Atomic Inspector

Atomic Inspector is an analyst console for security operations on the Atomic OSSEC hub. It uses OpenSearch as its search and indexing backend so analysts can explore alerts and related data that the hub has already collected and processed. Alerts from the hub are passed into Inspector for search and investigation workflows.

Inspector is not a replacement for the main Atomic OSSEC web console for day-to-day administration. It is aimed at investigation workflows: searching, correlating, and reviewing hub-originated alert traffic in a dedicated interface.

Requirements

Atomic OSSEC hub — Install Inspector on the hub server after the hub is installed and working. Inspector expects the same class of environment as the hub (supported OS, network access for the installer, and sufficient resources for OpenSearch and related services).

Installation

For environments with direct internet access, the network installation method is recommended.

Step 1: Log in and become root on the system

sudo su -i

Step 2: (Optional) Configure proxy settings

export http_proxy=http://<IP>:<PORT>
export https_proxy=http://<IP>:<PORT>

Step 3: Run the Atomic Inspector installer

curl https://updates.atomicorp.com/installers/awp-db | sudo bash

Follow any prompts from the script. When it finishes, use the analyst console URL and credentials the installer reports (or your organization’s standard access method).

Note

Both network installers use curl to fetch scripts from updates.atomicorp.com. The hub installer runs awp-hub (see Installation). Inspector runs awp-db with | sudo bash on an existing hub.