NDR: Integration Guide

Description

Getting Started

Now that you have determined the appropriate deployment option and sensor type, let’s get going!

Step 1. Sensor Deployment

The first step is to get a sensor deployed. Follow the guides below in order to get your sensor deployed.

  1. View and ensure that you meet or exceed the minimum sensor requirements - NDR: Virtual Sensor Requirements

Virtual Sensor

  1. Deploy a Sensor in the environment:
    1. On-Prem
      1. NDR: Deploying a Windows Server Sensor with Log Forwarding Feature: NDR: Windows Server Agent
      2. NDR: Deploying a Virtual Sensor in VMware: NDR: Virtual Sensor Deployment (VMware)
      3. NDR: Deploying a Virtual Sensor in Hyper-V: NDR: Virtual Sensor Deployment (Hyper-V)
      4. NDR: Deploying a Virtual Sensor in KVM: NDR: Virtual Sensor Deployment (KVM)
    2. Cloud
      1. NDR: Deploying a Virtual Sensor in Azure: NDR: Virtual Sensor Deployment (Azure)
      2. NDR: Deploying a Virtual Sensor in AWS: NDR: Virtual Sensor Deployment (AWS)
      3. Deploying a Virtual Sensor in GCP: NDR: Virtual Sensor Deployment (GCP)
      4. NDR: Deploying a Virtual Sensor in OCI: NDR: Virtual Sensor Deployment (OCI)

Physical Sensor

  1. Deploy the pre-configured sensor in the environment: NDR: Physical Sensor Deployment

Step 2. Device Log Forwarding

Follow the below guide to setup syslog forwarding from your firewall/network devices to the sensor deployed in the previous step:

  1. Forwarding Firewall Syslogs: NDR: Firewall Syslog Forwarding
  2. Syslog Port Index: NDR: Syslog Port Index

Step 3. Server Log Forwarding

Optional: If you’d like, follow the below guide(s) to setup log forwarding from your windows or Linux server(s).

  1. Windows Log Forwarding: NDR: Windows Server Agent
  2. Linux Log Forwarding: NDR: Linux Server Agent

SIEM Walk-Through

Please take a moment to watch this video, which provides a straightforward walkthrough of the SIEM interface. This walkthrough is intended as a general guide for navigating the SIEM console and is not a step-by-step tutorial on alert or event investigation, as investigative processes may vary depending on the specific product or service offering.

If you need assistance with investigating an alert, please contact our SOC team—they will be happy to assist you.

TIP: Certain pages or features may not be available depending on your service subscription (e.g., NDR, MDR for endpoints), as each service has different visibility requirements for specific features. 

https://www.youtube.com/playlist?list=PLxr1wQ6O59Ogc0N4y3jDPKjSGTHM8qRzq

Sensor Troubleshooting

We all have issues :). If you run into any issues with your sensor(s), take a look at the following guide:

  1. Sensor Troubleshooting: NDR: Sensor Troubleshooting

Related Articles

  • MPSS Unit Registration & Affiliation
    Read More
  • MPSS Frequently Asked Questions (FAQs)
    Read More
  • MPSS Getting Started Guide
    Read More

Categories

Managed Security Services
Network Detection and Response
not finding your answers?
Ask the Community
was this article helpful?
YesNo