Setting up a virtual sensor

Thank you for “unboxing” your NaviSec Security sensor. Your sensor has the latest version of the sensor software installed.

Downloads

Minimum Sensor Requirements

RAM: 12GB
Processors: 4
HD Space: 256GB

Virtual Sensor Setup

TIP:

Hyper-V 2016 does not work with most Broadcom/QLogic network cards. To determine if it would be supported in your environment, please follow the steps listed below. Once you have saved your new virtual switch, open Virtual Switch manager again. Expand your new virtual switch and select Extensions. If the NDIS capture box is still checked, your install will be supported. If the box is now unchecked your Broadcom/Qlogic cards are not supported. For other options, please contact us at servicedesk@navisec.io

  1. Obtain the latest  Sensor VMWare OVA or Hyper-V zip file - Navigate to Downloads above and you will find the latest images available to download.
  2. Install VMWare - Use the sensor image OVA with ESXi, vSphere or Virtualbox to create a pre-configured  Sensor virtual machine. Hyper-V - For instructions on how to import the sensor image from the zip, click here Note regarding Hyper-V: We’ve observed that if the latest updates are not installed, Server 2012R2 and Server 2016 have issues running NDIS Mirroring as required for proper functionality.
  3. If you need assistance in configuring virtual switches to pass along mirrored port traffic, refer to documentation available for VMWare and Hyper-V.

User Information

The sensor has default user information:

Username: perch
Password: prairiefire

Note:

If you lock the perch account out with invalid password attempts, the account will be locked out for 30 minutes.

Login Logging in with this user will take you to a console application to configure your sensor.

Network Configuration

The sensor configuration wizard starts with the management network interface as shown below. The management network interface is the interface used to connect to the  cloud via the Internet.

sensor/net-01.png

Use the arrow keys to select the interface. Here we have selected the interface called enp1s0.

sensor/net-02.png

Then select whether or not the interface uses DHCP, here we have selected No and filled in the corresponding information.

sensor/net-03.png

Hit OK to continue. The settings are saved as we move on to the next section.

sensor/net-04.png

Proxy Configuration

Proxy configuration is optional. If the management network interface does not need a proxy to access the Internet, select No then OK to continue.

sensor/proxy-01.png

If a proxy is needed, select Yes and fill in the necessary information as shown below.

sensor/proxy-02.png

In either case, hit OK to continue. The settings are saved as you continue to the next section.

sensor/proxy-03.png

Monitored Network Interfaces

Here you can select which interfaces you wish to monitor, including the management interface you chose earlier (though this is not necessary).

The interfaces that should be monitored are the ones that have mirrored/spanned traffic that reproduces all your internal network traffic at an ingress/egress point. This is typically done with port mirroring on a managed switch.

sensor/mon-01.png

Here the enp0s31f6 interface is marked as being monitored.

sensor/mon-02.png

Also in this section is the Suricata HOME_NET1 value, which indicates your local network subnets. The prepopulated default is appropriate in almost all cases.

As usual, hit OK to continue. The settings are saved as you continue to the next section.

sensor/mon-03.png

Note:

1 Home net is an important intrusion detection parameter. This tells the detection engine which IP range is your network. Many rules are defined as traffic from your home network to “not” your home network.

Sensor Information

The next section covers some miscellaneous information about the sensor and its installation. This includes sensor name, to distinguish among a many-sensor installation, and geographic location.

sensor/info-01.png

For geographic location, you can enter your Zip code, Country code / Postal code or Geohash.

TIP:

Your information is used to approximate your location on the map within the  app for you and members of your communities, with your permission.

sensor/info-02.png

Hit OK when done. Settings are saved before moving to the final step.

sensor/info-03.png

Register Your Sensor

Registration with the  cloud is the final step in the configuration process. To complete this step, generate an invite code from the  web application.

To get your sensor invite code, login or register at: app.navisec.io.

For all other sensor installations, go to Settings then Sensors and click on the Purple Plus icon.

sensor/add-a-sensor.png

On the Device Invites page, create a new invite code with the

Purple Plus icon.

sensor/new-invite-code.png

Enter the code you received from the  app into your sensor and hit OK. Please wait while your sensor completes registration as it may take a few minutes.

sensor/18.gif
sensor/19.gif
sensor/20.gif

Once completed, the sensor will be fully operational, though it may take some time before its internal processes have been fully initialized.

sensor/21.gif