2. Requirements

2.1. Hardware Requirement

There are a few things to consider, before you start with the installation.

If you install on VMWare, the minimum requirements for the virtual machine are as follows:

• System memory: 16 GB

• Hard disk: 200 GB

• CPU cores: 2

The disk size of 200 GB is fine in scenarios where you import only Alerts and Warnings into the Cockpit, scan less than 1.000 systems on a weekly basis and want to keep the logs for less than one year. If you also import Notices and Info messages for these 1.000 servers, we recommend a disk size of at least 500 GB.

For an Installation of up to 20.000 endpoints the following specifications are recommended:

• System memory: 32 GB

• Hard disk: 2 TB SSD

• CPU cores: 4

2.2. Network Requirements

The Analysis Cockpit requires the following open ports (incoming).

2.2.1. From Management Workstation to Analysis Cockpit

• Administrative web interface: 443/tcp

• Command line administration: 22/tcp

2.2.2. From Analyst Workstation to Analysis Cockpit

• Administrative web interface: 443/tcp

2.2.3. From ASGARD Management Center to Analysis Cockpit

• Syslog forwarder: 514/tcp, 514/udp

• Asset synchronization: 7443/tcp

2.2.4. From Analysis Cockpit to SIEM (optional)

• Syslog forwarder: 514/tcp, 514/udp

2.2.5. From Analysis Cockpit to the Internet

The Analysis Cockpit is configured to retrieve updates from the following URLs:

• Analysis Cockpit packages: https://update3.nextron-systems.com

A proxy system should be configured to allow access to these URLs without TLS/SSL interception (Analysis Cockpit uses client-side SSL certificates for authentication). It is possible to configure a proxy server, username and password during the setup process of the Analysis Cockpit platform. It only supports BASIC authentication, not NTLM Authentication.

2.2.6. From Analysis Cockpit to Sandbox Systems (optional)

Depending on the Sandbox system and your individual configuration.

Typically, 8080/tcp and 443/tcp are used.

2.2.7. Time Synchronization

Analysis Cockpit tries to reach the public Debian time servers by default.

• 123/udp to 0.debian.pool.ntp.org

• 123/udp to 1.debian.pool.ntp.org

• 123/udp to 2.debian.pool.ntp.org

The NTP server configuration can be changed after logging in to the Web guide.

2.2.8. DNS

Analysis Cockpit needs to be able to resolve internal and external IP addresses.

2.3. Internet Access during Installation

The Analysis Cockpit installer requires Internet access during the setup. The installation process will fail if required packages cannot be loaded from https://update3.nextron-systems.com

2.3.1. SSL/TLS Interception

The installation and update processes do not accept an unknown but valid SSL/TLS certificate presented by an intercepting entity and therefore don’t support SSL/TLS interception.

Since our products are usually used in possibly compromised environments, the integrity of our software and update packages has highest priority.

2.4. Other Optional Requirements

2.4.1. Usage of a Reverse Proxy

If you are planing to make the Analysis Cockpit available through a reverse proxy, see section 12.3. I am using a Reverse Proxy to access the Analysis Cockpit. What do I have to take care of?.