Requirements

New: Enterprise Networking

Available in sensor version 1.2.4+

Red Canary CWP sensors rely on AWS S3 for communication and in some cases, it may not fit with an organization’s needs and strategy to expose outbound firewalls to large IP address ranges such as an entire AWS S3 region. 

For these situations, new enterprise networking may be leveraged to connect to a more limited range of addresses. This allows you to connect to a single Red Canary domain, https://cwp-ingest.redcanary.io, for delivery of all telemetry and health and error reporting. This is available in any paid CWP account.

Configuration

Currently, to configure enterprise networking, please first reach out to us to obtain your Outpost authentication token. You can request it via your dedicated Slack channel or contact us at support@redcanary.com.

Add the following keys to /opt/redcanary/config.json. Both are required for enabling enterprise networking.

• outpost_auth_token
• offload_target

Sample config.json

{
   "access_token":"xxxxxxxxxxxxxx",
   "subscription_plan":"Managed",
   "outpost_auth_token":"xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxx",
   "offload_target":"Outpost"
}

Restart Service

Once the new configuration is saved, restart the service for enterprise networking to take effect.

systemctl restart cfsvcd

Allow-list Domain

Please allow-list https://cwp-ingest.redcanary.io.

Verification

If there are any issues, check the sensor log file for errors relating to Outpost and reach out for support if needed. You can contact us in your dedicated Slack channel or at support@redcanary.com. 

Log File

/opt/redcanary/cf_system_log.csv