Dropzone AI Documentation
WebsiteTest Drive
  • Dropzone Documentation
  • Overview
    • Alert Sources
    • Data Sources
    • Communicators
    • On-prem Support - Dropzone Connector
    • Interactive Chat
    • Metrics Guide
  • Dropzone Administraton
    • Team Admin
      • Google Workspace SAML
      • Okta SAML
  • Dropzone Integrations
    • Alert + Data Source Integrations
      • Amazon Web Services (AWS)
        • Cross-Account Access via CloudFormation
        • Cross-Account Access via Console
      • CrowdStrike
      • Datadog
      • Elasticsearch
      • Google Workspace
      • Google GCP
      • Jira
      • Microsoft 365 / Microsoft Defender
      • Palo Alto Networks Firewall
      • Panther
      • SentinelOne
      • Splunk
      • Sumo Logic
    • Alert Integrations
      • Gem
    • Communicators
      • Slack Communicator
    • Data Source Integrations
      • AbuseIPDB
      • Active Directory (LDAP)
      • Archive Inspector
      • Blocklist.de
      • CAPA
      • Censys
      • Crowdstrike Falcon Intelligence
      • DNSResolver
      • File
      • GreyNoise
      • Hybrid Analysis
      • Host.io
      • IPInfo.io
      • IPQualityScore
      • MalwareBazaar
      • Nuclei
      • NVD
      • Okta
      • oletools
      • OpenSSL Sign Code
      • PDF Analysis
      • Perplexity AI
      • PhishTank
      • Shodan
      • TShark
      • QRadar
      • UnshortenMe
      • URLhaus
      • Urlscan.io
      • VirusTotal
      • Vision
      • WHOIS
      • YARAify
Powered by GitBook
On this page
  • On-prem support - Dropzone Private Network Connector
  • Private Network Connector Security
  • Enabling the Private Network Connector Client
  • Troubleshooting
  • Restarting the Private Network Connector Container
  • Testing Network Path

Was this helpful?

  1. Overview

On-prem Support - Dropzone Connector

PreviousCommunicatorsNextInteractive Chat

Last updated 1 month ago

Was this helpful?

On-prem support - Dropzone Private Network Connector

Dropzone AI connects to APIs via its Data Source and Alert integrations. Many of these are reachable across the internet, such as third-party Threat Intelligence sources, corporate SaaS tools, and public cloud APIs. However many corporate systems may be behind firewalls and VPNs for security reasons.

Customers are able to enable Dropzone to reach restricted systems by running a lightweight Dropzone Private Network Connector Client docker container within their secure environment. This process connects out to the Dropzone tenant network and establishes a reverse tunnel.

Private Network Connector Security

The Dropzone integrations that require access to the protected resources tunnel their connections through this Private Network Connector Client container, so their source IP is from within your datacenter.

The Private Network Connector Client can be run on any host capable of running Docker containers, such as a physical server, VM, or inside your public/private cloud environment.

For additional security you may restrict what outbound connections can be made from the connector machine to your internal resources. Examples include

  • Putting the connector machine on a firewall DMZ

  • Enabling cloud-native restrictions on the connector machine (e.g. AWS Security Groups)

  • Running local firewall rules on the connector machine (e.g. iptables, shorewall)

Just make sure that the connector machine can reach the machines you want integrated, on the ports/protocols needed, DNS, and your tenant machine on port 8080.

Enabling the Private Network Connector Client

Running the Private Network Connector Client requires a machine that meets the following requirements:

  • System

    • has Docker Engine (Docker CE) installed

    • capable of running x86_64 Linux docker containers

    • has at least 1 GB of available memory

    • has at least 1 GB of available disk space

  • Network

    • can reach the resources (e.g. splunk) you want available for Dropzone integrations

    • can connect to your tenant (e.g. https://mycompany.dropzone.ai ) on port 8080 via TCP

    • has access to DNS that can look up your tenant DNS name and internal resources

  • Availability

    • is up 24x7

This may be a machine dedicated to this container, or a multi-use resource that meets your security policy.

Henceforth we will call this machine the connector-client-host.

To install the Private Network Connector Client, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

  • Click System > Connectors

  • On the "Main" connector tile, click "Configure"

  • The configuration drawer will slide out from the right hand side

  • Download the Private Network Connector Client docker image by clicking on the link

  • Upload the Private Network connector Docker image to the connector-client-host, e.g. via scp

  • Load the docker image on the connector-client-host

    connector-client-host$ sudo docker load -i connector.tar.gz
    
    # Or, if sudo is not needed
    connector-client-host$ docker load -i connector.tar.gz
  • Copy the command in the Dropzone UI and run it on the connector-client-host:

    connector-client-host$ sudo docker run --detach --name connector --env OPTIONS='--auth ...
    
    # Or if sudo is not needed
    connector-client-host$ docker run --detach --name connector --env OPTIONS='--auth ...
  • Verify the connector is running by using docker ps

    connector-client-host$ docker ps
    CONTAINER ID IMAGE     COMMAND      CREATED         STATUS       NAMES
    1c92972436d9 connector "/app/init"  3 seconds ago   Up 2 seconds dropzone-connector-client
  • Click Close

  • Refresh the page and you should see that Main is now in "Connected" state:

When enabling Data and Alert sources that need on-prem access, be sure to specify this Private Network Connector Client.

Troubleshooting

The following troubleshooting steps may be useful in conjunction with your Dropzone support team.

Restarting the Private Network Connector Container

It is always safe to delete and relaunch the connector, for example if it does not come back properly after a reboot or system failure

$ docker stop connector
$ docker rm connector
$ docker run ....    <-- command you got from the Dropzone interface

Testing Network Path

If the connector fails to connect there could be a network issue or an IPS device that is preventing it from establishing the websocket connection. Running the following from the host where the connector runs can help identify this situation:

# the first part of your tenant hostname, e.g. "mycompany"
# if your tenant is https://mycompany.dropzone.app
$ tenant=mytenant

$ curl --http1.1 -i -N \
    -H "Connection: Upgrade" \
    -H "Upgrade: websocket" \
    -H "Host: $tenant-connector.dropzone.app:443" \
    -H "Sec-WebSocket-Key: AAAAAAAAAAAAAAAAAAAAAA==" \
    -H "Sec-WebSocket-Protocol: chisel-v3" \
    -H "Sec-WebSocket-Version: 13" \
    "https://$tenant-connector.dropzone.app:443"

When successful, you should see an HTTP handshake and websocket upgrade like this:

HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: ICX+Yqv66kxgM0FcWaLWlFLwTAI=

SSH-chisel-v3-server

Any device along the path that is interfering will likely provide feedback when this command is run.


If you have any errors engage your Dropzone AI support representative.

The Dropzone Private Network Connector Client establishes an outbound HTTP session, inside which re used to establish a two-way TCP session. On this TCP session a secure session is established. This SSH session is authenticated by both the client and the server, and fully end-to-end encrypted.

websockets
SSH
Dropzone Private Network Connector Architecture
System > Connectors Dropdown
"Main" Connector Tile
"Main" Connector Configuration
Main Now Connected