Installation

Minimum system requirements

Server minimum system requirements

CYBERQUEST is a virtual appliance but can be installed as a physical appliance as well.

In order to install CYBERQUEST 2.20 physical or virtual machines must be provided. CYBERQUEST 2.20 resides on a Linux Debian 10 instance.

• For all CYBERQUEST residing virtual machines resources must be reserved (CPU cores and RAM).

• For CYBERQUEST best performance 6th gen Intel CPU’s or equivalent must be provided.

Minimum recommended resources, as per the standard versions (no add-ons installed and for CYBERQUEST 2.20 Ultimate – 8 CPU cores license) are:

Version of CYBERQUEST 2.20	Minimum RAM recommended	Minimum Storage Recommended - GB (for data only)
Logger	8*	100**
Light	8*	200**
Advanced	16*	500**
Enterprise	32*	1000**
Ultimate	32*	1000**

*This is the minimum recommended RAM to be granted to virtual machines hosting CYBERQUEST instances. As the solutions may scale, higher RAM capacity must be allocated. For such situations, a certified CYBERQUEST technician must be consulted.

**This is the minimum recommended storage capacity – for data only. The retention period (data availability for hot searches and archive) is directly proportional with the storage capacity. For situations where online and offline data must cover longer periods, a certified CYBERQUEST technician must be consulted in order to provide requirements for storage capacity.

User(client) web application minimum system requirements:

• Web Browsers: Firefox (86+), Chrome (83+)

• Resolution: Full HD Display (1980x1080)

Windows collector (agent)

• .Net Framework 4.8

• Windows Server operating System (2012+) x64 operating system

• Visual C++ redistributable 2019+

Supported virtual enviroments

VMware is a virtualization computing software. With VMware server virtualization, a hypervisor is installed on the physical server to allow for multiple virtual machines (VMs) to run on the same physical server. Each VM can run its own operating system (OS), which means multiple operating systems can run on one physical server. All the VMs on the same physical server share resources, such as networking and RAM.

Hyper-V is Microsoft's hardware virtualization product, each virtual machine runs on virtual hardware. Hyper-V runs each virtual machine in its own isolated space, which means you can run more than one virtual machine on the same hardware at the same time. Hyper-V allows you to create virtual hard drives, virtual switches and a host of other virtual devices, all of which can be added to virtual machines.

AIO

Installation for VMware

Prior installation system requirements

In order to configure the virtual machine, the following requirements must be met first:

• ESXi 6.0 or later (VM version 11);
• 4 CPU cores;
• minimum 32 GB RAM (64 GB recommended);
• DISK1: 100 GB;
• DISK2: minimum 10 GB (1 TB recommended, but not exceeding 3,5 TB).

Download the CYBERQUEST server from here. Click on Download Free Edition button, select vmware option, complete the download form and press Download button.

Installing CYBERQUEST

A. OVA Deployment

For deploying the CYBERQUEST virtual machine (OVA file), follow these steps:

1.Connect to vCenter (or ESXi Hypervisor). Open vSphere Client or the web interface. Fill in the username and password credentials.

2.Right click on Virtual Machines and select Create/Register VM

3.In this window, select Deploy a virtual machine from an OVF or OVA file and click on Next

4.Choose a name for the virtual machine ("CyberQuest" in this example), and click on Click to select files or drag/drop to select files for CYBERQUEST server deployment.

5.In the new window, locate the CYBERQUEST virtual machine, select the files and click Open > Next.

6.Choose the storage where to import the virtual machine on and click Next.

7.Select the network and VLAN and check the box for Thin in Disk provisioning, then click Next.

8.Review the previously selected parameters, click Finish and wait for the import of CYBERQUEST virtual machine to be complete.

B. CYBERQUEST virtual machine configuration

1.Power on the CYBERQUEST virtual machine from the vSphere client (or from the web interface) by clicking on the Power on button in the top menu.

2.To open the console, press right click on the virtual machine, press click on Console > Launch remote console. You can also use the Console menu button.

3.Connect using the username “root” and password “toor1”.

4.Open the main configuration menu.

5.Use the keyboard's arrows, TAB, ESC and Enter keys for navigating the main menu. First, navigate to Setup and press Enter.

6.On Set TimeZone button, press Enter again to choose the correct timezone. Select the Geographic area and press Enter. Then, select the city/region and press Enter.

7.Configure the network by going to Setup, then press Enter. Select Network and press Enter.

8.Select eth0 and press Enter. Select STATIC and press Enter. Modify the designated fields and press Submit.

9.Configure "Hosts" by selecting Setup, then press Enter. Select Hosts and press Enter.

10.Change the IP address with the CYBERQUEST IP address and press Enter. At the prompt press "y" and Enter to confirm the change.

11.In order to increase the storage partition /data, follow these steps:

• Open the vSphere Client, locate the CYBERQUEST virtual machine on the left side tree, right click on CYBERQUEST virtual machine, select Power and click on Power Off.

  

• After the CYBERQUEST VM is powered off, click on it, select Snapshot and click on Manage snapshots

  

• In the new window, check if CYBERQUEST VM has no previous snapshot. If it has previous snapshots, delete them by selecting Snapshot then click on Delete.

• Right click on CYBERQUEST VM and select Edit Settings

  

• In the left side list select Hard disk 2 and in the right side increase the disk with a new size alocated for CYBERQUEST, then click on Save.

  

• Right click on CYBERQUEST virtual machine, select Power and click on Power on

  

• Open the console, press right click on the virtual machine, press click on Console > Launch remote console. You can also use the Console menu button.

  

• Connect with the username "root" and password "toor1", then open Main Menu configuration.

  

• Access GrowPartition, press Enter and wait for the process to finish. After the process is finished, select Reboot and press Enter for finalizing the storage partition resizing.

  

Installation for Hyper-V

Prior installation system requirements

In order to configure the virtual machine, the following requirements must be met first:

• HyperV (minimum Windows 2016);
• VM Gen 1 compatible;
• 4 CPU cores;
• minimum 32 GB RAM (64 GB recommended);
• DISK1: 100 GB;
• DISK2: minimum 10 GB (1 TB recommended, but not exceeding 3,5 TB).

Deployment Guide for Hyper-V

To deploy the CYBERQUEST server in a Hyper-V environment do the following steps:

Step 1: Download the CYBERQUEST server from here. Click on Download Free Edition button, select Hyper-V option, complete the download form and press Download button.

Step 2: Extract the content of the archive

Step 3: Open Hyper-V Manager from Start > Windows Administrative Tools

CYBERQUEST server can be deployed by create a virtual machine and attach the 2 virtual disks.

Create a virtual machine and attach the CYBERQUEST virtual disks

A. To create CYBERQUEST virtual machine please follow the steps from bellow:

1.In the top left corner right click on the Hyper-V server go to: New > Virtual Machine

2.Click Next in the Before You Begin section

3.In the Specify Name and Location section, enter a name for the CYBERQUEST server and select the folder where to store the virtual machine

4.In the Specify Generation section, select the appropriate Generation type for your environment and click Next

5.In the Assign Memory section, input the amount RAM memory for the CYBERQUEST server and click Next

6.In the Configure Networking section, select the network switch and click Next

7.In the Connect Virtual Hard Disk section, select Attach a virtual hard disk later and click Next

8.In the Summary section, click Finish

B. To attach the CYBERQUEST virtual disks please follow the steps from bellow:

1.Right click on the new created Virtual Machine and select Settings

2.In the Settings window select IDE Controller 0. In the right side select Hard Drive option and click Add

3.In the Media section, click Browse and navigate where the CYBERQUEST server virtual Hard Disks are stored

4.Select CyberQuest_2.20-Prerelease-Buster.70-1.vhdx file, click Open and Apply

5.In the Settings window select IDE Controller 0. In the right side select Hard Drive option and click Add

6.In the Media section, click Browse and navigate where the CYBERQUEST server virtual Hard Disks are stored

7.Select CyberQuest_2.20-Prerelease-Buster.70-2.vhdx file, click Open and Apply

8.Click OK to finish adding the CYBERQUEST Virtual Hard Disks

Installation Bare metal

A. Prerequisites

To install CYBERQUEST, download the following prerequisites:

• Debian 10 ISO
• EZinstall script

B. Installing Debian 10

• Create a bootable disk with Debian 10 ISO image

• Boot the system using ISO image with Debian 10

• Select the Install option from the boot menu of the installation disk

• Select English language and press Enter

• Select Other -> Europe -> Romania from the Continent or Region menu and press Enter

• Select United States from the Country to base default local settings on menu and press Enter

• Select American English from the Keymap to use menu and press Enter

• Set the name of the machine then navigate to Continue and press Enter

• Set the domain of the machine then navigate to Continue and press Enter

• Set the password of the root user of the machine then navigate to Continue and press Enter

• Re-enter the password then navigate to Continue and press Enter

• Set username (superadmin) then navigate to Continue and press Enter

• Set username of a user (superadmin) then navigate to Continue and press Enter

• Set the superadmin user password then navigate to Continue and press Enter

• Re-enter the password then navigate to Continue and press Enter

• Select Manual from the Partitioning method menu then press Enter

• Select space available for partition 1 (sda) previously configured when creating and press Enter

• Select Create a new partition and press Enter

• Select the partition size as required and press Enter

• Select Primary from the Type for the new partition menu and press Enter

• Select Beginning from the Location for new partition menu and press Enter

• Select Done setting up the partition from Partition settings menu and press Enter

• Select available space for partition 1 (sda) previously configured when creating and press Enter

• Select Create a new partition and press Enter

• Select the partition size as required and press Enter

• Select Primary from the Type for the new partition menu and press Enter

• Select Beginning from the Location for new partition menu and press Enter

• Select Mount point from the Partition settings menu and press Enter

• Select Enter Manually from the Mount point for this partition menu and press Enter

• Add /var/log in the Mount point for this partition menu, navigate to Continue and press Enter

• Select Done setting up the partition from the Partition settings menu and press Enter

• Select the available space for partition 2 (sdb) previously configured at creation and press Enter

• Select Create a new partition and press Enter

• Select the partition size as required and press Enter

• Select Primary from Type for the new partition menu and press Enter

• Select Beginning from the Location for the new partition menu and press Enter

• Select Mount point from the Partition settings menu and press Enter

• Select Enter Manually from the Mount point for this partition menu and press Enter

• Add /data to the Mount point for this partition menu, navigate to Continue and press Enter

• Select Done setting up the partition from the Partition settings menu and press Enter

• Select Finish partitioning and write changes to disk and press Enter

• Select NO to the swap space question and press Enter

• Select YES to write changes to disk and press Enter

• Select NO to do not scan another CD/DVD and press Enter

• Select NO to do not use mirror during installation and press Enter

• Select NO to do not send statistics and press Enter

• Check the SSH server and standard system utilities options (navigate and press Space) then navigate to Continue and press Enter

• Select YES for installing GRUB and press Enter

• Select /dev/sda as the installation device and press Enter

• Select Continue to complete installation and restart the machine

C. Install CYBERQUEST

• Using ssh, connect to Debian 10 machine

• Copy the installing script file EZinstallOnlineCloudRepo.sh to Debian 10 machine

• Run the script using the following command:

sudo bash EZinstallOnlineCloudRepo.sh 'buster-prerelease'

To access Web Interface, open a web browser and type the application's address or DNS name. The default address initially assigned to Web Interface is: https://CyberquestIPAddress (example).

CYBERQUEST Vulnerability scanner

There are three ways to install OpenVas. You can create the machine from scratch, import the machine into VMware or Hyper-V environment.

1. Installing OpenVas from scratch

A. Prerequisites

To install OpenVas, download the following prerequisites:

• Debian 10 ISO (OR any Linux version that supports Docker)
• EZOpenvasServer script

B. Installing Debian 10

To see how to install Debian 10, please follow the link: Debian 10

C. Install OpenVas

• Using ssh, connect to Debian 10 machine

• Copy the installing script file EZOpenvasServer.sh to Debian 10 machine

• Run the script using the following command:

sudo bash EZOpenvasServer.sh

2. Import OpenVas machine in VMware environment

A. Prior installation system requirements

In order to configure the virtual machine, the following requirements must be met first:

• ESXi 6.0 or later (VM version 11);
• 4 CPU cores;
• minimum 16 GB RAM;
• DISK1: 100 GB;
• DISK2: minimum 10 GB.

Download the OpenVas server from here and extract the archive.

B. Installing OpenVas

For deploying the OpenVas virtual machine (OVA file), follow these steps:

1.Connect to vCenter (or ESXi Hypervisor). Open vSphere Client or the web interface. Fill in the username and password credentials.

2.Right click on Virtual Machines and select Create/Register VM

3.In this window, select Deploy a virtual machine from an OVF or OVA file and click on Next

4.Choose a name for the virtual machine ("OpenVas" in this example), and click on Click to select files or drag/drop to select files for OpenVas server deployment.

5.In the new window, locate the OpenVas virtual machine, select the files and click Open > Next.

6.Choose the storage where to import the virtual machine on and click Next.

7.Select the network and VLAN and check the box for Thin in Disk provisioning, then click Next.

8.Review the previously selected parameters, click Finish and wait for the import of OpenVas virtual machine to be complete.

3. Import OpenVas machine in Hyper-V environment

A.Prior installation system requirements

In order to configure the virtual machine, the following requirements must be met first:

• Hyper-V (minimum Windows 2016);
• VM Gen 1 compatible;
• 4 CPU cores;
• minimum 16 GB RAM;
• DISK1: 100 GB;
• DISK2: minimum 10 GB.

Download the OpenVas server from here and extract the archive.

OpenVas server can be deployed by create a virtual machine and attach the 2 virtual disks.

B.Create a virtual machine and attach the OpenVas virtual disks

To create OpenVas virtual machine please follow the steps from bellow:

1.In the top left corner right click on the Hyper-V server go to: New > Virtual Machine

2.Click Next in the Before You Begin section

3.In the Specify Name and Location section, enter a name for the OpenVas server and select the folder where to store the virtual machine

4.In the Specify Generation section, select the appropriate Generation type for your environment and click Next

5.In the Assign Memory section, input the amount RAM memory for the OpenVas server and click Next

6.In the Configure Networking section, select the network switch and click Next

7.In the Connect Virtual Hard Disk section, select Attach a virtual hard disk later and click Next

8.In the Summary section, click Finish

To attach the OpenVas virtual disks please follow the steps from bellow:

1.Right click on the new created Virtual Machine and select Settings

2.In the Settings window select IDE Controller 0. In the right side select Hard Drive option and click Add

3.In the Media section, click Browse and navigate where the OpenVas server virtual Hard Disks are stored

4.Select OpenVas-CyberQuest-1.vhdx file, click Open and Apply

5.In the Settings window select IDE Controller 0. In the right side select Hard Drive option and click Add

6.In the Media section, click Browse and navigate where the OpenVas server virtual Hard Disks are stored

7.Select OpenVas-CyberQuest-2.vhdx file, click Open and Apply

8.Click OK to finish adding the OpenVas Virtual Hard Disks

Configure Web Application

Navigate to Settings > Application Settings > Integrations.

In the Integrations page, complete the following fields:

• In Integrations_OpenVasHost field, insert OpenVas IP address.

• In Integrations_OpenVasPassword field, complete with OpenVas password.

• In Integrations_OpenVasUsername field, complete with OpenVas UserName.

Agent Installation

Windows Agent

Manual deployment

How to manually deploy agent for Windows based collections

To install the CYBERQUEST agent on the Windows target machine, the following prerequisits must be met:

1. Install vcredist_x64_2010.exe
2. Install vcredist_x64_2012.exe
3. Install vc_redist_x64_2019.exe
4. Install Microsoft .NET Framework 4.8

Authentication

To access Web Interface, open a web browser and type the application's address or DNS name. The default address initially assigned to Web Interface is https://CyberquestIPAddress (example).

The browser automatically redirects you to CYBERQUEST's authentication page:

How to manage Credentials

Creating the credentials set the agent is using for collecting data.

Please follow the link for more details.

Installing the CYBERQUEST agent

To manually deploy the agent, download or copy the agent kit on the target machine.

Navigate to "Settings > Management > Agent Manager.

"Download windows agent" to download the latest version of the CYBERQUEST agent. The agent must be installed on a Windows machine.

Execute the .msi file and press the "Run anyway" button to install the agent. The agent is installed in: "C: \ Program Files \ CyberQuestAgent".

Go to "C:\Program Files\CyberQuestAgent\configurator" and run cyberquest-agent-configurator.exe as an Administrator. Add the IP address of the CYBERQUEST server in the field "Message Queue server" and press the "Save Settings" button.

Go to Windows services and restart the CYBERQUEST agent service.

Registering the agent

Registering the agent in the CYBERQUEST server:

Navigate to "Settings > Management > Agent Manager".

Press button to register the agent.

Complete the following fields: "Agent name", "Agent note", assign credentials for the agent and press "Save" button.

After deployment you have to press the button, to set the agent as manually deployed.

Adding a new data sources

The Windows agent is used to connect and collect Windows based data-sources like :

• WMI (Windows Management Instrumentation)

  • Windows Security Log

  • Windows Application Log

  • Windows System Log

  • Active Directory Information

• CQ Threat Intelligence

• ODBC Data Sources

• Oracle based DataSources

• MySQL (MariaDB) based DataSources

• API based data sources

• Text Files (freeText and CSV)

GPO deployment

Deploy CYEBERQUEST agent from GPO

To deploy CYBERQUEST Agent from GPO, please follow the steps described bellow:

1.Create a share accessible from all clients where the AgentCQ will be Deployed.

2.Copy the the following files:

3.Edit file Copy config.ps1

Copy-Item -Path \\FS_server\CQDeployShare\agent.settings.json -Destination "C:\Program Files\CyberQuestAgent"
Stop-Service -Name CyberQuestAgent
Start-Sleep -s 30
Start-Service -Name CyberQuestAgent

The path for the copyed files in step 2 is: \FS_server\CQDeployShare\

4.Edit agent.settings.json file

{
"mqPassword": "VRW7Zl7RreWg9Q==",
"eventSyncQueueSize": 5000,
"compressData": false,
"encryptData": false,
"cleanupOlderLogsDays": 7,
"throttleCollection": 1000000,
"mqHost": "0.0.0.0", //CYBERQUEST Server IP Address
"mqUserName": "cq",
"mqUseSSL": false,
"useHTTPSTransport": false,
"rejectUnauthorized": false,
"EventsThrottleQueueMaxSize": 100000,
"mqPort": 5672,
"mqSSLPort": 5671,
"tenant": "danielt-pc",
"HttpTransportUrl": "",
"CLIENT_ACCESS_TOKEN": ""
}

5.Go to Domain Controller and open Group Policy Management

6.Right click on the Organization Unit where the Policy will be applied (Ex: “Computers” OU) and select Create a GPO in this domain, and Link it here.

7.Name the new GPO CQ Deploy GPO and click OK button

8.Right click on the new created GPO and select Edit option

9.Navigate to Computer Configuration > Policies > Software Settings > Software Installation

10.Right click on Software Installation and select New > Package…

11.Browse to the share location created in step 1 and configured in step 3 (\FS_server\CQDeployShare), select the MSI file and click Open button

12.Select Assigned option and click OK button

13.Navigate to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown), right click on Startup and select Proprieties

14.Go to PowerShell Scripts tab and press on Show Files… button

15.In the new File Explorer window copy the PowerShell script file (Copy config.ps1) from the shared folder created on step 1

16.Click on Add… button, click on Browse button, select the PowerShell Script Copy config.ps1 and click Open and then OK > Apply > OK

17.Close Group Policy Management Editor, right click on the new GPO and select Enforced option

Remote installation

To install the CYBERQUEST agent on the Windows target machine, the following prerequisits must be met:

1. Install vcredist_x64_2010.exe
2. Install vcredist_x64_2012.exe
3. Install vc_redist_x64_2019.exe
4. Install Microsoft .NET Framework 4.8

To start, first configure the deploy credentials. Please follow the link for more details about creating credentials.

Deploying CYBERQUEST agent on Windows

The next step is to deploy the CYBERQUEST agent on Windows operating system, by clicking on Settings > Management > Agent Manager, and click on button.

To register a new agent, the user will first be asked the operating system on which to deploy the agent, with the option of Windows or Linux.

Once selected, the settings of the agent deployment will be filled in. Complete the following fields: ”Agent name”, “Computer“, select “Agent deployment credentials“ and press "Save" button.

Lastly, data sources can be linked to the CYBERQUEST agent.

The Windows agent is used to connect and collect Windows based data-sources like :

• WMI (Windows Management Instrumentation)

  • Windows Security Log

  • Windows Application Log

  • Windows System Log

  • Active Directory Information

• CQ Threat Intelligence

• ODBC Data Sources

• Oracle based DataSources

• MySQL (MariaDB) based DataSources

• API based data sources

• Text Files (freeText and CSV)

Managing Windows Gathering Agent

Manage CYBERQUEST Log Gathering configuration files

For more details about manually deploy Agent and assign data sources, please access the following link: How to manually deploy agent and assign data sources

Please note that in order to successfully change entries in configuration files, the agent service must be in stopped state:

a. Using an administrative account, authenticate to the Windows log gathering computer having the agent installed and open Services management console

b. Stop CYBERQUEST Log Gathering Agent service.

c. After finished performing changes, start CYBERQUEST Log Gathering Agent service.

To see how to manually deploy the agent, please follow the link: How to manually deploy the agent

DataServer

Manual Deployment of CYBERQUEST Linux Agent

A. Prerequisites

To install DataServer, download the following prerequisites:

• Debian 10 ISO (OR Debian 11)
• DataServer package

B. Installing Debian 10

To see how to install Debian 10, please follow the link: Debian 10

C. Install DataServer package

• Using ssh, connect to Debian 10 machine

• Copy the data-server package to: /home/superadmin to Debian 10 machine

• Install DataServer package using the following command:

sudo dpkg -i data-server-2.20.50-debian_buster.deb

D. Configure DataServer settings

• Using ssh, connect to Debian 10 machine

• Open localSettings.ini using the following command:

sudo nano /var/opt/cyberquest/dataserver/bin/localSettings.ini

• Add CYBERQUEST server IP to ConfigurationServerURL, Save and exit

• Start DataServer service using the following command:

systemctl start data-server.service