Deployment & Configuration

Last updated 17 days ago

Deployment within the Garnet Platform Ecosystem

Managed Deployment: As a Garnet Platform user, you will typically deploy Jibril using the integrated methods provided and documented by the platform. This ensures seamless connection, data flow, and manageability.

GitHub Actions: Integrated via the garnet-org/action as detailed in the .
Kubernetes: Deployed using Helm charts or YAML manifests provided by Garnet, as outlined in the .
The platform handles aspects like providing the Jibril agent with the correct API key and endpoint for communication.

Standalone Jibril Sensor

Jibril is also available as a free agent that can be deployed and configured independently for monitoring single environments or for evaluation purposes. This mode of operation does not inherently connect to the Garnet Platform dashboard unless specifically configured to do so with a valid platform API key.

Standalone Installation Methods: Jibril can typically be installed via:

Docker Container: Running the official Jibril Docker image.
Direct Binary: Downloading and running the Jibril binary directly on a Linux host.
Systemd Service: Configuring Jibril to run as a systemd service for persistence.

Standalone Configuration (config.yaml): When run standalone, Jibril is configured using a YAML file (default: /etc/jibril/config.yaml). This file controls:

Data Sources: Which types of events to monitor (network, file, process).
Detection Rules: Enabling/disabling specific detection rules or rule sets.
Output Configuration: Where to send event data (e.g., stdout, file, a remote syslog, or to the Garnet Platform if an API key and endpoint are provided).
Resource Limits: Setting CPU/memory constraints for the Jibril process.

Key Takeaway: For Garnet Platform users, the primary method of deploying and configuring Jibril will be through the platform itself. The standalone options are more relevant for open-source usage, evaluation, or very specific edge cases where an agent might run disconnected from the central platform.

Deployment within the Garnet Platform Ecosystem

GitHub Actions: Integrated via the garnet-org/action as detailed in the .
Kubernetes: Deployed using Helm charts or YAML manifests provided by Garnet, as outlined in the .
The platform handles aspects like providing the Jibril agent with the correct API key and endpoint for communication.

Standalone Jibril Sensor

Standalone Installation Methods: Jibril can typically be installed via:

Docker Container: Running the official Jibril Docker image.
Direct Binary: Downloading and running the Jibril binary directly on a Linux host.
Systemd Service: Configuring Jibril to run as a systemd service for persistence.

Standalone Configuration (config.yaml): When run standalone, Jibril is configured using a YAML file (default: /etc/jibril/config.yaml). This file controls:

Data Sources: Which types of events to monitor (network, file, process).
Detection Rules: Enabling/disabling specific detection rules or rule sets.
Output Configuration: Where to send event data (e.g., stdout, file, a remote syslog, or to the Garnet Platform if an API key and endpoint are provided).
Resource Limits: Setting CPU/memory constraints for the Jibril process.

(For detailed instructions on standalone Jibril installation, the jibril.yaml configuration options, and advanced usage, please refer to the official and .)