The Four "I's": Install, Instrument, Insights, Integrations
Deepfactor setup workflow is comprised of Four "i"s - Install, Instrument, Insights, and Integrations. Below we cover the prerequisites required to achieve these four "i"s. Please go through these ahead of your Deepfactor setup to ensure success with the product.
Install - Install the Deepfactor portal
The Deepfactor portal is the core of the Deepfactor application. It comprises a set of services that receives telemetry data generated from the runtime process of your applications and generates insights.
Deployment of the portal is currently supported in two ways:
- AWS - Using a downloadable AWS CloudFormation template.
Pre-requisites: This requires an AWS account with an account permission to deploy:
1. One EC2 instance - m5a.2xlarge (recommended)
2. Two EBS storage devices totaling 520GB.
3. An Elastic IP (EIP) address.
- VMware - Deploy locally using a downloadable OVA file.
Pre-requisites: This requires an ESXi host or VMware cluster with:
1. Administrator permissions
2. 32GB RAM
3. 8 vCPU
4. 520GB Disk
5. A DHCP addressable space
Once complete, review the next step: Launching the Deepfactor Portal after Installation
Instrument - Configure your application to send telemetry data
Deepfactor works with both containerized apps and traditional non-containerized apps, as long as you are running one of our supported Linux distributions mentioned in this list.
1. Instrumentation of containers will require account access to the Docker build engine
and possible read/write access to a repository if image management is used.
2. Non-containerized binary applications will require read/write access to create a new
You can get started by referencing this document:
Instrumenting your first application
Insights - Review the results
Deepfactor provides insights using its Application Runtime Intelligence module, across three areas:
1. Know Your App
Deepfactor assesses your app's network topology and composition, and drift between builds. This includes web services. files, network, ports, 3rd Party APIs, and libraries.
2. Know You Security
Deepfactor pinpoints security risks within your code & 3rd party code at execution time. These include:
a. Code execution risks curated by Deepfactor's security research team.
b. AppSec policy violations.
c. OWASP risks (leveraging a one click/command headless OWASP ZAP Scans integration. Also see: ZAP Scan Q & A).
d. Runtime vulnerabilities (CVEs/CWEs/CVSS scores) in your dependencies and libraries to complement your SCA tools.
Use your browser to login to the DeepFactor portal and access your insights.
Integrations - Integrate with your DevOps pipeline & Dev tools
Complete your setup by integrating Deepfactor into your existing toolset.
Integrating Jira with Deepfactor portal
Integrating Slack with Deepfactor portal
You need the application administrator rights for integration.
Please sign in to leave a comment.