# Installation and Configuration

### Prerequisites

To successfully integrate using Netacea, please ensure you have:

1. Access to the relevant API keys and log shipping endpoints from Netacea.

### Implementation Steps

1. In the F5 console, head to the System > Resource Provisioning menu item.

<figure><img src="https://3359534748-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8KQH1bDl0sVMvZgHUjkC%2Fuploads%2Fgit-blob-06deb308c7ac0eba400921762d1f4446f4535d2a%2Fimage%20(5)%20(1)%20(2).png?alt=media" alt=""><figcaption></figcaption></figure>

2\. Make sure the ‘iRules Language Extensions (iRulesLX)’ is ticked and has adequate provisioning assigned - 'Nominal' should be chosen.

3\. Under ‘Local Traffic > iRules’ the LX-specific menu items should be present.

<figure><img src="https://3359534748-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8KQH1bDl0sVMvZgHUjkC%2Fuploads%2Fgit-blob-2672ec88a92c8426284ff955a9a200b89e324188%2Fimage%20(2)%20(2)%20(1)%20(1).png?alt=media" alt=""><figcaption></figcaption></figure>

#### Upload workspace <a href="#upload-workspace" id="upload-workspace"></a>

1. Head to iRules > LX Workspaces
2. Click the ‘Import’ button.

<figure><img src="https://3359534748-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8KQH1bDl0sVMvZgHUjkC%2Fuploads%2Fgit-blob-69b7b636dd8901c14bc4a78ea8bf6b279f9407b1%2Fimage%20(6)%20(3)%20(1).png?alt=media" alt=""><figcaption></figcaption></figure>

3\. Point the import to the workspace provided by Netacea, and call the workspace ‘Netacea'.

<figure><img src="https://3359534748-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8KQH1bDl0sVMvZgHUjkC%2Fuploads%2Fgit-blob-ae450c1c1ba21954f30298dea26315199226b643%2Fimage%20(25)%20(1).png?alt=media" alt=""><figcaption></figcaption></figure>

#### Installing f5-nodejs module <a href="#installing-f5-nodejs-module" id="installing-f5-nodejs-module"></a>

{% hint style="info" %}
**Note:** When connecting through SSH you might end up in `tmos` rather than bash. You can see this on the command line if it contains the word `tmos` e.g.

`username@(ip-172-31-10-207)(cfg-sync Standalone)(Active)(/Common)(tmos)#`

In order to access the file location below you will need to switch to bash using the following command:

`run /util bash`
{% endhint %}

The nodejs library for iRules LX is NOT published to NPM ([https://www.npmjs.com](https://www.npmjs.com/)) and only resides on the F5 BIG-IP system. You can find further information on the f5 website [here](https://support.f5.com/csp/article/K16221101), as well as on NPM (<https://www.npmjs.com/package/f5-nodejs>).

Due to this fact, a few short steps are required to ensure the workspace works as expected.

* SSH onto your F5 node via a terminal
* Change into the directory where your workspace resides. e.g. `/var/ilx/workspaces/Common/your_module_name_here/extensions/netacea`
* Once you are inside the Netacea module make a directory named `node_modules` e.g. `mkdir node_modules`
* Change into your newly created `node_modules` directory and unzip the f5-nodejs files by running the command `tar -xvzf /usr/share/packages/nodejs/f5-nodejs-6.tgz`

This will install the f5-nodejs module into the desired `node_module` folder and can be viewed in the F5 console.

#### Adding API Keys <a href="#adding-api-keys" id="adding-api-keys"></a>

1. From the LX Workspaces view - click on the named workspace. e.g. ‘Netacea’
2. Locate the config.json file and include the apiKey and secretKey for the workspace and click ‘Save File’ below
3. Click the ‘Reload from Workspace...’ button which will then update the files within the workspace.

<figure><img src="https://3359534748-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8KQH1bDl0sVMvZgHUjkC%2Fuploads%2Fgit-blob-300ae1a063ff80bd3bc291f7c7f4962a31296093%2Fimage%20(10)%20(2).png?alt=media" alt=""><figcaption></figcaption></figure>

4\. Ensure that there is no orange highlighted ‘workspace files’ afterward. This signifies they've changed since the last reload of the plugin.

API keys are always added and saved before you move onto ‘Activate Plugin’ - otherwise, it will fail to start.

#### Adding your NetaceaConfig.json <a href="#adding-your-netaceaconfig.json" id="adding-your-netaceaconfig.json"></a>

There are 5 fields that should be located in the NetaceaConfig.json file. An example can be found below:

{% code overflow="wrap" %}

```
{ 
"apiKey": "API_KEY", 
"secretKey": "SECRET_KEY",
"mitigationType": "MITIGATION_TYPE", // Either "INGEST" or "MITIGATE"
"ingestType": "KINESIS",
"mitigationServiceUrl": "MITIGATE SERVICE URL",
  "kinesis": {
  "kinesisStreamName": "KINESIS_STREAM_NAME",
    "kinesisAccessKey": "KINESIS_ACCESS_KEY",
    "kinesisSecretKey": "KINESIS_SECRET_KEY",
    "logBatchSize": 100,
    "maxLogAgeSeconds": 3
  }
}
```

{% endcode %}

#### Activate plugin <a href="#activate-plugin" id="activate-plugin"></a>

1. From the LX workspaces view - click the ‘LX Plugins’ tab, and then the ‘Create’ button

<figure><img src="https://3359534748-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8KQH1bDl0sVMvZgHUjkC%2Fuploads%2Fgit-blob-6913cade341aa5c85a6ac1de7e0cdf6b9142e586%2Fimage%20(7)%20(3).png?alt=media" alt=""><figcaption></figcaption></figure>

2\. Call the plugin 'Netacea' and choose the workspace we just imported.

<figure><img src="https://3359534748-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8KQH1bDl0sVMvZgHUjkC%2Fuploads%2Fgit-blob-e8a603f6169fb0134da1f916fe02b1bfc8bf19e2%2Fimage%20(1)%20(3)%20(1).png?alt=media" alt=""><figcaption></figcaption></figure>

#### Enabling iRules <a href="#enabling-irules" id="enabling-irules"></a>

{% hint style="info" %}
It’s worth noting that the F5 worker can ‘INGEST’ from the mitigate iRule. Enabling netacea\_mitigate means that you do not need to have netacea\_ingest enabled, as the mitigate iRule will also handle Ingest. This means that a user only then needs to update the “mitigationType” located within NetaceaConfig.json to switch between ingest and mitigate without changing the iRule itself.
{% endhint %}

1. From the relevant virtual server view, choose the ‘Resources’ tab and then ‘manage’ iRule allocation.

<figure><img src="https://3359534748-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8KQH1bDl0sVMvZgHUjkC%2Fuploads%2Fgit-blob-67f12693a16d2d8cefb5b0cab8d9bff07c15303a%2Fimage%20(3)%20(1)%20(3).png?alt=media" alt=""><figcaption></figcaption></figure>

2\. Find the two Netacea iRules in the ‘Available' list, move the relevant iRule to the 'Enabled’ box, and set the desired priority. We recommend the highest priority where conflict will not occur.

<figure><img src="https://3359534748-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8KQH1bDl0sVMvZgHUjkC%2Fuploads%2Fgit-blob-cb5406bfe5a78af5d3234854cf118c9a8a84a8f9%2Fimage%20(29).png?alt=media" alt=""><figcaption></figcaption></figure>

**netacea\_ingest** - this will just send request data to Netacea for analysis and will not take any action on live requests.

**netacea\_mitigate** - this will send request data to Netacea and automatically mitigate identified threats according to your configuration.

### Useful links <a href="#useful-links" id="useful-links"></a>

F5 Datasheet - <https://www.f5.com/pdf/products/big-ip-local-traffic-manager-ds.pdf>

iRules LX overview - <https://clouddocs.f5.com/api/irules-lx/>

iRules LX API docs - <https://clouddocs.f5.com/api/irules-lx/APIReference.html>

iRulesLX Streaming guide here: <https://readthedocs.org/projects/f5-agility-labs-irules/downloads/pdf/latest/>