Data Collected by the Insight Network Sensor
This article covers the data types that the Insight Network Sensor can collect from your network traffic source, the communication method it uses to send the data to the Insight platform, and the frequency of collection and transmission.
Data collection breakdown for the network sensor
With the network sensor installed, you can access the following events for free:
Intrusion Detection System (IDS) events: These events are captured using the open source Suricata IDS engine and refined by the Rapid7 Managed Services team to focus on the most critical indicators.
Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) data: You can monitor DHCP requests to recognize new devices on your network and use DNS to understand what devices are doing once they're on your network.
Enhanced Network Traffic Analysis
Enhanced Network Traffic Analysis (ENTA) is an Ultimate package feature, previously available as an add-on module. If you have access to ENTA, you can also view network flow data generated by the sensor. Network flow metadata includes information such as IP, ports, content based application recognition, and other metadata.
Communication Method
All network sensor installations also install the Insight Agent on your network sensor host machine. The agent allows the Insight platform to communicate with your network sensor host and also enumerates its Network Interface Controllers (NICs), the latter of which is a required configuration step for all network sensor deployments.
For this reason, the network sensor communicates with the Insight platform using the same method that the agent uses, which is the Transport Layer Security (TLS) 1.2 client authentication scheme through a private SSL key specific to your organization.
TIP
You can read more about how the Insight Agent communicates with the Insight platform on the Data Collected page of the Insight Agent Help pages.
Collection and Transmission Frequency
The network sensor collects, processes, and transmits network traffic data continuously and in real time. It does not operate on an interval basis. The moment your network sensor host receives network packets, processing and transmission will take place.