The Four "I's": Install, Instrument, Insights, Integrations
Deepfactor setup workflow is comprised of Four "i"s - Install, Instrument, Insights, and Integrations. Below we cover the prerequisites required to achieve these four "i"s. Please go through these ahead of your Deepfactor setup to ensure success with the product.
Install - Install the Deepfactor portal
The Deepfactor portal is the core of the Deepfactor application. It is a Virtual Machine instance that receives telemetry data generated from the runtime process of applications and provides observability and metrics.
Deployment of the portal is currently supported in two ways:
- AWS - Using a downloadable AWS CloudFormation template.
Pre-requisites: This requires an AWS account with an account permission to deploy:
1. One EC2 instance - m5a.2xlarge (recommended)
2. Two EBS storage devices totaling 520GB.
3. An Elastic IP (EIP) address.
- VMware - Deploy locally using a downloadable OVA file.
Pre-requisites: This requires an ESXi host or VMware cluster with:
1. Administrator permissions
2. 32GB RAM
3. 8 vCPU
4. 520GB Disk
5. A DHCP addressable space
Once complete, review the next step: Launching the Deepfactor Portal after Installation
Instrument - Configure your application to send telemetry data
Deepfactor works with both containerized apps and traditional non-containerized apps, as long as you are running one of our supported Linux distributions mentioned in this list.
1. Instrumentation of containers will require account access to the Docker build engine
and possible read/write access to a repository if image management is used.
2. Non-containerized binary applications will require read/write access to create a new
You can get started by referencing this document:
Instrumenting your first application
Insights - Review the results
Deepfactor provides insights using its Application Runtime Intelligence module, across three areas:
1. Know Your App
Deepfactor assesses your app's network topology and composition, and drift between builds. This includes web services. files, network, ports, 3rd Party APIs, and libraries.
2. Know You Security
Deepfactor pinpoints security risks within your code & 3rd party code at execution time. These include:
a. Code execution risks curated by Deepfactor's security research team.
b. AppSec policy violations.
d. Runtime vulnerabilities (CVEs/CWEs/CVSS scores) in your dependencies and libraries to complement your SCA tools.
Use your browser to login to the DeepFactor portal and access your insights.
Integrations - Integrate with your DevOps pipeline & Dev tools
Complete your setup by integrating Deepfactor into your existing toolset.
You need the application administrator rights for integration.