ZeroNorth™ Environment Checklist

This article describes the environment/network prerequisites for utilizing the ZeroNorth platform. There are different levels of prerequisites depending on how the ZeroNorth platform is utilized/installed:

  • Using the ZeroNorth SaaS Platform (most common)
  • Using the ZeroNorth Integration Orchestrator (an on-prem agent)

Using the ZeroNorth SaaS Platform

If you are subscribing to the ZeroNorth SaaS Platform (including the AWS “Get-Started Program”), the environment/network requirements are as follows.

The following egress (outbound) access is required:

Optionally, to perform Artifact SAST/SCA scans orchestrated via ZeroNorth using the ZeroNorth Integration Container Docker Container (zeronorth/integration:latest):

If you are using the " zeronorth_cli " stand-alone executable for the Artifact scans, then you just need to add egress access to:

To allow the ZeroNorth SaaS platform to perform DAST scans against Target in your network, white list the following source IPs for inbound traffic:

  • 3.218.206.250
  • 3.220.21.166
  • 3.221.78.177
  • 52.26.197.7
  • 52.32.250.11
  • 52.43.18.240

Using the ZeroNorth Integration Orchestrator

To use the ZeroNorth on-prem agent called " Integration Orchestrator ", there are additional requirements.

Egress access to:

Docker environment v17.12 or later running on a platform such as:

  • CentOS/RHEL 7.x
  • Ubuntu
  • MacOSX

ZeroNorth’s Integration Orchestrator is not yet supported on Win64, including on the WSL (Windows Subsystem for Linux).

You will also need a Docker Hub username. Please, refer to the article " ZeroNorth Integration-Orchestrator (an on-prem option) " for full details.

Proxy Servers and ZeroNorth

If your network environment requires the use of proxy servers for egress access, you will need to:

  1. Ensure that the following destinations are white-listed by domain name (not by IP), meaning the proxy settings must allow unfiltered access to the following:
  1. If proxy configuration is required for egress access, ensure that the host you are running the ZeroNorth CLI on has proper proxy variables set. This typically means setting the following environmental variables at the shell level or at the system level:
  • http_proxy
  • https_proxy
  • ftp_proxy
  • no_proxy
  • HTTP_PROXY
  • HTTPS_PROXY
  • FTP_PROXY
  • NO_PROXY
  1. If you will be utilizing ZeroNorth’s Docker containers in an environment that requires proxy configuration, refer to the following Internet post and implement both methods:

How to configure docker to use proxy – The Geek Diary

Firewalls

  • It may be necessary to also configure corporate firewalls and DLP agents similarly.
  • If you are running in an AWS VPC, ensure that your VPC security policies also completely white list the above destinations.

TLS/SSL Certificates

ZeroNorth components require that the resources we connect to provide valid, trusted CA root certificates. This requirement applies to the following items:

  • Repositories such as GitHub Enterprise, Bitbucket Enterprise, etc.
  • Scanning servers such as SonarQube, Black Duck, Checkmarx, Sonatype, etc.
  • Ticketing systems such as Jira onprem, etc.
  • IAM providers such as ADFS, LDAP, etc.
  • Any of your enterprise resources that you want ZeroNorth to connect to.

If you are unsure, please contact [email protected] .