Swift Security Docs
  • Introduction to Swift Security
  • Onboarding
    • Tenant Setup
    • Product Deployments
      • Browser Extension
      • LLM Guardrails
        • LLM Guardrails API Integration
      • VS Code IDE Extension
    • Directory Sync
      • Configuring Google Directory Sync
      • Configuring Microsoft Directory Sync
    • MDM
      • Extension Deployment Via Google Workspace
      • Extension deployment via google workspace + MDM at device level
      • Extension Deployment Via Microsoft Intune
        • Chromium Browsers in Windows
        • Edge Browsers in Windows
        • Firefox Browsers in Windows
      • Extension Deployment Via Kandji
        • Chromium Browsers in Mac
    • Infrastructure
      • SaaS Model
      • Hybrid deployment (coming soon)
  • SSO (Single Sign-On)
    • SSO Configurations identity provider - Google workspace
  • Administrative Guide
    • Console Users
      • Role Creation
      • RBAC General Settings for Login Methods (for the Console)
      • User Creation
      • SSO login(okta)
    • Swift Detection Engines
      • Data Identifiers
        • Custom Data Identifiers
      • EDM Dictionaries
        • EDM Rule
        • EDM Profile
        • EDM Extension Policy
      • Data Rules
        • Custom Rules
      • Data Profiles
      • LLM Guardrail Scanners
        • Data Protection Scanner
        • Gibberish Scanner
        • Ban Substrings Scanner
        • Invisible Text Scanner
        • Code Scanner
        • Language Scanner
        • Sentiment Analysis Scanner
        • Jailbreak Scanner
        • Toxicity Scanner
        • Prompt Injection Scanner
        • Token Limit Scanner
        • Reading Time Scanner
        • Language Same Scanner
        • No Refusal Scanner
        • Factual Consistency Scanner
        • Bias Detection Scanner
        • URL Reachability Scanner
        • Nudity Scanner
        • Gender Scanner
        • Celebrity Scanner
        • Face Scanner
        • Race Scanner
        • Performance and Benchmark
    • Browser Extension
      • Extension Installation
      • Granular Policies
        • Control URL access
        • Protect company data
        • Protect against Threats (Coming Soon)
      • Extension Alerts
      • Extension Events
      • Extension Popups
      • Browser Extension Coverage
    • LLM Guardrails
      • LLM Guardrails Policies
      • LLM Guardrails Alert
      • LLM Guardrails Events
    • Regulation Laws
  • Assets
    • Applications
    • Users
    • Extensions
  • Integration
    • Notification
      • Jira
      • ServiceNow
      • Slack
      • Splunk
    • Forensic
    • Feature
      • Rules Glossary
        • United States
        • Canada
        • Latin America
        • European Union
        • Australia
        • APAC (Asia-Pacific)
        • EMEA Countries
        • Others
      • Data identifiers Glossary
        • United States
        • Canada
        • Latin America
        • European Union
        • Australia
        • APAC (Asia-Pacific)
        • EMEA Countries
        • Others
      • Supported MIME Types
      • Supported OCR Format
    • Manage unauthorized access from unmanaged browser
  • Settings
    • Manage Reasons
    • Audit Log
  • Release Notes
    • Version - 1.27
    • Version - 1.26
    • Version - 1.25
    • Version - 1.24
    • Version - 1.23
    • Version - 1.16
    • Version - 1.15
    • Version - 1.14
    • Version - 1.13
    • Version - 1.12
    • Version - 1.11
    • Version - 1.10
    • Version - 1.09
    • Version - 1.08
    • Version - 1.07
    • Version - 1.06
    • Version - 1.05
    • Version - 1.04
    • Version - 1.03
    • Version - 1.02
    • Version - 1.01
Powered by GitBook
On this page
  1. Onboarding
  2. Infrastructure

Hybrid deployment (coming soon)

In a hybrid deployment, the detection engine will be deployed and managed in the customer's environment, while the management engine that includes the UI is managed in the Swift environment.

PreviousSaaS ModelNextSSO (Single Sign-On)

Last updated 8 months ago

In the detection engine, we deploy a model through Stack Storm.

To deploy our product, you will need to create a user in your AWS account and attach the following policy to this user:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "eks:", "elasticfilesystem:", "s3:", "iam:CreateRole" ], "Resource": "" } ] }

Additionally, create an Access Key and Secret Access Key for this user, as these credentials will be required in the later steps.

AMI Provisioning and StackStorm Setup

We will provide you with an Amazon Machine Image (AMI) that includes StackStorm installed with all necessary prerequisites. Follow these steps to set up:

  1. Launch an EC2 Instance:

  • Use the provided AMI to spin up an EC2 instance.

  • Please allow port 80 & 5000 in security group.

  • Once the instance is running, you can access the StackStorm UI.

  1. Configure Workflow in StackStorm:

  • In the StackStorm UI, fill in the required details under the workflow section:

■ AWS Access Key

■ AWS Secret Access Key

■ Cluster Name

■ Forensic Bucket Checkbox/Dropdown (Optional)

Workflow Execution

Upon running the workflow, the following tasks will be performed:

  1. Trigger Terraform Script:

  • VPC: (Details to be provided)

  • Public Subnet

  • Internet Gateway (IGW)

  • EKS Cluster:

■ EC2 Nodes: 3 x r6a.xlarge

■ Horizontal Pod Autoscaler (HPA)

■ Vertical Pod Autoscaler (VPA)

  • Access Point

  • Elastic File System (EFS)

  • Launch Template

  • Elastic Load Balancer (ELB-4)

  • S3 Bucket for Forensic: with IAM Roles for Service Accounts (IRSA)

  1. Service Deployment:

  • Deploy all detection engines and related services.

  1. Python Script Execution:

  • Retrieve outputs such as:

■ Filesystem ID

■ Access Point ID

■ VPC Endpoint

■ Cluster Name

■ Cluster Role ARN

■ ELB

■ Forensic Bucket Name (if provided)

  1. Golang API Execution:

  • Database Update: Store the retrieved information in the Swift database.

  • Swift Account S3 Role ARN : To be pasted in Customer EKS SA.

Automated Updates and Upgrades

Workflow 2 will be auto-triggered for performing updates and upgrades as required.