Install vScanner using VirtualBox

As part of Arctic Wolf® Managed Risk, install a Virtual Scanner (vScanner) to perform continuous risk monitoring and vulnerability assessments. vScanner provides context for vulnerabilities that you may have in your environment.

Requirements

• A supported version of VirtualBox. See VirtualBox for more information.

• The appropriate Arctic Wolf permissions to complete the virtual scanner deployment. Contact your Concierge Security® Team (CST) to confirm who in your organization has these permissions.

• These system resources:

  Note: Reducing or limiting resource allocations below the specified requirements impacts vLC performance.

  • 8 vCPUs
  • 16 GB RAM
  • 40 GB storage

Before you begin

• Add all necessary IP addresses, ports, and services to your allowlist for full vScanner functionality.

  Tip: To see the complete list of IP addresses that you must allowlist, go to the Arctic Wolf Unified Portal, and then click Help > Allowlist Requirements. The IP addresses that must be allowlisted are listed under Scanners.

• If you rate-limit the vScanner with Quality of Service (QoS), remove this for best performance.
• If your firewall provides SSL/TLS inspection, do not perform this inspection on the vScanner management IP address.
• If you are using an application proxy or layer 7 filter on your firewall, allow outbound traffic over OpenVPN for the vScanner management IP address.

Steps

1. Download the vScanner image. 
2. Import the vScanner VM.
3. Register the vScanner with Arctic Wolf.
4. (Optional) Set a static IP address.

Step 1: Download the vScanner image

1. Sign in to the Risk Dashboard.

   Note: The Risk Dashboard is only compatible with Google Chrome.

2. In the navigation menu, click Downloads.

3. Under Download a Scanner Virtual Machine image for your virtualization infrastructure, from the list, select virtual-box.

4. Click Download Scanner VM.

5. Click Download to confirm and start the OVA file download.

Step 2: Import the vScanner VM

1. Open VirtualBox.

2. Click Tools > Import.

3. In Source, select Local File System.

4. In File, click Choose a virtual appliance file to import.

5. Locate and select the OVA file.

6. Click Continue.

7. Click Import.

   The vScanner is imported.

Step 3: Register the vScanner with Arctic Wolf

1. Contact the Arctic Wolf Deployment team at onboarding@arcticwolf.com for a registration token. You need this token to progress.

2. After you receive the token from the Deployment team, turn on the VM power.

3. After the boot sequence completes, press Enter on the console to view the DHCP lease and the Automatic Private IP Addressing (APIPA) link-local address assignment.

4. Connect to the scanner registration page at http://<scanner_ip>:57005, where <scanner_ip> is the required DHCP address.

   Note: If you do not use DHCP, use the APIPA address from another machine on the same layer 2 switch.

5. In the Registration Token field, enter the token that you received from the Deployment team.

6. Click Register to start the registration process.

   Within five minutes, the scanner appears on the Config > Scanner Console page or the Config > Analyst Console page of the Risk Dashboard.

7. Contact the Arctic Wolf Deployment team at onboarding@arcticwolf.com and confirm that the scanner is now online and that the registration is complete.

Step 4: Set a static IP address

This task is optional. However, Arctic Wolf recommends that you set a static IP address so it is easy to identify the Managed Risk Scanner as an authorized source of internal network scans.

Before you begin

• Contact the Arctic Wolf Deployment team at onboarding@arcticwolf.com for Webmin login credentials. You need these credentials to proceed.
• Contact your onboarding engineer for more information about console credentials for the operating system. These credentials are not automatically granted.

Steps

1. Sign in to the Webmin console on the VM at https://<scanner_ip>:10000, where <scanner_ip> is the DHCP address.

   Note: If DHCP is unavailable, launch a browser from another system on the same L2 switch. Then, use the APIPA address to connect to the Webmin console at https://169.254.xxx.xxx:10000.

2. Make sure the default gateway is set:

   1. In the navigation menu, click Networking > Network Configuration.
   2. Click Routing and Gateways.
   3. On the Boot time configuration tab, verify that a default gateway is set.
   4. If the default gateway value is not set, enter the appropriate values.
   5. Click Save.

3. Make sure that all relevant DNS servers are configured:

   1. Return to the Network Configuration page.
   2. Click Hostname and DNS Client.
   3. (Optional) Change the Hostname value.
   4. Verify that the first field in the DNS Servers section is populated with your DNS server IP address.
   5. If the field is not populated, enter your DNS server IP address.
   6. (Optional) Enter up to two more DNS server IP addresses in the DNS Servers fields.
   7. Click Save.

4. Configure a static IP address:

   1. Return to the Network Configuration page.
   2. Click Network Interfaces.
   3. In the table, click the eth0 value.
   4. In the IPv4 address section, select Static configuration.
   5. Enter the IPv4 address and the Netmask that you want to use.
   6. In the IPv6 addresses section, verify that IPv6 disabled is selected.
   7. Click Save.

5. Apply your configuration changes:

   1. Return to the Network Configuration page.
   2. Click Network Interfaces.
   3. Select the eth0 row in the table, and then click Apply Selected Interfaces.

6. Restart the VM.

7. Verify the new configuration in Webmin:

   1. In the navigation menu, click Networking > Network Configuration.
   2. Click Routing and Gateways.
   3. On the Active configuration tab, in the Default router section:
      1. Make sure there is at least one row where the Destination value is set to Default Route.
      2. Make sure the Gateway value is an IP address rather than None.

Next steps

• Schedule host identification and vulnerability scans. See Manage Risk Scanner configuration for more information.

See also

• Serial Console User Guide
• Managed Risk Scanner deployment
• Migrate Managed Risk Scanner configurations