The Coralogix STA comes, out-of-the-box with tools and services that automatically handle the majority of the management tasks of the STA so you won’t have to do anything to keep it running and working as expected.
Just in case you’ll need it, the STA comes with a collection of commands that will help you control it. In this article, we’ll explain each command and when to use it:
sta-acknowledge-installation-id – When you have finished installing the STA, it is recommended that you will run the command sta-get-installation-id and store its output in some secure place and then run this command. The installation ID is required to get privileged access to the STA, thing which might be required by our support team. Once you run this command, it will erase the installation ID from the instance.
sta-get-status-short – This command will print something similar to the following output which will indicate the current status of every service in the STA. If the STA was just installed it is normal that it takes for some services some time to stabilize:
sta-test-coralogix-connection – This command will test the connection to Coralogix by sending a dummy event to your Coralogix account. If you see it in Coralogix within a second or two it means that the connection to Coralogix is working properly.
sta-lookup-rule – This command allows you to find a Suricata rule used by the STA by using its SID as mentioned here: How to Modify an STA Suricata Rule
sta-wazuh-list-agents – If you have installed Wazuh agents and have connected them to the STA, this command will display a list of all the connected agents like this:
Available agents:
ID: 001, Name: ip-172-31-29-200, IP: any
ID: 002, Name: ip-172-31-29-10, IP: any
ID: 003, Name: ip-172-31-30-89, IP: any
ID: 004, Name: ip-172-31-27-174, IP: any
ID: 005, Name: ip-172-31-31-73, IP: any
ID: 006, Name: ip-172-31-30-60, IP: any
ID: 007, Name: ip-172-31-21-241, IP: any
ID: 008, Name: ip-172-31-17-78, IP: any
ID: 009, Name: ip-172-31-29-40, IP: any
ID: 010, Name: ip-172-31-23-114, IP: any
sta-force-rules-updater – Normally, the STA will update its set of rules for Suricata, Zeek and Wazuh every day at 07:07AM at the STA’s local time. If you want it to update these rules now run this command.
sta-force-sync-configs – Normally, the STA will attempt to synchronize its config files from the S3 bucket that has been configured during the installation phase every three minutes. If you have made a change to your configuration and would like to apply these changes now you can run this command.
sta-diag-general – Provides a general overview of the STA’s performance including both network, processor, disk and memory metrics.
sta-diag-network – Provides detailed real-time information about the network usage in the STA.
sta-diag-top – Launches a “top” like tool that provides information about processes, threads, memory and tasks metrics.
sta-test-enrich – Tests the enrichment of data by the various services in the STA.
sta-set-mgmt-ip – Useful for on-prem installations where each server has a manual management IP address. In such cases use this command to specify the address you would like the STA to have.
sta-set-mgmt-ip-dhcp – Useful for on-prem installations. In case you used the sta-set-mgmt-ip command to force the STA to use a manually set IP address for its management network interface and now interested in reverting that to the default (using an IP address from a DHCP)
Notes: