available.
- View MISP Settings
- Certificate Management
- Set the console URL.
- Restart Livequery
- Check for updates – Check for Live Query updates
- Reboot System Now
- Shutdown System Now
- Quit
You can select the option and type the corresponding number and hit [Enter].
About Updates
- Every midnight the updates are checked and applied automatically
- On-demand updates can be set through the option 5 mentioned above
- Updates are available for Live query only