This guide provides hardware sizing recommendations, network port configurations, and step-by-step instructions for installing UTMStack. Whether you are deploying a small instance for a lab or sizing a production environment, properly allocating resources is critical for optimal performance.
Built-in Security
Connections to the UTMStack server are authenticated with a unique key of 24+ characters. User credentials are encrypted in the database and protected by fail2ban mechanisms and Two-Factor Authentication (2FA).
System Requirements
UTMStack is designed to run efficiently, but resource allocation must scale with your log ingestion volume and retention requirements.
Operating System
The standard installation process is officially supported and tested on Ubuntu 22.04 LTS.
Storage Definitions
Before calculating your requirements, it is important to understand how UTMStack categorizes data:
Hot log storage: Unarchived data that is indexed and immediately accessible for real-time analysis and querying.
Cold log storage: Archived data that must be restored before it can be queried or analyzed.
Data source: Any individual source generating logs (e.g., network devices, endpoint agents, SaaS integrations).
Hardware Sizing Guidelines
The following sizing recommendations assume that 60 data sources generate approximately 100 GB of log data per month. The tiers below represent the required resources for one month of hot log storage.
Horizontal Scaling Required
Going above 500 data sources (or devices) on a single node is not recommended. Exceeding this limit requires adding secondary nodes to scale horizontally.
Network Configuration
To ensure proper communication and secure access, configure your firewalls and security groups to allow the following ports.
Required Ports
Additional ports will be required during the configuration of UTMStack's integrations to receive logs. Always follow the specific security recommendations provided in the respective integration guides.
Installation
You can install UTMStack using either the automated installer script on a fresh Ubuntu 22.04 LTS server, or by deploying the pre-configured ISO image.
If you choose to use the ISO image, the default Ubuntu Server credentials are:
Username: utmstack
Password: utmstack
Installer Script Method
If you are not using the ISO, follow these steps to install UTMStack on your Ubuntu 22.04 LTS server.
Ensure your package lists are up to date before beginning the installation.
sudo apt updateInstall wget to download the installation script.
sudo apt install wget -yFetch the latest version of the UTMStack installer from the official repository.
wget http://github.com/utmstack/UTMStack/releases/latest/download/installerSwitch to the root user, make the script executable, and run it.
sudo su
chmod +x installer
./installerPost-Installation
Once the installation script completes, UTMStack will automatically generate secure default credentials for your instance.
Accessing your credentials
You can find your generated admin password and other configuration details in the following file on your server: /root/utmstack.yml
To access the UTMStack interface:
Navigate to
https://<your-server-ip>in your web browser (ensure you usehttps://).Log in using the username
adminand the password found in yourutmstack.ymlfile.
Frequently Asked Questions
No, it is not. UTMStack has been built from the ground up to be a simple, intuitive, and unified SIEM/XDR platform rather than relying on third-party visualization wrappers.
No. The UTMStack correlation engine was built entirely from scratch. It is designed to analyze data before ingestion, which maximizes real-time correlation efficiency and reduces overhead.
UTMStack is open-source software licensed under AGPLv3. The Enterprise version includes specialized features designed for large organizations and Managed Service Providers (MSPs). These include dedicated support, faster correlation engines, frequent threat intelligence updates, and advanced Artificial Intelligence capabilities.