Configure an Analyzer

Configure an Analyzer


Configure an Analyzer

  1. Overview
  2. Prerequisites
  3. Windows 
  1. Steps 
  1. Configure Analyzer
  2. Deploy Analyzer
  3. Enable and Configure File Audit
  1. AWS 
  1. Steps 
  1. Configure Analyzer
  2. Deploy Analyzer

Overview

An analyzer is the component that monitors a storage location, analyzes files, takes response actions and sends alerts. Unlike the Management Service, Analyzers are deployed in the customer’s environment. Analyzers are deployed as containers or as compiled python, which can be installed as a service on Windows.

Prerequisites

You must have already defined a site in your Admin Portal.

Windows

Steps

Configure Analyzer

Currently, an analyzer needs to be added and saved before you can do a deployment. There are some server side actions that need to happen, and those aren’t triggered until you click Save on a new analyzer.

  1. Add a new Analyzer. In the Admin Portal, click on Analyzers, and click the button in the top right corner.
  2. Enter Analyzer Name
  3. For Type, choose SMB
  4. Choose Site, Region, and Policy
  5. Click Save

Deploy Analyzer

  1. Select your Analyzer and click the Edit (pencil) icon
  2. Click the Deploy button
  3. Click the Installer button to download the installer
  4. Cop the installer zip file to the server you want to install onto
  5. Unzip the installer file
  6. Right click on INSTALL.ps1 and click Run as Administrator
  7. Follow the instructions

Enable and Configure File Audit

Instructions can be found here

AWS

Steps


Configure Analyzer

Currently, an analyzer needs to be added and saved before you can do a deployment. There are some server side actions that need to happen, and those aren’t triggered until you click Save on a new analyzer.

If you need to send the CloudFormation template to another person to install (or for approval), you can click View Template and save the file locally. If you have cloud admin permissions, you can deploy the CloudFormation template directly from the RansomStop Admin Portal.

  1. Add a new Analyzer. In the Admin Portal, click on Analyzers, and click the button in the top right corner.
  2. Enter Analyzer Name
  3. For Type, choose S3
  4. Choose Site, Region, and Policy
  5. Expand the Networking section
  6. You will need to provide a VPC and 1-3 subnets from that VPC.

There is a convenient cloud button to take you to your AWS console so you can copy/paste the VPC and Subnet IDs. Subnet IDs should be 1 per line, max 3, no punctuation or extra characters.

  1. Click Save

Deploy Analyzer

  1. Deploy Template. Select your Analyzer

If the edit icon is green, the Analyzer has already been deployed. If it is orange, it has not yet been deployed.

  1. Expand the Deployment Section and click Deploy Template


  1. Create Stack. Click Next.

  1. Stack Details. Click Next.

  1. Stack Options. Click Acknowledge and Click Next.

  1. Stack Create

  1. Acknowledge
  2. Go back to the Admin Portal, to the Analyzer dialog
  3. Click the Policy Deployed slider and click Save


    • Related Articles

    • Configure a Site

      Configure a Site Overview Steps Configure A Site Deploy A Site Overview A site is a logical definition of a cloud account or an on-prem location. A site needs to be configured and deployed before you can deploy an analyzer in an environment. Once you ...

    • Configure a Windows Active Directory Site

      Overview Steps Configure A Windows Active Directory Site Deploy A Windows Active Directory Site Overview A site is a logical definition of a cloud account or an on-prem location. A site needs to be configured and deployed before you can deploy an ...

    • Installing RansomStop for Google Drive

      Overview RansomStop can monitor Google Drive and automatically suspend compromised user account which exhibit ransomware activity, i.e. malicious encryption events. To do this RansomStop has to be installed in your Google Cloud Platform (GCP) ...

    • Getting Started with the RansomStop Dashboard

      Overview Welcome to the RansomStop Dashboard walkthrough. This guide covers the main features and navigation of the dashboard. Dashboard 1. Alerts The dashboard is the default log on screen. It gives you a quick overview of alerts and file activity. ...

    • Installing RansomStop for Windows

      Overview Before installation, you will receive a custom URL, a username, and a password. This guide walks you through logging in to the RansomStop dashboard and installing the Windows analyzer. Login to the Dashboard 1. Navigate to Your Custom URL ...