Setting up a MaaS360 threat connector
The MaaS360 threat connector uploads events that are received from the Zscaler NSS service to a threat relay. The threat relay processes the events before the event is sent to the MaaS360 Portal.
Prerequisites
Prerequisite | Description |
---|---|
CPU | 4 core CPUs |
Docker | Install Docker on a Linux virtual
machine. If you are using a Windows or macOS machine, you must have a Docker desktop license to
run the software. Any machine installed with the Docker runtime engine.
Follow these steps to set up Docker on multiple platforms:
|
Storage | 50 GB of space to save threat information on the disk. This storage must be created as a volume and passed as a parameter to execute the container. |
Network | Allow the following hosts for threat connector integration:
|
Downloading the Docker image for the MaaS360 threat connector
- From the IBM® MaaS360® Portal Home page, select .
- Save the image on the machine or virtual machine where the connector is running.
- Download the identity certificate that runs the connector from either the Add connector workflow or by clicking an action and using the Download certificate workflow.
- Copy the downloaded certificates to a folder on the machine. (In the following steps, the folder is named Connector folder where the Docker image is expected to run from.)
- Copy the password from the download certificate page for later use.
Installing the Docker image for the MaaS360 threat connector
- Open a terminal and change to the directory where the image and certificates folder are located.
- Use the following command to load the MaaS360 threat connector image:
$ docker load < maas360-threat-connector.tar.gz
- Use the following command to verify that the image loaded successfully (the command lists the
image; make sure that
maas360-threat-connector
is part of the listed image):$ docker images
- Use the following command to start running the image:
$ docker run -d --name connector -p 9000:9000 \-v $(path_to_connector_folder):/home/config
\-e CERT_PASSWORD=$(cert_password_from_maas360_portal) \maas360-threat-connector:1.0.0
- Record the IP address and the hostname of the host that the
maas360-threat-connector
is running on.