Troubleshooting CDR Appliance

In case you run into issues while running CDR on your network, you can follow the below steps for troubleshooting.

Steps for Troubleshooting

1. Deploy the Terraform module for Qualys CDR appliance. The Terraform module will, in turn, deploy the AWS Cloudformation Stack. After the Terraform module has been deployed successfully, ensure the Cloudformation Stack has been deployed successfully on the AWS Cloudformation Console. If the Cloudformation Stack deployment fails,
   1. Verify that all the input parameters are correct, including the appliance license key.
   2. Verify again that the outbound internet is accessible from the private subnet where the appliance has been deployed.
      
2. Wait for around 10 minutes for the appliance to be completely ready. Verify the appliance is up and running and connect to the appliance using SSM from AWS EC2 Console.
3. If the Connect button is still disabled 10 minutes after appliance deployment completion, it’s very likely the supplied licensed key is not correct. Try providing the CDR appliance license key again (This is different from the SaaS key).
4. Connect to the appliance. Enter the command sudo docker ps. The container process should display the STATUS as Healthy with the container ID and Image name displayed if the appliance deployment is successful. 
   
5. Make sure outbound internet access is working. Use ping command or another network utility to test.
   
6. For any issue that requires Qualys support, provide the syslog information to Qualys.
   Here are steps to download syslog from EC2 Console: 
   Navigate to Actions->Monitor and troubleshoot-> get system log->Download.
   
7. After verifying appliance has deployed successfully, deploy the Qualys CDR Traffic Mirroring Stack. Verify the traffic mirroring target is deployed successfully.
   
   
   If there are existing instances in the subnets for the traffic to be mirrored, ensure that there are traffic mirror sessions created for the existing EC2 instances.