Professional Documents
Culture Documents
3.9
Table of Contents
Note:
Microsoft Hyper-V v6.3 can be installed on Windows Server 2008R2 or Windows Server
2012R2.
The PTA image must be installed on a dedicated machine that has access to the Vault, or
to the primary Vault in a distributed Vault environment, and also to either the
organizational SIEM solution, or UNIX inspected machines for syslogs.
The minimum requirements for installing this image on a VM machine are as follows:
■ 4 Core-CPU
■ 16 GB RAM memory
■ 500 GB hard disk storage
Supported Browsers
PTA currently supports the following browsers:
■ Internet Explorer 11.0 with Compatibility mode 9
■ Chrome - latest version
■ Firefox - latest version
IP Requirements
PTA requires an IP in one of the following forms:
■ Static Address: A static IP address.
■ DHCP: If the organization has a DHCP server which dynamically allocates IP
addresses, verify with the organization’s IT that the PTA machine’s IP address is
locked.
DNS Requirements
■ DNS: A DNS address record that maps the host name PTAServer to the IP address
of the PTA machine. The DNS configured in PTA must recognize all the machines
from which PTA will receive syslog messages. PTA requires both the Forward (A
record) and Reverse (PTR record) lookup.
LDAP/S Requirements
LDAP: PTA can integrate with LDAP to:
■ Enable LDAP authentication
■ Broaden and increase the accuracy of PTA detections
In order to integrate PTA with LDAP, define a group name in PTA which has the same
name as the group sAMAccountName, which appears in Active Directory.
Note:
To integrate with LDAP over SSL, create a dedicated security Base-64 encoded X.509 certificate.
LDAP login and query permission are required for the bind user.
Currently, PTA only integrates with Microsoft Active Directory LDAP.
Note:
Create a dedicated Base-64 encoded X.509 SSL certificate.
■ Client authentication requires a SHA-256 certificate issued for the Domain Controller
with the Microsoft Enhanced RSA and AES Cryptographic Provider CSP
enabled for the Template. This CSP is disabled by default.
Note:
Create a dedicated Base-64 encoded X.509 SSL certificate.
Certificate Requirements
You can use the self-signed certificate created during PTA installation, or use your
organization's SSL certificate.
If you use your organization's SSL certificate:
■ The Certificate Signing Request (CSR) requires a Base-64 encoded X.509 SSL
certificate.
■ The SSL Certificate Chain requires a Base-64 encoded X.509 SSL certificate
■ The SSL Certificate Issuer Chain requires a Base-64 encoded X.509 SSL certificate
Note:
In order for PTA to monitor activity of privileged accounts in Windows machines,
Windows security events 4624, 4723, and 4724 from each monitored Windows
machine must be forwarded to the SIEM and from the SIEM to PTA.
■ Unix: When collecting syslogs directly from Unix machines, PAM Unix is supported.
PAM Unix is supported by multiple Unix flavors, such as Red Hat Linux, HP-UX, and
Solaris.
Supported PAM Unix events include accepted public key, accepted password, and
session open.
■ Database: Oracle logon events are supported.
■ Network Sensor: Traffic is received from domain controllers in the environment.
■ Vault: Specific events are accepted. Supported device types are operating system
and database.
Note:
All blocked communication is logged to /var/log/iptables.log .
Source Destination
# Protocol Description
Port Port
2. UDP 514,
11514
2. UDP 514
VM: Support VMware ESXi version 5.5 and higher, hardware version 8 and
higher.
Note:
These are the minimum mandatory requirements. You must follow these requirements
when installing the PTA Network Sensor.
Physical
Requirement
Hardware
RAM 8GB
CPU 8 cores
Traffic The physical or virtual network interface that listens to the network traffic.
Monitoring
NIC
Note:
These are the minimum mandatory requirements. You must follow these requirements
when installing the PTA Network Sensor.
Physical
Requirement
Hardware
RAM 4GB
CPU 4 cores
Traffic The physical or virtual network interface that listens to the network traffic.
Monitoring
NIC
Note:
These are the minimum mandatory requirements. You must follow these requirements
when installing the PTA Network Sensor.
RAM 8GB
CPU 8 cores
VM Network VMXNET3
Driver
Note:
It is recommended to run the PTA Network Sensor in the Standard recommended
configuration, in order to allow PTA to scale up to the expected network traffic load.
Note:
These are the minimum mandatory requirements. You must follow these requirements
when installing the PTA Network Sensor.
RAM 4 GB
CPU 4 cores
Hard Disk 40 GB
Storage (SSD is recommended).
VM Network VMXNET3
Driver
Note:
It is recommended to run the PTA Network Sensor in the Standard recommended
configuration, in order to allow PTA to scale up to the expected network traffic load.