Setting up a MaaS360 threat connector

The MaaS360 threat connector uploads events that are received from the Zscaler NSS service to a threat relay. The threat relay processes the events before the event is sent to the MaaS360 Portal.

Prerequisites

Prerequisite Description
CPU 4 core CPUs
Docker Install Docker on a Linux virtual machine. If you are using a Windows or macOS machine, you must have a Docker desktop license to run the software.
Any machine installed with the Docker runtime engine. Follow these steps to set up Docker on multiple platforms:
Storage 50 GB of space to save threat information on the disk. This storage must be created as a volume and passed as a parameter to execute the container.
Network Allow the following hosts for threat connector integration:
  • Allow traffic for *.maas360.com. The MaaS360 threat connector uses port 443 for any outbound communication with MaaS360 services.
  • The MaaS360 threat connector listens on port 9000 for all threat feeds. Make sure that the Zscaler NSS virtual machine can access the machine that the threat connector is installed on and can access port 9000.

Downloading the Docker image for the MaaS360 threat connector

  1. From the MaaS360® Portal Home page, select Setup > Threat Connectors.
  2. Save the image on the machine or virtual machine where the connector is running.
  3. Download the identity certificate that runs the connector from either the Add connector workflow or by clicking an action and using the Download certificate workflow.
  4. Copy the downloaded certificates to a folder on the machine. (In the following steps, the folder is named Connector folder where the Docker image is expected to run from.)
  5. Copy the password from the download certificate page for later use.

Installing the Docker image for the MaaS360 threat connector

  1. Open a terminal and change to the directory where the image and certificates folder are located.
  2. Use the following command to load the MaaS360 threat connector image:
    $ docker load < maas360-threat-connector.tar.gz
  3. Use the following command to verify that the image loaded successfully (the command lists the image; make sure that maas360-threat-connector is part of the listed image):
    $ docker images
  4. Use the following command to start running the image:
    $ docker run -d --name connector -p 9000:9000 \-v $(path_to_connector_folder):/home/config 
    \-e CERT_PASSWORD=$(cert_password_from_maas360_portal) \maas360-threat-connector:1.0.0
  5. Record the IP address and the hostname of the host that the maas360-threat-connector is running on.