Overview

Data Theorem’s Network Analyzer is software that runs in your environment that analyzes network traffic from any source configured to mirror traffic to it. The Network Analyzer processes the traffic in your environment and sends only metadata about the traffic back to Data Theorem.

NetworkAnalyzer.drawio.svg

Deployment

In most cases, the Network Analyzer will be installed automatically as a component of a specific integration. It is also possible to install the Network Analyzer by itself, independently of any integrations. This section documents the most common methods for installing the software

Deploy to Kubernetes via Helm Chart

Requirements

Step 1: Extract the Helm Chart

unzip network_analyzer_helm_chart.zip

Step 2: Deploy the Helm Chart

In the directory where the archive has been uncompressed, to start the services of the network traffic analyzer run the following command:

helm update network-analyzer \
    --install \
    ./network_analyzer        \
    --create-namespace        \
    --namespace datatheorem

Verify Deployment

To verify the network traffic analyzer services have started properly run the following command:

kubectl -n datatheorem get pods

If the service has started properly you should see something mostly the same as the following:

NAME                       READY   STATUS    RESTARTS   AGE
analyzer-f5f97db88-ktg4v   1/1     Running   0          69s

Deploy as AWS AppRunner Service via Terraform

Requirements

Step 1: Extract the Terraform module and copy it to your Terraform modules folder

unzip network_analyzer.zip
cp datatheorem-network-analyzer-module <your-terraform-dir>/modules

Step 2: Install the module

terraform get

Step 3: Deploy the Terraform module

terraform apply

Deploy as AWS AppRunner Service via CloudFormation Template

Requirements

Step 1: Extract the CloudFormation template

unzip network_analyzer.zip

Step 2: Deploy the the CloudFormation template

aws cloudformation create-stack \
    --stack-name datatheorem-nework-analyzer \
    --template-body file://${PWD}/deploy.yaml \
    --capabilities CAPABILITY_IAM \
    --parameters file://params.json

Verify Deployment

To verify the network traffic analyzer services have started properly run the following command:

aws cloudformation describe-stacks \
    --stack-name datatheorem-network-analyzer \
    --query 'Stacks[0].StackStatus'

Deploy Docker Container

Requirements

Step 1: Extract the env archive

unzip network_analyzer_env.zip

Step 2: Start the container

sudo docker run \
  --restart unless-stopped \
  --detach \
  -p 8081:8081 \
  --env-file dt_env \
  us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/analyzer:latest

Verify Deployment

To verify the network traffic analyzer services have started properly run the following command:

sudo docker ps

If the service has started properly you should see something mostly the same as the following:

CONTAINER ID   IMAGE                                                                                   COMMAND                  CREATED       STATUS                 PORTS                                      NAMES
250db9d1cba5   us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/analyzer:latest   "supervisord -c /etc…"   1 min ago   Up 1 min (healthy)   0.0.0.0:8081->8081/tcp, :::8081->8081/tcp  api-protect-analyzer-1

Deploy Podman Container

Requirements

Step 1: Extract the env archive

unzip network_analyzer_env.zip

Step 2: Start the container

podman run \
  --restart unless-stopped \
  -p 8081:8081 \
  --env-file dt_env \
  us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/analyzer:latest

Verify Deployment

To verify the network traffic analyzer services have started properly run the following command:

podman ps

If the service has started properly you should see something mostly the same as the following:

CONTAINER ID   IMAGE                                                                                   COMMAND                  CREATED       STATUS                 PORTS                                      NAMES
360db972caa9   us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/analyzer:latest   "supervisord -c /etc…"   1 min ago   Up 1 min (healthy)   0.0.0.0:8081->8081/tcp, :::8081->8081/tcp  api-protect-analyzer-1

Deploy as Docker Compose Service

Requirements

Step 1: Extract the archive

unzip network_analyzer.zip

Step 2: Start the Docker Compose Service

In the directory where the archive has been uncompressed, to start the services of the network traffic analyzer run the following command:

docker-compose up -d

Verify Deployment

To verify the network traffic analyzer services have started properly run the following command:

docker-compose ps

If the service has started properly you should see something mostly the same as the following:

CONTAINER ID   IMAGE                                                                                   COMMAND                  CREATED       STATUS                 PORTS                                      NAMES
360db972caa9   us-central1-docker.pkg.dev/dev-api-protect-api/cloud-protect-registry/analyzer:latest   "supervisord -c /etc…"   1 hours ago   Up 1 hours (healthy)   0.0.0.0:8081->8081/tcp, :::8081->8081/tcp  api-protect-analyzer-1

 

Deploy Podman Container With Packet Capture Support

Requirements

sudo yum install -y vim tcpdump podman

Step 1: Download or create analyzer_env_file in /usr/share/containers/systemd/

# copy/paste from portal or get from sales
BEARER_TOKEN="<replace with bearer token>"
#CAPTURE_ARGS='tcp and dst port 80'
#START_OPENAPI_SERVICE=false
#UVICORN_EXTRA_ARGS="--no-access-log"
#LOG_LEVEL=DEBUG

Step 2: Start the container 

sudo podman run \
--network host \
--privileged \
--env-file=analyzer_env_file \
us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/pc-analyzer:latest

Verify Deployment

To verify the network traffic analyzer services have started properly run the following command:

sudo podman ps

If the service has started properly you should see something mostly the same as the following:

CONTAINER ID   IMAGE                                                                                   COMMAND                  CREATED       STATUS                 PORTS                                      NAMES
360db972caa9   us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/pc-analyzer:latest   "supervisord -c /etc…"   1 min ago   Up 1 min (healthy)   0.0.0.0:8081->8081/tcp, :::8081->8081/tcp  api-protect-analyzer-1

Stop container and replace with systemd service in next step

sudo podman kill <container_name>

Step 3: Create systemd unit file /usr/share/containers/systemd/analyzer.container

# /usr/share/containers/systemd/analyzer.container
[Unit]
Description=Data Theorem Analyzer
After=local-fs.target

[Container]
Image=us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/pc-analyzer:latest
AutoUpdate=registry
EnvironmentFile=/usr/share/containers/systemd/analyzer_env_file
PodmanArgs=--privileged
Network=host
Pull=always

[Service]
Restart=always
# allow time for container to pull
TimeoutStartSec=900

[Install]
# Start by default on boot
WantedBy=default.target

Verify systemd service

sudo systemctl daemon-reload

sudo systemctl start analyzer.service

systemctl status analyzer.service

sudo systemctl enable --now podman-auto-update.service
sudo systemctl enable --now podman-auto-update.timer

systemctl status podman-auto-update.timer
systemctl status podman-auto-update.service