diff --git a/administration/thunderstorm.rst b/administration/thunderstorm.rst index c2aee37..8d03bc7 100644 --- a/administration/thunderstorm.rst +++ b/administration/thunderstorm.rst @@ -1,17 +1,86 @@ .. index:: THOR Thunderstorm Thunderstorm ------------- +============ Since version 3.1 of the ASGARD Management Center, you can -install THOR Thunderstorm directly on your ASGARD system. -This allows you to scan your endpoints - which cannot run -THOR - with THOR Thunderstorm. +enable THOR Thunderstorm directly on your ASGARD system. +This allows you to scan many unsupported endpoints with THOR +Thunderstorm. Please note that you need a valid THOR Thunderstorm +license to use this feature. The license has to be issued to +the same hostname as the ASGARD Management Center, since the +license is still host-based. -You need a valid license issued to the hostname of the ASGARD -Management Center to use THOR Thunderstorm. +For usage of Thunderstorm Collectors, please refer to ``Downloads`` > +``Thunderstorm``. .. figure:: ../images/mc_thunderstorm.png - :alt: Thunderstorm Ovewrview Page + :alt: Thunderstorm Overview Page - Thunderstorm Ovewrview Page \ No newline at end of file + Thunderstorm Overview Page + +The Thunderstorm Service listens only locally (127.0.0.1). Your +ASGARD Management Center is acting as a reverse proxy for the +Thunderstorm service. To see which ports are being used, +please have a look at the :ref:`requirements/network:Thunderstorm (optional)` +section. + +This also means you will see logs similar to the one below: + +.. code-block:: none + + Sep 30 12:57:28 asgard3.local THOR: Info: MODULE: Thunderstorm MESSAGE: Web service started at http://127.0.0.1:45329/ SCANID: thunderstorm + +This is normal behavior and does not indicate a problem. + +.. hint:: + The Thunderstorm API uses the same certificate as the + ASGARD Management Center Web UI (port 8443). Please see + :ref:`administration/additional:tls certificate installation` + for more information. + +Thunderstorm License +-------------------- + +To use Thunderstorm, you need a valid Thunderstorm license. +You can upload your license in the ``Licensing`` > ``Licenses`` +section of the ASGARD Management Center (``Upload License`` button). + + +.. figure:: ../images/mc_thunderstorm-license.png + :alt: Thunderstorm License + + Thunderstorm License + +.. hint:: + When you install a license for the first time, Thunderstorm + will start automatically. If you upload a new license, you + have to restart Thunderstorm manually. + +Thunderstorm Logs +----------------- + +The Thunderstorm service is meant to forward any findings to +the ASGARD Analysis Cockpit. If you want to inspect the findings +directly on the ASGARD Management Center, you can do so by +navigating to ``System Status`` > ``Logs`` > ``Thunderstorm``. + +.. figure:: ../images/mc_thunderstorm-logs.png + :alt: Thunderstorm Logs + + Thunderstorm Logs + +Thunderstorm configuration +-------------------------- + +You can change certain settings for Thunderstorm in the +the Thunderstorm overview page. Click the cog icon in the +top right corner to open the settings page. + +.. figure:: ../images/mc_thunderstorm-configuration.png + :alt: Thunderstorm Configuration + + Thunderstorm Configuration + +You can also stop and start the Thunderstorm service from +settings modal. \ No newline at end of file diff --git a/images/mc_thunderstorm-configuration.png b/images/mc_thunderstorm-configuration.png new file mode 100644 index 0000000..8f5b590 Binary files /dev/null and b/images/mc_thunderstorm-configuration.png differ diff --git a/images/mc_thunderstorm-license.png b/images/mc_thunderstorm-license.png new file mode 100644 index 0000000..23d949a Binary files /dev/null and b/images/mc_thunderstorm-license.png differ diff --git a/images/mc_thunderstorm-logs.png b/images/mc_thunderstorm-logs.png new file mode 100644 index 0000000..8ae0aee Binary files /dev/null and b/images/mc_thunderstorm-logs.png differ diff --git a/requirements/network.rst b/requirements/network.rst index 3bd9042..865a5d2 100644 --- a/requirements/network.rst +++ b/requirements/network.rst @@ -123,6 +123,27 @@ From Management Workstation to Master ASGARD * - Command line administration - 22/tcp +Thunderstorm (optional) +^^^^^^^^^^^^^^^^^^^^^^^ + +The following ports are being used by Thunderstorm. +This is optional and only needed if you plan on using +Thunderstorm in your ASGARD. + +.. list-table:: + :header-rows: 1 + :widths: 50,50 + + * - Description + - Port + * - HTTPs + - 9443/tcp + * - HTTP + - 8080/tcp + +Please see chapter :ref:`administration/thunderstorm:Thunderstorm` +for more information. + Time Synchronization ^^^^^^^^^^^^^^^^^^^^