NDR: Physical Sensor Deployment
Description
Notice
-
This guide is intended to serve as an example only. Users must modify applicable details, such as IP addresses, subnets, and device names, to align with their specific environment.
-
Exercise caution when making changes to your firewall or environment, as unplanned modifications can result in downtime, depending on the complexity of the configuration and infrastructure.
-
Your experience may vary if you are using a different software version or a product from another brand or manufacturer. Please note that you are solely responsible for the configuration and management of your devices.
Physical Sensor Installation
Place the appliance in a location that has access to power as well as adequate ventilation.
- Connect the included power cable.
- Press the power button to turn on the appliance.
- Connect the management port (1) to the network. This is what is used for management traffic as well as sending data back to the SIEM.
- This network should match the static IP information provided to MSS for the sensor’s network configuration.
- If you are sending traffic from a switch, you will need to configure a mirror/tap port on your switch. This mirror/tap port should mirror ports used for internal devices only. This will ensure that the lateral movement traffic (traffic between internal deceives that doesn’t make it up to the firewall) is captured.
- Once that is done, plug that tap port into interface LAN2 of the network sensor.
- This should only if Instructed by MSS. These ports will not receive traffic unless authorized by MSS and approved by our accounting dept.
Data Verification
Once complete, please reply to your engineer’s email with the following information so we can confirm that we are seeing logs coming in and being processed.
Sensor Details
- Sensor Hostname
- Sensor IP Address