wave Dots Ellipse

Documentation

Below please find the operating system requirements, quick install scripts and deployment instructions.

Cassandra Requirements:

  • Docker Desktop | MAC OSX 10.8+ | Redhat OS, RockyOS, CentOS | Ubuntu 18.04 LTS or later recommended (Intel / AMD64)
  • HTTPS access to each device from this machine

IP and URL Rep - Quick install script

Copy and paste the following command into the terminal of your machine. This will download the install script which sets up all required files and libraries to use Cassandra. From there you will need to work with an Account Manager or Sales Engineer to acquire user credentials.

curl -k -o "install_cassandra_docker.sh" "https://feedlists.magnetoai.com/install_cassandra_docker.txt" && chmod u+x install_cassandra_docker.sh && sudo ./install_cassandra_docker.sh

SSL Inspection (URL-Reputation) - Quick install script

Copy and paste the following command into the terminal of your machine. This will download the install script which sets up all required files and libraries to use Cassandra.From there you will need to work with an Account Manager or Sales Engineer to acquire user credentials. This script will create a scheduled update that will run the container at a random time between 4:00am - 4:30am every morning (local time), which will push out the URL updates for each managed device. If your use-case is to have more frequent updates, you can modify the entry in crontab.

curl -k -o "install_cassandra_sslo_docker.sh" "https://feedlists.magnetoai.com/install_cassandra_sslo_docker.txt" && chmod u+x install_cassandra_sslo_docker.sh && sudo ./install_cassandra_sslo_docker.sh

URL-Reputation (SSL Inspection) (Cloud Manager ) - Quick install script

This is where the latest version of the url_rep deployment container is stored. We add features requests we receive from customers periodically to this repo, based on: security patches/updates, bug fixes, customer feature requests, deployment requirements.
Latest Features

  1. Multi-Threaded Processing, for the following: Downloading, Compiling, Deployments
  2. Cloud Managed - Categories with Secure name handling (Hashed Category Names - SHA 256)
  3. Cloud Managed - Device List Deployment
  4. Multi-platform container support (AMD64 & ARM64)
  5. Encrypted Username and Password for Device (AES-256-GCM) & Transmission (TLS 1.3)
  6. System performance stats collection
  7. Device Unavailable / Down Reporting
  8. CRON (Schedule Task) Cloud Manager
  9. Host OS log storage

We also have private repo's for custom development requests. Just contact us below so we can scope out the new feature development(s).

Issue the following commands to preserve your production settings in the new environment

  1. cp -r (production_path)/. (new_dir)/
  2. cd (new_dir)
  3. sudo curl -k -o "install_cassandra_sslo_docker_cm.sh" "https://feedlists.magnetoai.com/install_cassandra_sslo_docker_cm.txt" && chmod u+x install_cassandra_sslo_docker_cm.sh && sudo ./install_cassandra_sslo_docker_cm.sh

URL-Reputation (SSL Inspection) (Cloud Manager ) - with Data-Groups - Quick install script

Copy and paste the following command into the terminal of your machine. This will download the install script which sets up all required files and libraries to use Cassandra. From there you will need to work with an Account Manager or Sales Engineer to acquire user credentials.

curl -k -o "install_cassandra_sslo_docker_cm_dg.sh" "https://feedlists.magnetoai.com/install_cassandra_sslo_docker_cm_dg.txt" && chmod u+x install_cassandra_sslo_docker_cm_dg.sh && sudo ./install_cassandra_sslo_docker_cm_dg.sh



The following `iRule` will access the data-groups 'blocked_ips_general' and 'blocked_ips_sensitive' deployed by the container. 

                        
                        when CLIENT_ACCEPTED {
                            set client_ip [IP::client_addr]
                            # Check if client IP is in either blocked data group
                            if {
                                [class match $client_ip equals blocked_ips_general] ||
                                [class match $client_ip equals blocked_ips_sensitive]
                            } then {
                                log local0. "Blocked IP: $client_ip matched a block list"
                                reject
                                return
                            }


                            # Allow only known good IPs (optional: whitelist logic)
                            if { ![class match $client_ip equals allowed_ips] } {
                                log local0. "Connection denied: $client_ip not in allowed_ips"
                                reject
                                return
                            }


                            # Optional: log allowed connection
                            log local0. "Connection allowed: $client_ip"
                        }

SSL Inspection (URL-Reputation) (BETA) - Quick install script

This is where the latest version of the url_rep deployment container is stored. We add features requests we receive from customers periodically to this repo, based on: security patches/updates, bug fixes, customer feature requests, deployment requirements.
Latest Features

  • True Multi-Threaded Deployment of data, which uses every core the host machine has access to.
  • Multi-Threaded File downloads
  • Multi-Threaded file compilations

We also have private repo's for custom development requests. Just contact us below so we can scope out the new feature development(s).

DO NOT RUN THIS IN PRODUCTION! This may break your deployment.

Issue the following commands to preserve your production settings in the new beta environment

  1. cp -r (production_path)/ (new_dir)/
  2. cd (new_dir)
  3. curl -k -o "install_cassandra_sslo_docker_beta.sh" "https://feedlists.magnetoai.com/install_cassandra_sslo_docker_beta.txt" && chmod u+x install_cassandra_sslo_docker_beta.sh && sudo ./install_cassandra_sslo_docker_beta.sh

Deploying Cassandra

Upon completion of the install process, everything should be placed inside a "cassandra" directory, along with a file by the name of "provision_list.txt". You will need to modify this CSV formatted file to list all the devices you would want to deploy Cassandra on. The following is an example config:

  • 10.100.1.20,admin,password
  • 10.200.35.2
  • 10.200.35.3
  • 10.200.35.4
  • 10.200.35.5
  • 10.210.19.100,admin,secret
  • 10.210.19.101
  • 10.210.19.102

In the previous example, the CSV formatted file follows this format: Machine IP, Username, Password. In cases where a line only has the Machines IP, the username and password credentials from the last line which had them defined, will be used.

Modify SSLO Categories

After the Container has been fully configured, (auth credentials, etc…) the Container will automatically update the remote device upon starting. If you need to modify a category, please modify the config.txt file with the category id, or delete the file entirely and re-run the container. The container will re-query the original questions asked during the initial set up process and display an updated list of possible categories. Additional categories may be added in the future.

Allowed Applications IP's and URL's (Whitelists)

Due to a number of networking reasons, there are various apps that don't get along nicely with SSL decrypt, inspection then re-encrypt. Due to this, we provide 2 allow lists during the provision process. While we provide these lists, you are in no way required to allow them to be used to bypass content. The following lists are: "Allowed_Application_IPs" and "Allowed_Application_URLs". "Allowed_Application_URLs" will only be applied to users using the URL Rep or SSL Decryption modules.

Current Applications in list

  • Microsoft Office 365
  • Zoom Video Conference
  • Cisco Webex
Microsoft Office 365 Zoom Video Conference Cisco Webex
secret MagnetoAI.com