Quickstart: Deploy Your First Environment

From zero to a running SOC environment in under 20 minutes. This guide walks you through every step — account setup, cloud credentials, plan creation, and accessing your tools.

Before you begin: You need a GCP account with billing enabled. Aithroyz deploys into your own GCP project — you pay GCP directly for the compute. A typical environment (Elastic + Wazuh) costs approximately $0.50–$1.50/hour.

Step 1 — Connect cloud credentials

Create a GCP service account

In the GCP Console, go to IAM & Admin → Service Accounts → Create. Grant it "Editor" role (or at minimum: Compute Admin, DNS Admin, Cloud Run Admin, Storage Admin).

Download a JSON key

Click the service account → Keys → Add Key → JSON. Download the file — you'll paste its contents in the next step.

Add it to Aithroyz

Go to Settings → Cloud Keys in the dashboard. Paste the JSON key content and click Save. Aithroyz validates the credentials immediately.

⚠

Never commit the service account JSON to version control. Aithroyz stores it encrypted in GCP Secret Manager and never exposes the raw key again after initial upload.

Step 2 — Run the setup wizard

Click Setup in the top navigation. The wizard checks:

Cloud credentials are valid and have sufficient permissions
GCP quota is available (CPU, static IPs, disk) in your chosen region
DNS delegation is in place for ops.aithroyz.com
Billing is enabled on the project

A green checkmark on each item means you're ready to deploy. If anything fails, the wizard shows the exact error and a link to fix it.

Step 3 — Create a plan

Click + New in the top navigation. The plan form has three sections:

Environment name

A slug like acme-soc or my-lab. Used as the subdomain prefix for all your tools.

Tools

Use a Quick Start preset or select tools individually. For your first environment, try "Quick Sandbox" (Elastic only — fastest deploy).

TTL

Optional auto-destroy timer. Set to 4h for a quick test or 24h for a full day of access. You can always extend later.

Click Generate Plan. Aithroyz will show you a cost estimate and resource summary. Review it, then click Submit for Approval.

Step 4 — Approve and apply

Go to the request detail page. Review the plan one more time, then click Approve & Apply. This triggers the deployment pipeline:

Initializing

~30s

OpenTofu downloads providers, initializes state in GCS

Foundation

~3 min

VPC, subnet, firewall rules, gateway VM, DNS zone + records

Tool modules

~5–15 min

Each selected tool is provisioned in parallel

Wiring

~1 min

Inter-tool integrations (Elastic → Kibana, Wazuh → Filebeat, etc.)

Health checks

~2 min

Each tool endpoint is polled until healthy

The live status updates in real time on the request page. Total time: 8–20 minutes depending on which tools you selected.

Step 5 — Access your tools

Once status shows live, go to the Environments page and click your environment. Each tool gets a card with:

Its HTTPS URL (e.g. elastic.my-lab.ops.aithroyz.com)
Admin credentials (click Reveal to view)
A health badge — green = healthy, amber = initializing, red = unhealthy

All tools are protected by Google SSO. Sign in with your Google account — any email in your allowed domain works automatically.

# Example subdomains for environment named "my-lab":
elastic.my-lab.ops.aithroyz.com   → Kibana dashboard
wazuh.my-lab.ops.aithroyz.com     → Wazuh dashboard
caldera.my-lab.ops.aithroyz.com   → MITRE Caldera
thehive.my-lab.ops.aithroyz.com   → TheHive case management

✓

Done with your environment? Head to Destroying an Environment to tear it down and stop cloud costs. Or set a TTL to have it auto-destroy.

Cloud CredentialsRead article →Plans & ApprovalsRead article →Tools OverviewRead article →