Virtual Scanner Installation in a Hyper-V Environment
Updated Sep 15, 2023Install vScanner using Microsoft Hyper-V Manager
As part of Arctic Wolf® Managed Risk, install a Virtual Scanner (vScanner) to perform continuous risk monitoring and vulnerability assessments. vScanner provides context for vulnerabilities that you may have in your environment.
Requirements
-
Microsoft Hyper-V Server 2016 or Microsoft Hyper-V Server 2019
-
The appropriate Arctic Wolf permissions to complete the virtual scanner deployment. Contact your Concierge Security® Team (CST) to confirm who in your organization has these permissions.
-
These system resources:
Note: Reducing or limiting resource allocations below the specified requirements impacts vLC performance.
- 8 vCPUs
- 16 GB RAM
- 40 GB storage
Before you begin
- Make sure you have the appropriate Arctic Wolf permissions to complete the vScanner deployment. Contact your Concierge Security Team© (CST) to confirm who in your organization has these permissions.
- Add all necessary IP addresses, ports, and services to your allowlist for full vScanner functionality.
Tip: To see the complete list of IP addresses that you must allowlist, go to the Arctic Wolf Unified Portal, and then click Help > Allowlist Requirements. The IP addresses that must be allowlisted are listed under Scanners.
- If you rate-limit the vScanner with Quality of Service (QoS), remove this for best performance.
- If your firewall provides SSL/TLS inspection, do not perform this inspection on the vScanner management IP address.
- If you are using an application proxy or layer 7 filter on your firewall, allow outbound traffic over OpenVPN for the vScanner management IP address.
Steps
- Download the vScanner image.
- Import the vScanner VM.
- Configure the vScanner VM.
- Register the vScanner with Arctic Wolf.
- Set a static IP address.
Step 1: Download the vScanner image
-
Sign in to the Risk Dashboard.
Note: The Risk Dashboard is only compatible with Google Chrome.
-
In the navigation menu, click Downloads.
-
Under Download a Scanner Virtual Machine image for your virtualization infrastructure, from the list, select hyper-v-2016+.
-
Click Download Scanner VM.
-
Click Download to confirm and start the zip file download.
-
When the download completes, extract the zip file.
Step 2: Import the vScanner VM
Based on your Hyper-V Server version, do one of these actions:
Import the vScanner VM to Hyper-V Server 2019
- In Hyper-V Manager, select the desired server.
- In the Actions menu, click Import Virtual Machine.
- Click Next.
- Select the folder that contains the VHDX file:
- Click Browse, and then navigate to the
rootsecure-sensor-hyperv-latest
folder that you extracted from the zip file. - Select the Virtual Hard Disks folder, which contains the VHDX file.
- Click Next.
- Click Browse, and then navigate to the
- Select the virtual machine (VM) to import.
- Choose your preferred import type, and then click Next.
- If applicable, configure other settings based on the import type you selected, and then click Next.
- Review the summary of your VM import.
- Click Finish.
Import the vScanner VM to Hyper-V Server 2016
- In Hyper-V Manager, select the desired server.
- In the Actions menu, click New > Virtual Machine.
- Click Next.
- Enter a name for the VM. For example,
Arctic Wolf Scanner
. - (Optional) Change the storage location of the VM.
- Click Next.
- Select Generation 2, and then click Next.
- Set the desired amount of memory for the VM, and then click Next.
- Select the network interface that you want the VM to use, and then click Next.
- Select the VHDX file to import:
- Select Use an existing virtual harddisk.
- Click Browse, and then navigate to the
rootsecure-sensor-hyperv-latest
folder that you extracted from the zip file. - Open the Virtual Hard Disks folder, and then select the VHDX file.
- Click Next.
- Review the summary of your VM import.
- Click Finish.
Step 3: Configure the vScanner VM
- In Hyper-V Manager, select the desired server.
- In the Virtual Machines section, right-click the vScanner VM, and then select Settings.
- Configure these Hardware settings:
- Firmware — Boot from Hard Drive
- Security — Secure Boot disabled
- Configure these Management settings:
- Name — For example,
Arctic Wolf Scanner
- Integration Services — Some services offered
- Checkpoints — Production
- Automatic Start Action — Always start
- Automatic Stop Action — Save
- Name — For example,
Step 4: Register the vScanner with Arctic Wolf
-
Contact the Arctic Wolf Deployment team at onboarding@arcticwolf.com for a registration token. You need this token to progress.
-
After you receive the token from the Deployment team, turn on the VM power.
-
After the boot sequence completes, press Enter on the console to view the DHCP lease and the Automatic Private IP Addressing (APIPA) link-local address assignment.
-
Connect to the scanner registration page at
http://<scanner_ip>:57005
, where<scanner_ip>
is the required DHCP address.Note: If you do not use DHCP, use the APIPA address from another machine on the same layer 2 switch.
-
In the Registration Token field, enter the token that you received from the Deployment team.
-
Click Register to start the registration process.
Within five minutes, the scanner appears on the Config > Scanner Console page or the Config > Analyst Console page of the Risk Dashboard.
-
Contact the Arctic Wolf Deployment team at onboarding@arcticwolf.com and confirm that the scanner is now online and that the registration is complete.
Step 5: Set a static IP address
This task is optional. However, Arctic Wolf recommends that you set a static IP address so it is easy to identify the Managed Risk Scanner as an authorized source of internal network scans.
Before you begin
- Contact the Arctic Wolf Deployment team at onboarding@arcticwolf.com for Webmin login credentials. You need these credentials to proceed.
- Contact your onboarding engineer for more information about console credentials for the operating system. These credentials are not automatically granted.
Steps
-
Sign in to the Webmin console on the VM at
https://<scanner_ip>:10000
, where<scanner_ip>
is the DHCP address.Note: If DHCP is unavailable, launch a browser from another system on the same L2 switch. Then, use the APIPA address to connect to the Webmin console at
https://169.254.xxx.xxx:10000
. -
Make sure the default gateway is set:
- In the navigation menu, click Networking > Network Configuration.
- Click Routing and Gateways.
- On the Boot time configuration tab, verify that a default gateway is set.
- If the default gateway value is not set, enter the appropriate values.
- Click Save.
-
Make sure that all relevant DNS servers are configured:
- Return to the Network Configuration page.
- Click Hostname and DNS Client.
- (Optional) Change the Hostname value.
- Verify that the first field in the DNS Servers section is populated with your DNS server IP address.
- If the field is not populated, enter your DNS server IP address.
- (Optional) Enter up to two more DNS server IP addresses in the DNS Servers fields.
- Click Save.
-
Configure a static IP address:
- Return to the Network Configuration page.
- Click Network Interfaces.
- In the table, click the eth0 value.
- In the IPv4 address section, select Static configuration.
- Enter the IPv4 address and the Netmask that you want to use.
- In the IPv6 addresses section, verify that IPv6 disabled is selected.
- Click Save.
-
Apply your configuration changes:
- Return to the Network Configuration page.
- Click Network Interfaces.
- Select the eth0 row in the table, and then click Apply Selected Interfaces.
-
Restart the VM.
-
Verify the new configuration in Webmin:
- In the navigation menu, click Networking > Network Configuration.
- Click Routing and Gateways.
- On the Active configuration tab, in the Default router section:
- Make sure there is at least one row where the Destination value is set to Default Route.
- Make sure the Gateway value is an IP address rather than None.
Next steps
- Schedule host identification and vulnerability scans. See Manage Risk Scanner configuration for more information.