StratoProbe is an executable program that you can install on a single machine. This page describes the hardware and software requirements for installing StratoProbe.
Hardware requirements
For optimal performance, depending on the number of assets you need to scan, the physical or virtual machine on which you install StratoProbe must meet the following specifications:
- Under 500 assets: 1 CPU core, 4 GB RAM, 10 GB free space.
- Under 1000 assets: 2 CPU core, 8 GB RAM, 20 GB free space.
- Under 5000 assets: 4 CPU core, 16 GB RAM, 40 GB free space.
StratoProbe application installed on a single machine can collect data from thousands of assets. However, this might reduce the frequency of scanning cycles, and therefore, result in fewer data points collected per asset.
Operating system requirements
To install StratoProbe, your machine must have one of the following operating systems:
- Windows Server 2012 R2 and higher
- Windows Desktop client version 8.1 and higher (64-bit)
Software requirements
To install StratoProbe, your machine must have the following software installed:
- Microsoft .NET Desktop Runtime 6.0.22
- Microsoft Visual C++ 2019 Redistributable x64 version 14.29.30135
- Microsoft Visual C++ 2019 Redistributable x86 version 14.29.30135
If any of these required software is not already installed, then the StratoProbe installer prompts you to install it. To complete the installation of a new software, you might need to restart your machine.
PostgreSQL is installed as part of the StratoProbe installation, and you must remove any existing PostgreSQL installation before installing StratoProbe on your machine.
Connectivity requirements
To establish a connection with your assets and with the StratoZone portal, StratoProbe must meet the following requirements:
- StratoProbe must have access to the StratoZone web API to be able to send data to the portal.
- StratoProbe must be able to access the target assets from the machine where it is installed.
Additional requirements might apply depending on your infrastructure configuration.
- If you have multiple non-routable security zones, use a different StratoProbe data collector within each zone, domain, or VLAN to avoid firewall configuration changes.
- If you have multiple non-routable security zones, and want to access
assets across such zones using a single data collector, use the following
firewall exclusions for communication between the collector's IP (source)
and the target assets:
- Linux SSH: Allow TCP inbound port 22.
- Windows WMI: Allow TCP inbound port 135 and TCP inbound dynamic ports
as follows:
- Ports 49152-65535 for Windows Server 2008 and newer.
- Ports 1025-5000 for Windows Server 2003 and older.
- For the bulk scan option, you need to allow ICMP echo requests.
- If you require access through a proxy server to connect to the internet, enable this from the Settings tab. For more details, see Enabling proxy.
The Fit assessment uses the Windows
registry to send data and only runs on target environments where PowerShell
scripts can run with ExecutionPolicy Bypass
.
To disable the Fit assessment collection, do the following:
- Edit the Service.DataCollector.dll.config in the StratoProbe folder.
- Set the
Enable mFit
value tofalse
. - Restart the StratoZone Data Collector service in Windows Services.
For more information on how to use the data that StratoZone collects for your assessment, see the documentation for mFit assessment.
Securing your machine
To secure the machine where you install StratoProbe, follow the recommendations below:
- Install StratoProbe on a customer-managed and hardened operating system.
- Maintain and monitor secure access to the machine and operating system where StratoProbe is installed.
- Don't share the credentials for the machine and operating system where StratoProbe is installed.
- Use new service accounts for assessment and deactivate the account after the assessment is complete.
- When your assessment is complete, uninstall the StratoProbe collector using Windows Add/Remove applications feature.
What's next
- Learn more about StratoProbe installation process.
- Learn more about StratoProbe collection methods.