Install Deep Security Smart Check

Deep Security Smart Check is supported on the Kubernetes platform and uses the Helm package manager for Kubernetes. You must have a running Kubernetes cluster in order to deploy Smart Check.

To learn how to install Smart Check for AWS Fargate, go here.

If you are installing Smart Check as part of your subscription to Cloud One Container Security then no activation code is required. If you are installing standalone without a subscription you will need an activation code. See Smart Check trial page.

See the Deep Security Smart Check readme for up-to-date instructions on how to install Deep Security Smart Check: https://github.com/deep-security/smartcheck-helm. By default, the Helm deployment retrieves the Smart Check Docker images from DockerHub: https://hub.docker.com/r/deepsecurity/.

At the end of the install, you'll see commands that enable you to get the URL of the Smart Check administrator console and to get the initial administrator user name and password. The commands are also provided in the sections below.

Get the URL of the Smart Check administrator console

To get the URL of the Smart Check administrator console, configure kubectl with your cluster credentials and run these commands:

$ export SERVICE_IP=$(kubectl get svc proxy –o jsonpath='{.status.loadBalancer.ingress[0].ip}')
$ echo https://$SERVICE_IP:443

Get the initial administrator user name and password

To get the user name and password that you will use to log in to the Smart Check application for the first time, configure kubectl with your cluster credentials and run these commands:

$ echo Username: $(kubectl get secrets -o jsonpath='{ .data.userName }' deepsecurity-smartcheck-auth | base64 --decode)
$ echo Password: $(kubectl get secrets -o jsonpath='{ .data.password }' deepsecurity-smartcheck-auth | base64 --decode)

Allow inbound and outbound connections

If you are using an HTTP proxy, Smart Check requires that you open one inbound port for HTTPS access to the proxy service. Details for determining the port information are provided during the Smart Check installation.

Smart Check also requires outbound access to these hosts over HTTPS (port 443):

  • Vulnerabilities: dstf.trendmicro.com:443
  • License server: licenseupdate.trendmicro.com:443
  • Trend Micro Smart Protection Network: *.trx.trendmicro.com:443
  • Trend Micro Smart Scan Service: *.icrc.trendmicro.com:443
  • Trend Micro Cloud One Container Security: container.us-1.cloudone.trendmicro.com:443
  • Malware patterns: ipv6-iaus.trendmicro.com:443
  • Target registries (for example, GCR, on-premises DTR, ECR, etc.). Note that registries must support TLS for Deep Security Smart Check to connect to them.
  • Web hook targets
  • Identity provider for metadata if you have configured SAML for single sign-on
  • Telemetry: telemetry.deepsecurity.trendmicro.com:443

First steps after installation

After installing Smart Check:

  1. Log in to the Smart Check administrator console (instructions below)
  2. Add Smart Check users
  3. Add a registry
  4. Start a scan

Log in to Smart Check

  1. Go to the URL provided at the end of the installation. If you don't have the URL, see Get the URL of the Smart Check administrator console.
  2. Enter the initial administrator username and password and click LOGIN. If you don't have the user credentials, see Get the initial administrator user name and password.

The Deep Security Smart Check administrator console appears.

The first time you log in, you are prompted to change the password for the default administrator.