Skip to main content
Version: Spectra Analyze 9.2.2

Setup and Initial Configuration

Importing the Appliance Image

There are two files in the package:

a1000.md5
a1000.ova

The .md5 file contains the plain text MD5 hash of the .ova file for file integrity verification. The .ova file utilizes the VMDK disk format and can be imported by ESXi version 5.5 or higher.

The minimum system requirements are:

1 TB of SSD storage
8 CPU cores
32 GB RAM

These are the minimum resource settings, and are fine for average use (dozens of samples per day). The settings might have to be adjusted upwards depending on the expected usage.

For heavier usage, the recommended settings are:

2 TB of SSD storage
12 CPU cores
64 GB RAM

File retention should be set to 7 days, as the performance will gradually drop off with longer retention times (5-10% per week).

Spectra Analyze configured to use the recommended settings can analyze 7 or more samples per minute.

Consult with ReversingLabs support for more information.

For hosted instances, ReversingLabs provides the following resources:

512 GB of storage
16 CPU cores
64 GB RAM

Hosted instances support up to 10 000 files per day with a 3-month retention period depending on the file size.

The following screenshots show how to import the .ova file in vSphere Version 5.5, hypervisor ESXi 5.5:

../_images/analyze-installation-1.png../_images/analyze-installation-2.png../_images/analyze-installation-3.png../_images/analyze-installation-4.png../_images/analyze-installation-5.png../_images/analyze-installation-6.png../_images/analyze-installation-7.png

Initial System Configuration via Console

For physical appliances, first connect a keyboard, mouse and display to access and interact with the console menu.

When the appliance is running (either as a physical device or in the virtual environment), the following configuration screen is used to configure it after completing the installation.

../_images/analyze-initial-console-setup.png

To select an option, enter the menu item number and follow the prompts. The menu contains the options to:

  • select the network interface
  • set static IP or dynamic via DHCP (mutually exclusive settings)
  • configure 2 DNS servers
  • configure up to 4 NTP servers
  • configure SNMP and set the SNMP community string
  • change the password for the “admin” user
  • restart and shut down the appliance

To restart the appliance after modifying the settings, enter the number next to Shutdown / Restart, then answer “n” to the shutdown question and “y” to the restart question.

The console configuration tool does not provide any detailed success messages in response to configuring the network settings. To continue working with the appliance after the initial setup, open the web browser and enter the appliance IP address displayed in the console configuration tool.

Network Ports

The Spectra Analyze appliance supports the following ports for inbound connections:

  • 80/TCP and 443/TCP for connecting to the Web interface
  • 161/UDP for SNMP monitoring

Outgoing connections to the internet via the following ports are also supported:

  • 53/UDP for DNS
  • 123/UDP for NTP

However, it is strongly recommended that the users configure the system to use their own DNS and NTP infrastructure (if necessary).

For outgoing connections to Spectra Intelligence at https://appliance-api.reversinglabs.com, the destination port is 443/TCP. The DNS name is appliance-api.reversinglabs.com and the connection supports HTTPS only.

IP / Domain Whitelisting

It is necessary to whitelist certain IP ranges and domains for connectivity with our cloud-based services. The primary range to whitelist is Cloudflare's public IP range, as outlined in their official documentation.

Additionally, whitelist the following IP range: 185.64.132.0/22, which covers various ReversingLabs endpoints crucial for full functionality and communication between your systems and the Spectra Analyze appliance.

Furthermore, if the Enable Spectra Analyze Networking Toolkit option is enabled, the appliance will attempt to gather additional network data from trusted sources such as whois, bgpview.io, GeoLite City, and DNS services.

Initial Spectra Analyze GUI Configuration

Visit the host address configured in the Initial System Configuration via Console section via a web browser to access the login screen of the Spectra Analyze Web Interface. If the Spectra Analyze is configured to support OpenID authentication, additional login options will be displayed under the default login form.

../_images/analyze-login.png

Log in using the default administrator credentials for the Spectra Analyze Web application (case-sensitive), provided by ReversingLabs support (support@reversinglabs.com).

Keep in mind that failed login attempts are recorded in the appliance logs and visible in the /var/log/rlapp/rlapp.log file.

Appliance License

On first login after installing or updating the appliance, the appliance must be licensed. Appliances without a license will work during a trial period of 45 days from the release’s general availability date.

The Spectra Analyze licensing screen.

There are two ways of licensing the appliance:

  • Spectra Intelligence: To activate using Spectra Intelligence, visit the Administration > Licensing section, click the Activate Using Spectra Intelligence button and fill out the account information. A licensing request will be sent to Spectra Intelligence and, if the account is valid, the appliance will be activated. If a valid account is already configured in Administration > Configuration > Spectra Intelligence, the appliance is already licensed. Licensed instances that can’t reach Spectra Intelligence will work during a 14-day grace period.
  • License File: To request a license file from ReversingLabs, visit the Administration > Licensing. License files require the machine ID to be sent to ReversingLabs support. Click the Request License button to easily forward the machine ID to ReversingLabs support via email. When ReversingLabs support responds with the requested license file, upload it using the Upload License dialog.

If the Spectra Analyze instance was created by cloning a VM, administrators need to generate a new Machine ID and request a new license for every clone of the original appliance VM.

Additional Information

  • Appliances without a license are in a trial period for 45 days from the release’s general availability day.
  • Appliances licensed using Spectra Intelligence that can’t reach Spectra Intelligence enter a grace period of 14 days during which the appliance will still operate normally.
  • Once the trial/grace period expires, the appliance will open to the Licensing screen by default and no other actions will be available.
  • Regenerating a machine ID of an already licensed appliance will require it to be licensed again.
note

The Spectra Analyze can also be licensed using the Licensing APIs.

Login

Once the user logs in, a popup window is displayed for all accounts on the appliance. The popup contains the latest release highlights, informing the users about the changes delivered in the new Spectra Analyze version. Users can dismiss the popup, and it will not be displayed on subsequent logins.

To view the popup again at any time, click What’s new in the appliance footer.

Change Default Administrator Credentials

After logging in, look for the password change notice at the top of the page. Click the your password link and change the administrator account password in the dialog that opens. Alternatively, click the User profile option in the User menu at the top right of the page. This opens the User Settings page with additional configuration options.

If password requirements are configured on the appliance (in the Administration ‣ Configuration ‣ Authentication dialog), the new administrator account password must comply with them.

The email address associated with the default administrator account should also be changed. In case there is a need to use the password reset feature (the Forgot your password? link on the login screen), the emails sent from the appliance will go the email address associated with the administrator account.

To change the email address, click the Administration link in the User menu, then select the Users section on the Administration page. Search for the “admin” username, or select it in the list of users to open the Change user dialog and modify the email address specified there.

User Settings

The User Settings page contains options for configuring the profile of the user currently logged into the appliance. To access the page, click the User Profile link in the User menu at the top right of the page.

../_images/analyze-user-profile.png

The Profile section of the page contains options for modifying the user profile. Apart from setting their first name, last name and email address, users can also change their password for logging into the appliance.

If password requirements are configured on the appliance, the new user account password must comply with them. The Profile section will display warning text in case the new password does not satisfy the configured password requirements.

To save changes in the Profile section, click Submit in the lower right corner.

The Alert Subscriptions section of the page shows all of the alert subscriptions for the current user. See the Managing Alert Subscriptions and Actions chapter for more information.