Atomic Inspector is based on the AWS OpenSearch service and has real-time search monitoring and analysis. This is recommended for Atomic OSSEC users that need more reporting and analysis functionality than the Atomic UI provides. Inspector comes preloaded with commonly used dashboards, but you can also create your own. Most all OpenSearch tutorials you can find online will work for Inspector
Before installation, please note that Inspector requires more resources than a system with only Atomic OSSEC installed:
- Cores: 16 Minimum,
- Memory: 32GB
- Storage: 1TB Minimum
To install inspector:
wget https://updates.atomicorp.com/installers/awp-db
chmod +x awp-db
./awp-db
You will be asked to create an admin password during the configuration stage. Do not misplace your password as you will need it to access the Inspector UI
When installation is completed, you will be presented with the address for access to the Inspector UI. This will usually be https://your_hub_address/inspector