Installation of AC-Hunter
AC-Hunter leverages Zeek to collect network traffic data from your network and analyze the results. The Zeek system connects to a span port on the interior interface of your external firewall to monitor all traffic entering and leaving your network. The AC-Hunter system can be located anywhere within your internal network or an external cloud space, provided it has connectivity to the Zeek system to collect logs for analysis.
System Requirements and Installation
AC-Hunter requires two systems; one running AC-Hunter (network analysis) and another running Zeek (network monitor).
Both systems are designed to run on 64-bit Linux operating systems. The preferred and supported platforms are:
- Ubuntu 22.04 and 24.04
- CentOS Stream 9
- Rocky Linux 9
- Red Hat Enterprise Linux (RHEL) 9
If you have multiple connections to the internet or multiple physical locations, you can install multiple Zeek systems/sensors all feeding data back to the same AC-Hunter instance, or multiple AC-Hunter instances if desired.
System Running AC-Hunter
(network analysis)
Hardware Requirements
Minimum:
CPU: 8 cores – Memory: 32 GB RAM – Storage: 1 TB SSD
Recommended:
CPU: 16+ cores – Memory: 64 GB+ RAM – Storage: 2+ TB SSD
- Network: Standard Ethernet network card interface (physical or virtual).
- Virtualization: Can be installed and run on a virtual machine.
System Running Zeek
(network monitor)
Hardware Requirements
Up to 100 Mbps:
CPU: 4-8 cores – Memory: 16 GB RAM – Storage: 500+ GB SSD
Up to 1 Gbps:
CPU: 8-16 cores – Memory: 64 GB+ RAM – Storage: 1+ TB SSD
Up to 10 Gbps:
CPU: 16-32+ cores – Memory: 128 GB+ RAM – Storage: 2+ TB SSD
- Network: To capture traffic with Zeek, you will need 2 network interface cards (NICs). One will be for the management of the system, and the other will be the dedicated capture port. Intel NICs perform well and are recommended.
- Virtualization: This should be dedicated hardware as opposed to virtual machines. VM scheduling and resource congestion with other VMs can cause packets to be dropped or missed. We discourage installing or running Zeek on a virtual machine.