Quick Start
Get up and running with Aquilon DLP in 5 minutes.
Prerequisites
Before installing Aquilon DLP, ensure you have:
- OSQuery: Version 5.0.1 or later (download)
- Operating System:
- 🍎 macOS 11.0 (Big Sur) or later
- 🐧 Linux (Ubuntu 22.04+, RHEL 9+, Debian 11+, CentOS Stream 9+, Fedora 38+)
- Privileges: Administrator (macOS) or root/sudo (Linux)
- Resources: 2GB RAM minimum, 500MB disk space
Choose Your Edition
Aquilon DLP is available in two editions:
- 🐧 Basic Edition (Linux only): GDPR and CCPA policies, up to 5 servers
- 🏢 Enterprise Edition (macOS + Linux): All compliance frameworks (HIPAA, PCI DSS, SOX, ISO 27001, GDPR, CCPA)
Select your quick start path below:
🏢 macOS Enterprise Quick Start
Time: ~5 minutes
1. Install OSQuery
# Using Homebrew (recommended)
brew install --cask osquery
# Or download PKG from https://github.com/osquery/osquery/releases
2. Install Aquilon DLP Enterprise
Download the Enterprise Edition PKG installer from your organization’s portal and install:
# Install using PKG installer
sudo installer -pkg aquilon-dlp-enterprise-VERSION.pkg -target /
# Verify installation
aquilon-dlp --version
3. Configure
# Configuration is installed by PKG at /etc/aquilon/config.toml
# Edit as needed for your environment
# Grant Full Disk Access
# Open System Settings → Privacy & Security → Full Disk Access
# Click + and add the Aquilon DLP application
4. Start Monitoring
Aquilon DLP runs as an osquery extension. Start osquery to begin monitoring:
# Start osquery (Aquilon DLP extension loads automatically)
sudo osqueryd
5. Verify
# In a new terminal, query OSQuery
osqueryi --connect /var/osquery/osquery.sock 'SELECT * FROM aquilon_dlp_alerts LIMIT 5;'
Next Steps:
- See Installation Guide for LaunchDaemon setup
- See Deployment Guide for MDM deployment
🐧 Linux Basic Edition Quick Start
Time: ~5 minutes
1. Install OSQuery
# Ubuntu/Debian
export OSQUERY_KEY=1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys $OSQUERY_KEY
sudo add-apt-repository 'deb [arch=amd64] https://pkg.osquery.io/deb deb main'
sudo apt-get update
sudo apt-get install osquery
# RHEL/CentOS
curl -L https://pkg.osquery.io/rpm/GPG | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery
sudo yum-config-manager --add-repo https://pkg.osquery.io/rpm/osquery-s3-rpm.repo
sudo yum-config-manager --enable osquery-s3-rpm
sudo yum install osquery
2. Install Aquilon DLP Basic
Download the Basic Edition package from your organization’s portal:
# Ubuntu/Debian
sudo apt install ./aquilon-dlp-basic_VERSION_amd64.deb
# RHEL/CentOS
sudo dnf install ./aquilon-dlp-basic-VERSION.x86_64.rpm
# Verify
aquilon-dlp --version
3. Configure
# Configuration is installed at /etc/aquilon/config.toml
# Edit as needed for your environment
# Validate configuration
aquilon-dlp --validate-config /etc/aquilon/config.toml
4. Start Monitoring
Aquilon DLP runs as an osquery extension. Start osquery to begin monitoring:
# Start osquery (Aquilon DLP extension loads automatically)
sudo systemctl start osqueryd
5. Verify
# In a new terminal, query OSQuery
osqueryi --connect /var/osquery/extensions.sock 'SELECT * FROM aquilon_dlp_alerts LIMIT 5;'
Next Steps:
- See Installation Guide for systemd service setup
- See Deployment Guide for production deployment
🏢 Linux Enterprise Quick Start
Time: ~5 minutes
1. Install OSQuery
# Ubuntu/Debian
curl -L https://pkg.osquery.io/deb/osquery_5.x_1.0.0_amd64.deb -o osquery.deb
sudo dpkg -i osquery.deb
# RHEL/CentOS
sudo yum install https://pkg.osquery.io/rpm/osquery-5.x-1.0.0.x86_64.rpm
2. Install Aquilon DLP Enterprise
Download the Enterprise Edition package from your organization’s portal:
# Ubuntu/Debian
sudo apt install ./aquilon-dlp-enterprise_VERSION_amd64.deb
# RHEL/CentOS
sudo dnf install ./aquilon-dlp-enterprise-VERSION.x86_64.rpm
# Verify
aquilon-dlp --version
3. Configure
# Configuration is installed at /etc/aquilon/config.toml
# Edit as needed for your environment
# Validate configuration
aquilon-dlp --validate-config /etc/aquilon/config.toml
4. Start Monitoring
Aquilon DLP runs as an osquery extension. Start osquery to begin monitoring:
# Start osquery (Aquilon DLP extension loads automatically)
sudo systemctl start osqueryd
5. Verify
# In a new terminal, query OSQuery for HIPAA violations
osqueryi --connect /var/osquery/extensions.sock 'SELECT * FROM aquilon_dlp_alerts WHERE policy = "HIPAA" LIMIT 5;'
# Query PCI DSS findings
osqueryi --connect /var/osquery/extensions.sock 'SELECT * FROM aquilon_dlp_alerts WHERE policy = "PCI_DSS" LIMIT 5;'
Next Steps:
- See Installation Guide for systemd service setup
- See Deployment Guide for distributed deployment
- See Compliance Documentation for policy-specific guidance
What’s Next?
After completing the quick start:
- Production Setup: Configure systemd service (Linux) or LaunchDaemon (macOS) for automatic startup
- Customize Policies: Edit
/etc/aquilon/config.tomlto add watch paths and exclude directories - Monitor Alerts: Integrate with your SIEM or set up OSQuery scheduled queries
- Review Architecture: Understand the system architecture and plugin system
Troubleshooting
OSQuery extension not loading?
- Verify OSQuery is running:
ps aux | grep osquery - Check socket path matches configuration
- Review OSQuery logs for extension errors
Permission errors (macOS)?
- Ensure Full Disk Access granted in System Settings
- Restart LaunchDaemon after granting permissions
Policy not available (Basic Edition)?
- Basic Edition only includes GDPR and CCPA
- Remove enterprise policies (HIPAA, PCI DSS, SOX, ISO 27001) from configuration
- Upgrade to Enterprise Edition for full policy support
High CPU usage?
- Add exclusions for cache directories and system paths
- Reduce
num_workersin configuration - See Troubleshooting Guide for performance tuning
Support
- Basic Edition: GitHub issues at https://github.com/aquilonsecurity/aquilon-dlp/issues
- Enterprise Edition: support@aquilonsecurity.com (4-hour SLA for critical issues)