Getting Started¶
Welcome to WitFoo Analytics — an enterprise security operations platform for investigation, correlation, and reporting. This guide walks you through deploying your first WitFoo Appliance and completing initial configuration.
Quick Start Path¶
Follow these steps to go from zero to a running WitFoo Analytics instance:
-
1. Install a WitFoo Appliance
Deploy a WitFoo Appliance via VM image, cloud marketplace, or bare metal script.
-
2. Choose a Deployment Role
Understand the three node roles: Conductor, Console, and Analytics.
-
3. Configure the Appliance
Run
sudo wfa configureto select a role and configure services. -
4. Log In and Onboard
Access the web UI, change default passwords, and complete the onboarding wizard.
-
5. Understand the Architecture
Learn how services, data, and nodes work together.
Hardware Requirements at a Glance¶
| Tier | CPU Cores | RAM | Disk |
|---|---|---|---|
| Minimum | 8 | 12 GB | 220 GB |
| Recommended | 16 | 32 GB | 1 TB |
See Deployment Roles for per-role hardware requirements.
What You'll Need¶
Before you begin, ensure you have:
- A supported hypervisor (VMware, Hyper-V, QEMU), cloud account (AWS, Azure, Google Cloud), or bare metal server running Ubuntu 24 or RHEL 10
- Network access to the appliance on port 443 (HTTPS)
- A WitFoo license key (or request a 15-day trial during configuration)
Evaluation Deployments
For evaluation purposes, a single Analytics node is the fastest path to a working platform. You can add Conductor and Console nodes later as your deployment grows.