DevOps Reference
Docker Setup & Build
Docker Core Reference
Docker Operations
Git Reference
GitLab CI/CD
Monitoring live network traffic using PowerShell
# -------- Image Split and Transfer -------- #
# After production deployment succeeds, pull the CC image, split it in half,
# push each half to Artifactory with a part suffix, and trigger the pipeline for each part.
Get Vault Credentials:
stage: Image Split and Transfer
rules:
- if: $CI_PIPELINE_SOURCE == "trigger"
extends: .get_vault_secrets
Split and Transfer CC Image via
stage: Image Split and Transfer
image: $docker_awscli_image
services:
- name: $org_dind_image
alias: docker
needs:
- "Scheduled CyberCenter Deployment - Production"
- "Get Vault Credentials"
rules:
- if: $CI_PIPELINE_SOURCE == "trigger"
variables:
image_name: "artifactory.gurug.com/team1-docker/aquasec/cc-premium"
team1_app_tenant: "team1"
script:
- |
echo "*** Image Split and Transfer ***"
echo "Image: $image_name:$image_tag"
# Docker login and pull the CC image
echo $registry_pw | docker login $registry_url --username $registry_user --password-stdin
docker pull "$image_name:$image_tag"
# Save the image to a tar file
echo "Saving image to tar..."
docker save "$image_name:$image_tag" -o cc-premium-${image_tag}.tar
tar_size=$(stat -c%s "cc-premium-${image_tag}.tar")
echo "Full image tar size: $tar_size bytes"
# Split the tar in half
echo "Splitting image tar in half..."
half_size=$(( (tar_size + 1) / 2 ))
split -b "$half_size" -d -a 1 --additional-suffix=.tar "cc-premium-${image_tag}.tar" "cc-premium-${image_tag}-part"
ls -lh cc-premium-${image_tag}-part*
# Copy to S3
echo "Uploading split parts to S3 bucket..."
one_zip="cc-premium-${image_tag}-part0.tar"
two_zip="cc-premium-${image_tag}-part1.tar"
SHA=$(sha256sum $one_zip | cut -d ' ' -f 1)
echo "Copying to bucket: $one_zip (sha256: ${SHA:0:12}...)"
aws s3api put-object \
--bucket arn:aws:s3:us-west-1:12345680:accesspoint/team1-prod-haps \
--key UP/team1/$team1_app_tenant-$one_zip \
--body $one_zip \
--acl 'bucket-owner-full-control' \
--tagging "checksum=$SHA&originator=$team1_app_tenant&product=lambda&version=1&team1_tenant=$team1_app_tenant&user=$user&lambda_file_name=$one_zip" \
--cli-read-timeout 120 --cli-connect-timeout 30
SHA=$(sha256sum $two_zip | cut -d ' ' -f 1)
echo "Copying to bucket: $two_zip (sha256: ${SHA:0:12}...)"
aws s3api put-object \
--bucket arn:aws:s3:us-west-1:12345680:accesspoint/team1-prod-haps \
--key UP/team1/$team1_app_tenant-$two_zip \
--body $two_zip \
--acl 'bucket-owner-full-control' \
--tagging "checksum=$SHA&originator=$team1_app_tenant&product=lambda&version=1&team1_tenant=$team1_app_tenant&user=$user&lambda_file_name=$two_zip" \
--cli-read-timeout 120 --cli-connect-timeout 30
echo "*** Image Split and Transfer Complete ***"
# -------- Image Reassembly (Target Environment) -------- #
# Uncomment the stage in the stages list and the job below when ready to
# reassemble the split CC image in the target environment.
#
# Reassemble CC Image:
# stage: Image Reassembly
# image: $docker_awscli_image
# services:
# - name: $org_dind_image
# alias: docker
# rules:
# - if: $CI_PIPELINE_SOURCE == "trigger"
# variables:
# image_name: "artifactory.gurug.com/team1-docker/aquasec/cc-premium"
# team1_app_tenant: "team1"
# script:
# - |
# echo "*** Image Reassembly ***"
# echo "Reassembling image: $image_name:$image_tag"
#
# one_zip="cc-premium-${image_tag}-part0.tar"
# two_zip="cc-premium-${image_tag}-part1.tar"
#
# # Download both halves from S3
# echo "Downloading split parts from S3..."
# aws s3api get-object \
# --bucket arn:aws:s3:us-west-1:12345680:accesspoint/team1-prod-haps \
# --key DOWN/team1/$team1_app_tenant-$one_zip \
# "$one_zip" \
# --cli-read-timeout 120 --cli-connect-timeout 30
#
# aws s3api get-object \
# --bucket arn:aws:s3:us-west-1:12345680:accesspoint/team1-prod-haps \
# --key DOWN/team1/$team1_app_tenant-$two_zip \
# "$two_zip" \
# --cli-read-timeout 120 --cli-connect-timeout 30
#
# ls -lh cc-premium-${image_tag}-part*.tar
#
# # Concatenate the two halves back into the full tar
# echo "Reassembling tar from parts..."
# cat "$one_zip" "$two_zip" > "cc-premium-${image_tag}.tar"
# echo "Reassembled tar size: $(stat -c%s cc-premium-${image_tag}.tar) bytes"
#
# # Load the reassembled image into Docker
# echo "Loading reassembled image into Docker..."
# docker load -i "cc-premium-${image_tag}.tar"
#
# # Verify the image loaded correctly
# docker images | grep cc-premium
#
# # Docker login and push to Artifactory
# echo $registry_pw | docker login $registry_url --username $registry_user --password-stdin
# echo "Pushing reassembled image to registry..."
# docker push "$image_name:$image_tag"
#
# echo "*** Image Reassembly Complete ***"
Download Packages
Add additional ZIP packages in docs/web-content/assets/zip-files/ and add matching links here.
AWS Core Services
AWS Infrastructure & Security
Dev Tools & Management
Setting Up a Transform
- Navigate to Stack Management in Kibana.
- Click on Transforms.
- Click Create Transform.
- Select the source index(es) containing your data.
- Configure Group by fields - this defines how data is aggregated into buckets.
- Define the aggregations you want to perform (e.g., sum, avg, count).
- Set the destination index where results will be stored.
- Configure frequency and start the transform.
Why Group By is Extremely Important:
The Group By configuration determines how your source data is bucketed and aggregated. For example:
- Grouping by
user_idcreates one document per user, aggregating all their events. - Grouping by
timestamp(e.g., by day) creates daily summaries. - Without proper grouping, you might aggregate all data into a single document or create too many individual documents.
What Happens During Transform Execution:
Once started, the transform continuously monitors the source index for new data. It applies the defined aggregations based on the group by fields and writes the summarized results to the destination index. This creates a denormalized, pre-aggregated view of your data that's optimized for fast queries and dashboards.