Atomic Inspector

Atomic Inspector is an analyst console for security operations on the Atomic OSSEC hub. It uses OpenSearch as its search and indexing backend so analysts can explore alerts and related data that the hub has already collected and processed. Alerts from the hub are passed into Inspector for search and investigation workflows.

Inspector is not a replacement for the main Atomic OSSEC web console for day-to-day administration. It is aimed at investigation workflows: searching, correlating, and reviewing hub-originated alert traffic in a dedicated interface.

Requirements

  • Atomic OSSEC hub — Install Inspector on the hub server after the hub is installed and working.

  • System Resources — Because Inspector runs OpenSearch and OpenSearch Dashboards in containers, the host server requires additional resources (CPU and Memory) above the base hub installation:

    • Cores: 8 vCPUs Minimum, 16 vCPUs Recommended.

    • Memory: 16 GB RAM Minimum, 32 GB Recommended.

    • Storage: High-speed storage (SSD or NVMe) is strongly recommended for OpenSearch indexing performance. Retention requirements will significantly impact disk space needs.

Command Line Network Installer

For environments with direct internet access, the network installation method is recommended.

Step 1: Log in and become root on the system

sudo su -i

Step 2: (Optional) Configure proxy settings

export http_proxy=http://<IP>:<PORT>
export https_proxy=http://<IP>:<PORT>

Step 3: Run the Atomic Inspector installer

curl https://updates.atomicorp.com/installers/awp-db | sudo bash

Follow any prompts from the script. When it finishes, use the analyst console URL and credentials the installer reports (or your organization’s standard access method).

Offline ISO Installer

Note

This installation option is only available with a specialty license. Please contact sales@atomicorp.com for more information.

For environments without internet access:

Step 1: Download the Atomic Inspector ISO

Download the appropriate ISO for your platform from: https://updates.atomicorp.com/channels/isotope/

Step 2: Mount the ISO on the server

Copy the ISO to the target Atomic OSSEC hub and mount it:

sudo mount -o loop awp-inspector.iso /mnt

Step 3: Run the installation utility

Execute the offline installation script from the mount point, passing the mount point path as an argument:

sudo /mnt/awp-db-offline.sh /mnt

The installer will configure a local repository, load the necessary container images (OpenSearch, Dashboards, and Inspector services), and prompt you to set the initial admin password.

Note

Both network installers use curl to fetch scripts from updates.atomicorp.com. The hub installer runs awp-hub (see Installation). Inspector runs awp-db with | sudo bash on an existing hub.