The Coralogix STA (Security Traffic Analyzer) is a tool by Coralogix for deep packet inspection, packet capturing, cloud configuration vulnerability scanning, and more.
The STA can be installed using the following methods:
Before you install the STA please make sure the following requests are met:
sta-ng.tf
:variable "CompanyID" { type = string } variable "Subnet" { type = string } variable "VpcId" { type = string } variable "PrivateKey" { type = string } variable "KeyName" { type = string } variable "MgmtNicSecurityGroupID" { type = string } variable "AppName" { type = string } variable "ConfigS3Bucket" { type = string default = "" } variable "PacketsS3Bucket" { type = string default = "" } variable "WazuhRequired" { type = number default = 1 } variable "ElasticIpRequired" { type = number default = 1 } variable "STALifecycle" { type = string default = "ondemand" } variable "STASize" { type = string default = "medium" } variable "CoralogixApiEndpointHostname" { type = string default = "api.coralogix.com" } variable "CoralogixSyslogEndpointHostname" { type = string default = "syslogserver.coralogix.com" } variable "EncryptDisk" { type = bool default = false } variable "DiskSize" { type = number default = 250 } variable "DiskType" { type = string default = "gp2" } variable "STAInstanceType" { type = string default = "" } variable "SpotPrice" { type = number default = 0.5 } variable "tags" { } module sta_ng { source = "s3::https://coralogix-integrations.s3-eu-west-1.amazonaws.com/cloud-security/terraform/<strong><target-aws-region></strong>/sta_ng.template.tgz" CompanyID = var.CompanyID Subnet = var.Subnet VpcId = var.VpcId PrivateKey = var.PrivateKey KeyName = var.KeyName MgmtNicSecurityGroupID = var.MgmtNicSecurityGroupID AppName = var.AppName ConfigS3Bucket = var.ConfigS3Bucket CoralogixApiEndpointHostname = var.CoralogixApiEndpointHostname CoralogixSyslogEndpointHostname = var.CoralogixSyslogEndpointHostname PacketsS3Bucket = var.PacketsS3Bucket EncryptDisk = var.EncryptDisk DiskSize = var.DiskSize STALifecycle = var.STALifecycle STASize = var.STASize WazuhRequired = var.WazuhRequired ElasticIpRequired = var.ElasticIpRequired STAInstanceType = var.STAInstanceType tags = var.tags }
values.auto.tfvars.json
:{ "PrivateKey": "<coralogix-private-key>", "KeyName": "<ssh-key-to-use-for-connecting-to-the-sta>", "MgmtNicSecurityGroupID": "<security-group-id-to-assign-to-management-interface>", "VpcId": "<vpc-id-to-install-the-sta-in>", "AppName": "<coralogix-application-name-for-sta-data>", "ConfigS3Bucket": "<an-EMPTY-S3-bucket-for-configuration>", "CompanyID": "<coralogix-company-id>", "Subnet": "<aws-subnet-id-to-install-the-sta-in>", "STALifecycle": "<[ondemand|spotfleet]>", "STASize": "<[small|medium|large>", "WazuhRequired": <[0|1]>, "ElasticIpRequired": <[0|1]>, "tags": { "<example-additional-tag-name>": "<example-additional-tag-value>" } }
terraform init
from the same folderterraform plan
and examine the changes that are going to be applied to your environmentterraform apply
from the same folder and approve the changes passwd
and change the default password of the ubuntu userSTA requires access to S3 for its config files. In some environments Internet outbound access is required to be limited to specific IPs, which means no access to public S3 will be available. In order to allow connectivity using amazon private network – Set a designated VPC gateway endpoint that connects your VPC directly to Amazon S3.
* Make sure your VPC’s route table contains Coralogix’s endpoints.
* In addition, in such environments the following enrichment services will not work: dns-rbls, unshorten-url, nist-cpe.
After installing the STA, you can move forward in one of the following ways (or all of them) to get the most out of your newly installed STA:
sta-get-installation-id
and copy the uuid that is displayed on the screen and save it in a safe place. This key is required to login to the STA with administrative privileges which might be needed as part of a troubleshooting session.sta-acknowledge-installation-id
and carefully follow the instructions on the screen to remove the installation ID from the STAIf you have any questions or need any additional help, please contact our support team via our 24/7 in-app chat!