Current ThreatQ Version Filter
 

Executing Air Gapped Data Sync

Air Gapped Data Sync is a two stage process.  First, you export data from your source ThreatQ instance.  Then, you import this data into your target ThreatQ instance.

Upon upgrade to ThreatQ 6x, the /var/lib/threatq/agds_transfer directory is created and becomes the default location for exporting and importing AGDS zip files. As such, AGDS commands only need to specify the relative path to the folders you created within this directory for AGDS exports or imports. Then, use the --target parameter to specify the location when exporting the AGDS zip file and the --file parameter to specify the location from which to import the .gz file.

Running the threatq:sync-export Command

  1. SSH to your ThreatQ installation.

  2. Run the following command appended by the necessary parameters, as described in Parameters section of the threatq:sync-export topic.

    kubectl exec --namespace threatq --stdin --tty deployment/api-schedule-run -- ./artisan threatq:sync-export --target=relative/path

  3. Review the Output and Sync report; see the Output and Sync Report section of the threatq:sync-export topic.

  1. SSH to your ThreatQ installation.

  2. Navigate to the api directory using the following command:

    cd /var/www/api

  3. Run the following command appended by the necessary parameters, as described in Parameters section of the threatq:sync-export topic.

    sudo ./artisan threatq:sync-export

  4. Review the Output and Sync report; see the Output and Sync Report section of the threatq:sync-export topic.

Running the threatq:sync-import Command

  1. SSH to your ThreatQ installation.

  2. Run the following command appended by the necessary parameters, as described in the Parameters section of the threatq:sync-import topic.

    kubectl exec --namespace threatq --stdin --tty deployment/api-schedule-run -- ./artisan threatq:sync-import --file=relative/path/zip_file.tar.gz

  3. Review the Output and Sync report; see threatq sync-imprt File Output and Sync Report.

  1. SSH to your ThreatQ installation.

  2. Navigate to the api directory using the following command:

    cd /var/www/api

  3. Run the following command appended by the necessary parameters:

    sudo ./artisan threatq:sync-import

  4. Review the Output and Sync report; see threatq sync-imprt File Output and Sync Report.