Skip to content

Installation

Minimum system requirements

Server minimum system requirements

CYBERQUEST is a virtual appliance but can be installed as a physical appliance as well.

In order to install CYBERQUEST 2.20 physical or virtual machines must be provided. CYBERQUEST 2.20 resides on a Linux Debian 10 instance.

  • For all CYBERQUEST residing virtual machines resources must be reserved (CPU cores and RAM).

  • For CYBERQUEST best performance 6th gen Intel CPU’s or equivalent must be provided.

Minimum recommended resources, as per the standard versions (no add-ons installed and for CYBERQUEST 2.20 Ultimate – 8 CPU cores license) are:

Version of CYBERQUEST 2.20 Minimum RAM recommended Minimum Storage Recommended - GB (for data only)
Logger 8* 100**
Light 8* 200**
Advanced 16* 500**
Enterprise 32* 1000**
Ultimate 32* 1000**

*This is the minimum recommended RAM to be granted to virtual machines hosting CYBERQUEST instances. As the solutions may scale, higher RAM capacity must be allocated. For such situations, a certified CYBERQUEST technician must be consulted.

**This is the minimum recommended storage capacity – for data only. The retention period (data availability for hot searches and archive) is directly proportional with the storage capacity. For situations where online and offline data must cover longer periods, a certified CYBERQUEST technician must be consulted in order to provide requirements for storage capacity.

User(client) web application minimum system requirements:

  • Web Browsers: Firefox (86+), Chrome (83+)

  • Resolution: Full HD Display (1980x1080)

Windows collector (agent)

  • .Net Framework 4.8

  • Windows Server operating System (2012+) x64 operating system

  • Visual C++ redistributable 2019+

Supported virtual enviroments

VMware is a virtualization computing software. With VMware server virtualization, a hypervisor is installed on the physical server to allow for multiple virtual machines (VMs) to run on the same physical server. Each VM can run its own operating system (OS), which means multiple operating systems can run on one physical server. All the VMs on the same physical server share resources, such as networking and RAM.

Hyper-V is Microsoft's hardware virtualization product, each virtual machine runs on virtual hardware. Hyper-V runs each virtual machine in its own isolated space, which means you can run more than one virtual machine on the same hardware at the same time. Hyper-V allows you to create virtual hard drives, virtual switches and a host of other virtual devices, all of which can be added to virtual machines.

AIO

Installation for VMware

Prior installation system requirements

In order to configure the virtual machine, the following requirements must be met first:

  • ESXi 6.0 or later (VM version 11);
  • 4 CPU cores;
  • minimum 32 GB RAM (64 GB recommended);
  • DISK1: 100 GB;
  • DISK2: minimum 10 GB (1 TB recommended, but not exceeding 3,5 TB).

Download the CYBERQUEST server from here. Click on Download Free Edition button, select vmware option, complete the download form and press Download button.

Installing CYBERQUEST

A. OVA Deployment

For deploying the CYBERQUEST virtual machine (OVA file), follow these steps:

1.Connect to vCenter (or ESXi Hypervisor). Open vSphere Client or the web interface. Fill in the username and password credentials.

Alt Image

2.Right click on Virtual Machines and select Create/Register VM

Alt Image

3.In this window, select Deploy a virtual machine from an OVF or OVA file and click on Next

Alt Image

4.Choose a name for the virtual machine ("CyberQuest" in this example), and click on Click to select files or drag/drop to select files for CYBERQUEST server deployment.

Alt Image

5.In the new window, locate the CYBERQUEST virtual machine, select the files and click Open > Next.

Alt Image

Alt Image

6.Choose the storage where to import the virtual machine on and click Next.

Alt Image

7.Select the network and VLAN and check the box for Thin in Disk provisioning, then click Next.

Alt Image

8.Review the previously selected parameters, click Finish and wait for the import of CYBERQUEST virtual machine to be complete.

Alt Image

Alt Image

B. CYBERQUEST virtual machine configuration

1.Power on the CYBERQUEST virtual machine from the vSphere client (or from the web interface) by clicking on the Power on button in the top menu.

Alt Image

2.To open the console, press right click on the virtual machine, press click on Console > Launch remote console. You can also use the Console menu button.

Alt Image

3.Connect using the username “root” and password “toor1”.

Alt Image

4.Open the main configuration menu.

Alt Image

5.Use the keyboard's arrows, TAB, ESC and Enter keys for navigating the main menu. First, navigate to Setup and press Enter.

Alt Image

6.On Set TimeZone button, press Enter again to choose the correct timezone. Select the Geographic area and press Enter. Then, select the city/region and press Enter.

Alt Image

Alt Image

7.Configure the network by going to Setup, then press Enter. Select Network and press Enter.

Alt Image

8.Select eth0 and press Enter. Select STATIC and press Enter. Modify the designated fields and press Submit.

Alt Image Alt Image Alt Image

9.Configure "Hosts" by selecting Setup, then press Enter. Select Hosts and press Enter.

Alt Image Alt Image

10.Change the IP address with the CYBERQUEST IP address and press Enter. At the prompt press "y" and Enter to confirm the change.

Alt Image Alt Image

11.In order to increase the storage partition /data, follow these steps:

  • Open the vSphere Client, locate the CYBERQUEST virtual machine on the left side tree, right click on CYBERQUEST virtual machine, select Power and click on Power Off.

    Alt Image

  • After the CYBERQUEST VM is powered off, click on it, select Snapshot and click on Snapshot Manager

    Alt Image

  • In the new window, check if CYBERQUEST VM has no previous snapshot. If it has previous snapshots, delete them by selecting Snapshot then click on Delete.

Alt Image

  • Right click on CYBERQUEST VM and select Edit Settings

  • In the left side list select Hard disk 2 and in the right side increase the disk with a new size alocated for CYBERQUEST, then click on Save.

    Alt Image

  • Power on the CYBERQUEST VM and open the console.

    Alt Image

    Alt Image

  • Connect with the username "root" and password "toor1", then open Main Menu configuration.

    Alt Image

  • Access GrowPartition, press Enter and wait for the process to finish. After the process is finished, select Reboot and press Enter for finalizing the storage partition resizing.

    Alt Image Alt Image

Installation for Hyper-V

Prior installation system requirements

In order to configure the virtual machine, the following requirements must be met first:

  • HyperV (minimum Windows 2016);
  • VM Gen 1 compatible;
  • 4 CPU cores;
  • minimum 32 GB RAM (64 GB recommended);
  • DISK1: 100 GB;
  • DISK2: minimum 10 GB (1 TB recommended, but not exceeding 3,5 TB).

Deployment Guide for Hyper-V

To deploy the CYBERQUEST server in a Hyper-V environment do the following steps:

Step 1: Download the CYBERQUEST server from here. Click on Download Free Edition button, select Hyper-V option, complete the download form and press Download button.

Step 2: Extract the content of the archive

Step 3: Open Hyper-V Manager from Start > Windows Administrative Tools

CYBERQUEST server can be deployed by importing it or create a virtual machine and attach the 2 virtual disks.

A.Importing CYBERQUEST server

To import CYBERQUESR server please follow the steps from bellow:

1.In the top left corner right click on the Hyper-V server and select Import Virtual Machine.

Alt Image

2.Click on Next in the Before You Begin section.

Alt Image

3.In the Locate Folder section click on Browse and select the folder extracted from the archive downloaded in Step 1.

Alt Image

4.In the Select Virtual Machine section, select the CYBERQUEST virual machine and click Next.

Alt Image

5.In the Choose Import Type select Copy the virtual machine (create a new unique ID) option and click Next.

Alt Image

6.In the Chose Destination section, select the appropriate paths for the virtual machine where to store the Configuration Folder, Checkpoint store and Smart Paging folder or leave the default folder paths.

Alt Image

7.In the Choose Storage Folders sections, select the folder where to store the virtual disks of CYBERQUEST server.

Alt Image

8.In the Summary section verify the settings done in above steps and click Finish.

B.Create a virtual machine and attach the CYBERQUEST virtual disks

To create a virtual machine and attach the CYBERQUEST virtual disks please follow the steps from bellow:

1.In the top left corner right click on the Hyper-V server go to: New > Virtual Machine

Alt Image

2.Click Next in the Before You Begin section

Alt Image

3.In the Specify Name and Location section, enter a name for the CYBERQUEST server and select the folder where to store the virtual machine

Alt Image

4.In the Specify Generation section, select the appropriate Generation type for your environment and click Next

Alt Image

5.In the Assign Memory section, input the amount RAM memory for the CYBERQUEST server and click Next

Alt Image

6.In the Configure Networking section, select the network switch and click Next

Alt Image

7.In the Connect Virtual Hard Disk section, select Attach a virtual hard disk later and click Next

Alt Image

8.In the Summary section, click Finish

Alt Image

9.Right click on the new created Virtual Machine and select Settings

Alt Image

10.In the Settings window select IDE Controller 0 or SCSI Controller. In the right side select Hard Drive option and click Add

Alt Image

11.In the Media section, click Browse and navigate where the CYBERQUEST server virtual Hard Disks are stored, select disk-0.vhdx file, click Open and Apply

Alt Image

12.Repeat the actions for the second Virtual Hard Disk disk-1.vhdx

Alt Image

13.Click Apply and OK to finish adding the CYBERQUEST Virtual Hard Disks

Installation Bare metal

A. Prerequisites

To install CYBERQUEST, download the following prerequisites:

B. Installing Debian 10

  • Create a bootable disk with Debian 10 ISO image

  • Boot the system using ISO image with Debian 10

  • Select the Install option from the boot menu of the installation disk

Alt text

  • Select English language and press Enter Alt text

  • Select Other -> Europe -> Romania from the Continent or Region menu and press Enter

Alt text Alt text Alt text

  • Select United States from the Country to base default local settings on menu and press Enter

Alt text

  • Select American English from the Keymap to use menu and press Enter

Alt text

  • Set the name of the machine then navigate to Continue and press Enter

Alt text

  • Set the domain of the machine then navigate to Continue and press Enter

Alt text

  • Set the password of the root user of the machine then navigate to Continue and press Enter

Alt text

  • Re-enter the password then navigate to Continue and press Enter

Alt text

  • Set username (superadmin) then navigate to Continue and press Enter

Alt text

  • Set username of a user (superadmin) then navigate to Continue and press Enter

Alt text

  • Set the superadmin user password then navigate to Continue and press Enter

Alt text

  • Re-enter the password then navigate to Continue and press Enter

Alt text

  • Select Manual from the Partitioning method menu then press Enter

Alt text

  • Select space available for partition 1 (sda) previously configured when creating and press Enter

Alt text

  • Select Create a new partition and press Enter

Alt text

  • Select the partition size as required and press Enter

Alt text

  • Select Primary from the Type for the new partition menu and press Enter

Alt text

  • Select Beginning from the Location for new partition menu and press Enter

Alt text

  • Select Done setting up the partition from Partition settings menu and press Enter

Alt text

  • Select available space for partition 1 (sda) previously configured when creating and press Enter

Alt text

  • Select Create a new partition and press Enter

Alt text

  • Select the partition size as required and press Enter

Alt text

  • Select Primary from the Type for the new partition menu and press Enter

Alt text

  • Select Beginning from the Location for new partition menu and press Enter

Alt text

  • Select Mount point from the Partition settings menu and press Enter

Alt text

  • Select Enter Manually from the Mount point for this partition menu and press Enter

Alt text

  • Add /var/log in the Mount point for this partition menu, navigate to Continue and press Enter

Alt text

  • Select Done setting up the partition from the Partition settings menu and press Enter

Alt text

  • Select the available space for partition 2 (sdb) previously configured at creation and press Enter

Alt text

  • Select Create a new partition and press Enter

Alt text

  • Select the partition size as required and press Enter

Alt text

  • Select Primary from Type for the new partition menu and press Enter

Alt text

  • Select Beginning from the Location for the new partition menu and press Enter

Alt text

  • Select Mount point from the Partition settings menu and press Enter

Alt text

  • Select Enter Manually from the Mount point for this partition menu and press Enter

Alt text

  • Add /data to the Mount point for this partition menu, navigate to Continue and press Enter

Alt text

  • Select Done setting up the partition from the Partition settings menu and press Enter

Alt text

  • Select Finish partitioning and write changes to disk and press Enter

Alt text

  • Select NO to the swap space question and press Enter

Alt text

  • Select YES to write changes to disk and press Enter

Alt text

  • Select NO to do not scan another CD/DVD and press Enter

Alt text

  • Select NO to do not use mirror during installation and press Enter

Alt text

  • Select NO to do not send statistics and press Enter

Alt text

  • Check the SSH server and standard system utilities options (navigate and press Space) then navigate to Continue and press Enter

Alt text

  • Select YES for installing GRUB and press Enter

Alt text

  • Select /dev/sda as the installation device and press Enter

Alt text

  • Select Continue to complete installation and restart the machine

Alt text

C. Install CYBERQUEST

  • Using ssh, connect to Debian 10 machine

  • Copy the installing script file EZinstallOnlineCloudRepo.sh to Debian 10 machine

  • Run the script using the following command:

sudo bash EZinstallOnlineCloudRepo.sh 'buster-prerelease'

To access Web Interface, open a web browser and type the application's address or DNS name. The default address initially assigned to Web Interface is: https://CyberquestIPAddress (example).

CYBERQUEST Vulnerability scanner

A. Prerequisites

To install OpenVas, download the following prerequisites:

  • Debian 10 ISO (OR any Linux version that supports Docker)
  • EZOpenvasServer script

B. Installing Debian 10

To see how to install Debian 10, please follow the link: Debian 10

C. Install OpenVas

  • Using ssh, connect to Debian 10 machine

  • Copy the installing script file EZOpenvasServer.sh to Debian 10 machine

  • Run the script using the following command:

sudo bash EZOpenvasServer.sh

D. Configure Web Application

Navigate to Settings > Application Settings > Integrations.

Integrations

In the Integrations page, complete the following fields:

  • In Integrations_OpenVasHost field, insert OpenVas IP address.

  • In Integrations_OpenVasPassword field, complete with OpenVas password.

  • In Integrations_OpenVasUsername field, complete with OpenVas UserName.

Agent Installation

Windows Agent

Manual deployment

How to manually deploy agent for Windows based collections

To install the CYBERQUEST agent on the Windows target machine, the following prerequisits must be met:

  1. Install vcredist_x64_2010.exe
  2. Install vcredist_x64_2012.exe
  3. Install vc_redist_x64_2019.exe
  4. Install Microsoft .NET Framework 4.8

Authentication

To access Web Interface, open a web browser and type the application's address or DNS name. The default address initially assigned to Web Interface is https://CyberquestIPAddress (example).

The browser automatically redirects you to CYBERQUEST's authentication page:

Alt Image

How to manage Credentials

Creating the credentials set the agent is using for collecting data.

Please follow the link for more details.

Installing the CYBERQUEST agent

To manually deploy the agent, download or copy the agent kit on the target machine.

Navigate to "Settings > Management > Agent Manager.

Alt Image

"Download windows agent" to download the latest version of the CYBERQUEST agent. The agent must be installed on a Windows machine.

Alt Image

Execute the .msi file and press the "Run anyway" button to install the agent. The agent is installed in: "C: \ Program Files \ CyberQuestAgent".

Alt Image

Go to "C:\Program Files\CyberQuestAgent\configurator" and run cyberquest-agent-configurator.exe as an Administrator. Add the IP address of the CYBERQUEST server in the field "Message Queue server" and press the "Save Settings" button.

Alt Image

Go to Windows services and restart the CYBERQUEST agent service.

Registering the agent

Registering the agent in the CYBERQUEST server:

Navigate to "Settings > Management > Agent Manager".

Press Alt Image button to register the agent.

Alt Image

Complete the following fields: "Agent name", "Agent note", assign credentials for the agent and press "Save" button.

Alt Image

Alt Image

After deployment you have to press the Alt Image button, to set the agent as manually deployed.

Adding a new data sources

The Windows agent is used to connect and collect Windows based data-sources like :

GPO deployment

Deploy CYEBERQUEST agent from GPO

To deploy CYBERQUEST Agent from GPO, please follow the steps described bellow:

1.Create a share accessible from all clients where the AgentCQ will be Deployed.

2.Copy the the following files: Alt ImageAlt ImageAlt Image

3.Edit file Copy config.ps1

Copy-Item -Path \\FS_server\CQDeployShare\agent.settings.json -Destination "C:\Program Files\CyberQuestAgent"
Stop-Service -Name CyberQuestAgent
Start-Sleep -s 30
Start-Service -Name CyberQuestAgent

The path for the copyed files in step 2 is: \FS_server\CQDeployShare\

4.Edit agent.settings.json file

{
"mqPassword": "VRW7Zl7RreWg9Q==",
"eventSyncQueueSize": 5000,
"compressData": false,
"encryptData": false,
"cleanupOlderLogsDays": 7,
"throttleCollection": 1000000,
"mqHost": "0.0.0.0", //CYBERQUEST Server IP Address
"mqUserName": "cq",
"mqUseSSL": false,
"useHTTPSTransport": false,
"rejectUnauthorized": false,
"EventsThrottleQueueMaxSize": 100000,
"mqPort": 5672,
"mqSSLPort": 5671,
"tenant": "danielt-pc",
"HttpTransportUrl": "",
"CLIENT_ACCESS_TOKEN": ""
}

5.Go to Domain Controller and open Group Policy Management

6.Right click on the Organization Unit where the Policy will be applied (Ex: “Computers” OU) and select Create a GPO in this domain, and Link it here.

7.Name the new GPO CQ Deploy GPO and click OK button

Alt Image

8.Right click on the new created GPO and select Edit option

9.Navigate to Computer Configuration > Policies > Software Settings > Software Installation

10.Right click on Software Installation and select New > Package…

11.Browse to the share location created in step 1 and configured in step 3 (\FS_server\CQDeployShare), select the MSI file and click Open button

12.Select Assigned option and click OK button

Alt Image

13.Navigate to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown), right click on Startup and select Proprieties

14.Go to PowerShell Scripts tab and press on Show Files… button

15.In the new File Explorer window copy the PowerShell script file (Copy config.ps1) from the shared folder created on step 1

Alt Image

16.Click on Add… button, click on Browse button, select the PowerShell Script Copy config.ps1 and click Open and then OK > Apply > OK

Alt Image

17.Close Group Policy Management Editor, right click on the new GPO and select Enforced option

Alt Image

Remote installation

To install the CYBERQUEST agent on the Windows target machine, the following prerequisits must be met:

  1. Install vcredist_x64_2010.exe
  2. Install vcredist_x64_2012.exe
  3. Install vc_redist_x64_2019.exe
  4. Install Microsoft .NET Framework 4.8

To start, first configure the deploy credentials. Please follow the link for more details about creating credentials.

Deploying CYBERQUEST agent on Windows

The next step is to deploy the CYBERQUEST agent on Windows operating system, by clicking on Settings > Management > Agent Manager, and click on Alt Image button.

To register a new agent, the user will first be asked the operating system on which to deploy the agent, with the option of Windows or Linux.

Alt Image

Once selected, the settings of the agent deployment will be filled in. Complete the following fields: ”Agent name”, “Computer“, select “Agent deployment credentials“ and press "Save" button.

Alt Image Alt Image

Lastly, data sources can be linked to the CYBERQUEST agent.

The Windows agent is used to connect and collect Windows based data-sources like :

Managing Windows Gathering Agent

Manage CYBERQUEST Log Gathering configuration files

For more details about manually deploy Agent and assign data sources, please access the following link: How to manually deploy agent and assign data sources

Please note that in order to successfully change entries in configuration files, the agent service must be in stopped state:

a. Using an administrative account, authenticate to the Windows log gathering computer having the agent installed and open Services management console

b. Stop CYBERQUEST Log Gathering Agent service.

c. After finished performing changes, start CYBERQUEST Log Gathering Agent service.

To see how to manually deploy the agent, please follow the link: How to manually deploy the agent

DataServer

Manual Deployment of CYBERQUEST Linux Agent

A. Prerequisites

To install DataServer, download the following prerequisites:

B. Installing Debian 10

To see how to install Debian 10, please follow the link: Debian 10

C. Install DataServer package

  • Using ssh, connect to Debian 10 machine

  • Copy the data-server package to: /home/superadmin to Debian 10 machine

  • Install DataServer package using the following command:

sudo dpkg -i data-server-2.20.X-debian_buster.deb

D. Configure DataServer settings

  • Using ssh, connect to Debian 10 machine

  • Open localSettings.ini using the following command:

sudo nano /var/opt/cyberquest/dataserver/bin/localSettings.ini
  • Add CYBERQUEST server IP to ConfigurationServerURL, Save and exit

  • Start DataServer service using the following command:

systemctl start data-server.service

E. Add CYBERQUEST Agent

  • Open CYBERQUEST web application

  • Navigate to Settings > Management > Agent Manager

  • Add Linux Agent