Deployment Guide

Deployment Stages

The XDR Data Engine deployment follows a two-stage process, ensuring a robust and scalable security data processing platform.

The foundation layer establishes the essential infrastructure components:

Kubernetes Environment
- Cluster setup and configuration
- Resource quotas and limits
- Service accounts and RBAC
Kafka Infrastructure
- Broker setup
- Topic management
- Replication configuration
Security Controls
- Network policies
- Access controls
- Encryption settings
Networking
- Load balancers
- DMZ configuration for HyperCollectors
- Internal routing

The XDE build system manages the data processing components:

Meta Schemas
- Core schema definitions
- Base data structures
- Schema relationships
- Version control metadata
Derived Schemas
- Extended schema definitions
- Custom field mappings
- Schema transformations
- Business logic implementations
Ingestion Pipelines
- Helm charts for deployment
- Vector configurations
- Transformation rules
- Data routing definitions
Receivers
- Input configurations
- Protocol handlers
- Data validation rules
- Initial processing logic
Hunts and Rules
- Detection logic
- Search patterns
- Alert configurations
- Response actions

The XDE platform adopts a unified repository approach, keeping all components in a single repository. This strategy provides several advantages:

Reduced Mean Time to Recovery (MTTR)
- Quick access to all components
- Simplified troubleshooting
- Consistent versioning
- Faster deployment rollbacks
Improved Change Management
- Reduced change failure rates
- Better change tracking
- Coordinated updates
- Integrated testing
Enhanced Developer Velocity
- Single source of truth
- Streamlined workflows
- Integrated development environment
- Reduced context switching
Tighter Integration
- Component synchronization
- Consistent interfaces
- Reduced version conflicts
- Simplified dependency management

Version Control
- Use semantic versioning
- Maintain a clear branching strategy
- Document all changes
- Tag releases consistently
Component Integration
- Test components together
- Maintain interface compatibility
- Document dependencies
- Version components as a unit
Deployment Process
- Use automated deployment pipelines
- Implement staged rollouts
- Maintain rollback procedures
- Monitor deployment health
Testing Strategy
- Integration tests across components
- End-to-end testing
- Performance validation
- Security testing

Infrastructure Preparation

graph TD
A[Core Infrastructure] --> B[Kubernetes Setup]
A --> C[Kafka Setup]
A --> D[Security Controls]
A --> E[Network Configuration]

XDE Component Deployment

graph TD
A[XDE Components] --> B[Meta Schemas]
A --> C[Derived Schemas]
A --> D[Ingestion Pipelines]
A --> E[Receivers]
A --> F[Hunts and Rules]

Health Checks
- Component status monitoring
- Performance metrics
- Error tracking
- Resource utilization
Updates and Upgrades
- Coordinated component updates
- Dependency management
- Version compatibility
- Update validation
Backup and Recovery
- Component state backup
- Configuration backup
- Recovery procedures
- Data preservation

Access Control
- Role-based access
- Authentication mechanisms
- Authorization policies
- Audit logging
Network Security
- Segmentation
- Encryption
- Firewall rules
- Traffic monitoring
Data Protection
- Data encryption
- Access logging
- Data retention
- Privacy controls

Common Issues
- Component connectivity
- Resource constraints
- Configuration conflicts
- Performance bottlenecks
Resolution Steps
- Diagnostic procedures
- Log analysis
- Component isolation
- Recovery actions

Last updated 11 months ago