DeepSurface: Self Hosted - Installation Using an OVA

Documentation
Installation Guide
Overview
Let DeepSurface Host For You
Getting Started
System Requirements
Self Hosted Quick Start - Installing to Cloud Platforms
Self Hosted - Installation Using an OVA
Registration, Package Installation, and Initialization
First Steps After Initialization of the Console
Deployment Options
Main and Subordinate Consoles
Agent-Based Deployment
User Managed Scan Deployment
Credentialed Scanning Deployment
Mixed Environment
Deployment Tools
Active Directory Group Policy
Microsoft Endpoint Configuration Manager (part of InTune)
Tanium Deploy
HCL BigFix
Ivanti
Virtual Machines
VMWare
Virtual Box
VirtualBox Guest Additions
AWS EC2 (BYOL)
AWS EC2 (Usage Based)
Azure Cloud
Google Cloud
Additional Items to Consider
Main Console Server Certificates
LDAP
TOFU
Clock Sync
DeepSurface Commands
Multiple Vulnerability Sources
API Documentation
User Guide
Reporting
Dashboards
Exports
Risk Insight
Hosts
Patches
Vulnerabilities
Vulnerability Instances
Users
Remediation Workflow Manager
Plans
Settings
Integrations
Workflow
Exporting
Accepted Risk Plans
Accepted Risk Workflow
Explore
Model
Paths
Activity
Tasks
Configuration Alerts
Scan Logs
Notification Settings
Scanning
Status
Agents
User Managed
Credentialed Scanning Settings
Credentials
Scan Groups
General Settings
Cloud Scanning
Network Connectivity
Subordinates
Vulnerability Sources
Setup
Sensitive Assets: Polices
Sensitive Assets: Manual
Admin Settings
SMTP Settings
Certificates
Outbound Proxy
Authentication Providers
Users
Tags
Integrations Guide
Vulnerability Sources
CrowdStrike Spotlight
SentinelOne
Carbon Black Cloud
Microsoft Defender for Endpoint
Wazuh
Lansweeper Cloud
Nessus API
Tenable.io API
Security Center/Tenable.sc API
Rapid7 InsightVM API
Qualys API
Nozomi Guardian
Eclypsium
AWS Inspector
Remediation
Jira Software
Tanium (BETA)
Authentication Providers
LDAP (Active Directory)
SAML (Azure Active Directory)
SAML (Google)
SAML (Okta)
PAM
CyberArk
Delinea (Thycotic)
Microsoft LAPS
Security Guide
Firewall Configuration
Base Network Requirements
Agent Network Requirements
Credentialed Scanning Network Requirements
API Network Requirements
How DeepSurface Scans Work
Domain (LDAP) Scanning
Host Scanning Routine
Reasons for the Administrative Access Requirement
Endpoint Protection Considerations
Other Items
Scope of Data Storage and Retention
IPS/IDS Considerations
Logging
Resetting the DSADMIN password
Product Information
Changelogs
Open source Licenses
End User License Agreement (EULA)

Installation Using an OVA

These instructions apply to platforms where customers must configure networking and SSH access for the dsadmin user. Cloud platform users installing DeepSurface from the cloud platform marketplace should skip these steps because those platforms provide this configuration automatically.

This document assumes you have completed the import of the OVA (Open Virtual Appliance) into your virtualization platform and are ready to initialize the system. The process for importing the OVA and setting up your system is documented in the links below and should be completed first. DeepSurface currently supports the following virtualization platforms:

• VMWare Products
• VirtualBox

The purpose of the first login steps is to help customers securely configure networking and remote access to their new VM via the "local" virtual machine console.

Logging in for the first time

Once your virtual machine is up and running, use your hypervisor platform's software to access the local virtual console of the machine. At the login prompt enter the following credentials:

Username: dsadmin

Password: deepsurface

After logging in, a configuration script will automatically start. You will see a screen that resembles the following:

Enter a New Password for the DeepSurface VM Admin User (dsadmin)

Select <OK>, then follow the prompts to set a new password. Select a long complex password, as this account has full privileges to the VM host and will be accessible via SSH.

Note: This account is used only for VM system access and is separate from users created in the web console (covered later).

Configure your network settings

After setting a new password, you will be prompted to configure a network interface. You can configure interfaces either with a static IP address or using DHCP, which the following steps will guide you through. If you need to change your VM's network configuration in the future, you can return to this configuration tool by running sudo deepsurface-configure-network.

NOTE: This is a required step because the latest DeepSurface software packages, published vulnerability information, and security updates will be downloaded from DeepSurface servers in the next step.

The network configuration dialog should resemble the following screenshot:

Configure at Least One Interface with Internet Access

You can choose DHCP or a static IP address for the interface.

When finished configuring an interface, select <Finish Editing>

Restart Network Interfaces

After you're done configuring all interfaces, select <Apply> as shown in the screenshot below.

Immediately after changing the network interface settings, the tool will attempt to contact DeepSurface software update servers to verify the configuration. If everything has been configured correctly, you should see a screen that looks something like the following:

Choose SSH authentication method

By default, the DeepSurface VM's SSH service is configured to disallow password-based authentication because it is inherently weaker than using public/private key pairs. However, if you are unfamiliar with configuring SSH public keys, you will likely want to enable this mode of authentication.

You will see a screen that asks if you would like to enable password-based authentication via SSH (so you can login to the VM via SSH using the password you just set). If you would like to do this choose <YES>. If you do not enable this, then you will need to log in either via the local console (as you did at the beginning), or configure an SSH public/private key pair and install it on the dsadmin user account.

At this point it is strongly recommended that you verify you can access your new VM via SSH (either with a password or key pair). Once logged in as the dsadmin user over an SSH session, it will be easier to complete the remaining setup steps.

Continue on to install the DeepSurface software packages

Now that you have a working VM configured on the network, you can install the latest DeepSurface software packages and begin configuring your system. Please continue to the Package Installation Steps.