Skip to content

There are 3 main tasks required to setup a hybrid collector. First a new collector Identity must be created, then the collector agent must be installed and configured, finally configure an App using that identity.

Network Connection Matrix

Source Destination Port Description
Collector Internal Resource Technology Specific (e.g. Splunk API port) This allows for the app connectivity to the technology
Collector interpres.io 443 General platform connection for service details
Collector auth.interpres.io 443 Allows for Authn Authz of the collector
Collector collector.interpres.io 443 Collector Gateway for receiving dispatched jobs
Collector streaming-pipeline.interpres.io 443 Path for data collected

Create a Collector Identity

  • Log into your Interpres tenant.
  • Navigate to Defense Surface > Integrations
  • Click on the Collectors Tab
  • Click Add Collector
  • Provide A Name and click Save
  • Find the newly created collector identity and click the 3 dots on the right side of it
  • Click View and Copy the Details Presented
  • Specifically you will need Tenant ID, Entity ID, and Secret

Download, Install, and Configure

Identify binary for download

  • curl https://static.interpres.io/collector/manifest.json

Example Response

{
  "rpm": "collector/interpres-remote-collector-0.2.8-1.noarch.rpm",
  "deb": "collector/interpres-remote-collector_0.2.8_all.deb",
  "image": "collector/interpres-remote-collector-0.2.8.tgz"
}

Docker Tar Gzip (approx 400mb)

  • Download Binary

curl https://static.interpres.io/collector/interpres-remote-collector-0.2.8.tgz --output collector.tgz

  • Extract TGZ

tar -xzvf collector.tgz

  • Navigate to he directory where the files extracted to

cd interpres-remote-collector-<version>

  • Modify the env-vars file to have the values

Example Dev Values

AUTH_SERVER=https://auth.interpres.io
WORKER_GATEWAY=wss://collector.interpres.io
PIPELINE_BASE_URL=https://streaming-pipeline.interpres.io
INTERPRES_BASE_URL=https://interpres.io
TENANT_ID={Tenant ID from step Create A Collector Identity}
CLIENT_ID={Client ID from step Create A Collector Identity}
  • Run the install script

./install_collector.sh

  • Enable the Service

systemctl enable interpres-remote-collector

  • Start the Service

systemctl start interpres-remote-collector

  • Check the Status

systemctl status interpres-remote-collector

  • Check Logs

docker ps

Example Output

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5159899886c5   interpres-remote-collector:0.1.3-alpha.1   "container-entrypoin…"   3 minutes ago   Up 3 minutes (health: starting)   8080/tcp   interpres-remote-collector.service

docker logs 5159899886c5 --tail 100

2023-10-25T03:41:13.389222Z  INFO interpres_remote_collector::worker: fetching credentials
2023-10-25T03:41:13.494738Z  INFO interpres_remote_collector::worker: connecting to $wss://collector.dev.interpres.io
2023-10-25T03:41:13.517569Z  INFO interpres_remote_collector::worker: successfully connected to $wss://collector.dev.interpres.io

Integration Configuration

When configuring an integration that needs to use the Collector, select the deployment type as "On-Prem". Then select the Collector you want to use.