Home
Arc
Learn how Arc provides endpoint security in high availability environments.
Arc
Arc TBD.
Preparation
Information on how to import Arc packages, and install a license.
Dependencies
To enable all the functions of Arc, you need to have certain items installed on the host machine.

Arc
Learn how Arc provides endpoint security in high availability environments.
- Arc
  Arc TBD.
  - Introduction
    An overview of Arc.
  - Requirements
    The machine and network requirements necessary to use Arc.
  - Preparation
    Information on how to import Arc packages, and install a license.
    - Arc licenses
      Before you can deploy and use Arc, you will need to buy a license. How Arc licenses are installed will depend on the existing installation that you have. Arc and Arc Embedded require separate licenses.
    - Install a license in Guardian or CMC
      Before you can use Arc you must install the applicable license.
    - Import Arc through the update service in Guardian or CMC
      Before you can deploy Arc, you must import it first. There a two methods you can use to do this, one method is through the Nozomi Networks Update Service. The alternative method is through a manual contents upload.
    - Import Arc through a manual contents upload in Guardian or CMC
      Before you can deploy Arc, you must import it first. There a two methods you can use to do this, one method is through a manual contents upload. The alternative method is through the Nozomi Networks Update Service.
    - Dependencies
      To enable all the functions of Arc, you need to have certain items installed on the host machine.
      - Enable security log events
        Before you can use Sigma rules related to security log events, you will need to enable them.
      - Enable printservice log events
        Before you can use Sigma rules related to printservice log events, you will need to enable them.
    - Local permissions
      It is important to understand the different local permissions that are necessary for the different operating systems.
    - Connectivity
      Arc connects to Guardian and Vantage through designated protocols and ports.
  - Configuration
    Details on how to configure Arc.
  - Deployment
    Information on how to deploy Arc. This includes details for manual and automatic deployments, and deployment through a mobile device management (MDM) system.
  - Execution
    Information on the different modes that you can use with Arc.
  - Troubleshooting
    Troubleshooting procedures to help you solve problems that might occur when you use Arc.
- Arc Embedded
  Arc Embedded TBD.
- Print format documentation
  A list of all the print-format documentation that is available for Arc and Arc Embedded.

Dependencies

To enable all the functions of Arc, you need to have certain items installed on the host machine.

Table 1. Windows dependencies
Sigma rules	Sysmon
	PowerShell-script block-logging
	PowerShell Core-script block-logging
USB detections	USBPcap
Traffic monitoring	WinPcap or Npcap
Asset details	Not needed

Table 2. Linux dependencies
Sigma rules	Not supported
USB detections	Not supported
Traffic monitoring	Not needed
Asset details	dmidecode

Table 3. macOS dependencies
Sigma rules	Not supported
USB detections	Not supported
Traffic monitoring	libpcap
Asset details	Not needed

During Automatic deployment, dependencies are also installed. To install the dependencies manually, download them and install them individually. Alternatively, you can use a mobile device management (MDM) tool to install them across the managed network.

Windows

On Windows, you can use the command install_dependencies to automatically install these dependencies on the target machine:

PowerShell-script block-logging
PowerShell Core-script block-logging
USBPcap
Npcap

For Sysmon, the installation is semi-automatic. First, you must upload the latest Sysmon bundle to the applicable Guardian page. The bundle is then used for automatic installation during subsequent deployments.

If Arc is connected to Vantage, Sysmon is automatically fetched from the original website, and no other actions are required.

Note:

After you have installed USBPcap, you must reboot the host machine to make the dependency active.

Note:

After a dependency is installed, you must restart Arc to make it active. When Guardian automatically installs dependencies during deployment, no user actions are necessary.