Salt Security Deployment Options

The Salt Security solution consists of 2 components:

  1. The Salt Security SaaS service used to process API traffic for Discovery, Prevention and Remediation.
  2. An agent or other mechanism to direct a mirror of API traffic to the Salt Security Service for analysis.

The following videos and instructions provide details on the various options to direct API traffic to the Salt Security Service for analysis.

RPM Deployment

The Salt Agent deployment is used to capture a mirror of application traffic and send it to the Salt service for analysis.  The agent can be deployed in many optional ways, one of which is a lightweight agent using RPM. This agent has low CPU and memory consumption and adds no latency to the application since it does not sit in line of the production traffic.  The agent needs to see unencrypted traffic (after SSL termination) to enable the Salt service to perform analysis.

Prerequisites:

  • Python 2.7
  • EPEL (sudo yum install epel-release)

Instructions:

The following command should be run on Linux server:

sudo yum install -y salt-linux-agent-{AGENT_VERSION}.x86_64.rpm

sudo /usr/local/bin/salt-agent start

Once the container is deployed, it is possible to verify agent status with the following command:

sudo /usr/local/bin/salt-agent status

Where possible return codes are:

Return Value

Description

0

Salt’s agent is up & running

1

Salt’s agent is not running

2

Salt’s agent running with internal error

Debian Deployment

The Salt Debian Agent deployment is used to capture a mirror of application traffic and send it to the Salt service for analysis. The agent can be deployed in many optional ways, one of which is a lightweight agent in a Debian machine. This agent has low CPU and memory consumption and adds no latency to the application since it does not sit in line of the production traffic. The agent needs to see unencrypted traffic (after SSL termination) to enable the Salt service to perform analysis.

Instructions:

The following command should be run on Debian server

# sudo dpkg -i salt-linux-agent_{AGENT_VERSION}.deb ; sudo apt-get -f -y install

# sudo salt-agent start

Once the container is deployed, it is possible to verify agent status with the following command:

$# sudo salt-agent status

Where possible return codes are:

Return Value

Description

0

Salt’s agent is up & running

1

Salt’s agent is not running

2

Salt’s agent running with internal error

Kubernetes Deployment

The Salt Kubernetes deployment is used to capture a mirror of application traffic and send it to the Salt service for analysis. The container can be deployed in many optional ways, one of which is a lightweight sidecar container in a Kubernetes cluster. This container has low CPU and memory consumption and adds no latency to the application since it does not sit in line of the production traffic. The container needs to see unencrypted traffic (after SSL termination) to enable the Salt service to perform analysis.

Instructions:

The following snippet should be added to the “containers” section of the pod YAML file in order to deploy the Salt lightweight agent in your Kubernetes cluster:

– name: salt-agent
image: saltsecurity/agent:4.6.3
imagePullPolicy: Always
env:
– name: SALT_BACKEND_PORT
value: “443”
– name: SALT_LOGGLY_TOKEN
value: “<LOGGLY_TOKEN>”
– name: SALT_WS_DOMAIN
value: “wss://<SALT_SUBDOMAIN>.dnssf.com:444/api/agent/v1”
– name: SALT_TOKEN
value: “<SALT_TOKEN>”
– name: SALT_DOMAIN
value: “<SALT_SUBDOMAIN>.dnssf.com”

Once the container is deployed, it’s possible to verify the agent logs with the following command:

$# kubectl logs -f <pod-name> -c salt-agent

 

Docker Deployment

The Salt Docker deployment is used to capture a mirror of application traffic and send it to the Salt service for analysis. The container can be deployed in many optional ways, one of which is a lightweight docker container sniffing the network of the host. This container has low CPU and memory consumption and adds no latency to the application since it does not sit in line of the production traffic.  The container needs to see unencrypted traffic (after SSL termination) to enable the Salt service to perform analysis.

Instructions

Run the following command on the host machine:

docker run -d –restart=always –net=host -e SALT_BACKEND_PORT=443 -e SALT_DOMAIN=.dnssf.com -e SALT_TOKEN= -e SALT_LOGGLY_TOKEN= -e SALT_WS_DOMAIN=wss://.dnssf.com:444/api/agent/v1 –name salt-agent saltsecurity/agent:4.6.3

Once the container is deployed, it’s possible to verify the agent logs with the following command:

docker logs -f salt-agent

Close Menu