You'll need a Foundational admin account to complete this setup
To run agents on-premise, Foundational provides container images that you can run in your environment and report data back to us via API.
To use that, you'll need a couple of pieces of information.
First - you'll need an API key to our API.
Getting a Foundational API key
Connect to your Foundational account
Click on your Avatar, and choose Settings
Under API Tokens click Generate Token
Choose a meaningful description. Choose the Remote Extractor role for your token.
โ
Save the Client ID & Secret
Make sure to keep the Client ID & Client Secret safe. After you leave this screen, we'll hash them and won't be able to show them to you again.
Next - you'll need to configure your container.
Setting up the container
Each container image is built with the containers relevant to your organization. Contact Foundational's support to get the correct tag.
Most of the configuration for the container is passed through environment variables. The only command line argument is which extractor to run
Here's an example of running a Sigma extractor:
docker run --rm -d -e fd_api_key_id=xxxxxxxx fd_api_key_secret=yyyyyyyyy fd_sigma_client_id=aaaaa fd_sigma_client_secret=bbbbbb public.ecr.aws/b3w3r6q2/on-prem-extractors:<your-tag> sigma
The containers support both arm64 and amd64 architectures.