Network Sensor Management
Welcome to the management experience for the network sensor!
This article details the dedicated network sensor space that’s part of your Insight platform home environment. Like your Insight Agents, the network sensor has its own tab in Data Collection Management so you can manage all your existing network sensors and download installers with ease.
This article covers the following topics:
- How to Access the Network Sensor Management Experience
- Network Sensor Cards
- Connectivity and Operational Statuses
- Configuration Options
How to Access the Network Sensor Management Experience
If you’ve completed a network sensor deployment before, you’ve already accessed the network sensor management interface to complete your configuration.
NOTE - Privileges required
You must be a platform or product administrator to access the network sensor management interface.
To access the network sensor management interface:
- Go to insight.rapid7.com and sign in with your Insight account credentials.
- If you do not see the "My Products & Services" screen upon signing in, open the app switcher in the upper left corner of the screen and click My Account.
- Expand your left menu and click the Data Collection Management tab.
- On the “Data Collection Management” screen, click the Network Sensors tab.
Network Sensor Cards
The management interface displays a card for each network sensor host that has reported back to the Insight platform. This will include network sensors that you have fully deployed and others that still require some configuration.
Fully Deployed Network Sensors
Cards for network sensors that have been fully deployed will show a series of host and Network Interface Controller (NIC) identifying information, including hostnames, IP addresses, MAC addresses, and other fields. Network sensor software configuration options will also appear along with host resource health figures.
Most importantly, cards for fully deployed network sensors also feature real time graphs for traffic rates and packet monitoring. Examine these graphs to get an idea of how your network sensor is performing over time.
The "Traffic Rate" graph updates based on the most recent beacon from the network sensor. If your network sensor host cannot communicate with the Insight platform, the "Traffic Rate" graph will not reflect any change in network traffic monitoring.
Connectivity and Operational Statuses
Each network sensor card displays two distinct statuses:
- One that indicates internet connectivity for the host.
- One that shows the operational status of the network sensor software.
Network sensor host connectivity will display either the “Online” or “Offline” status. The Insight platform determines this status based on whether it can establish communication with the Insight Agent that’s installed on your network sensor host.
In terms of software operations, your network sensor cards will display one of the following three statuses:
- “Running” - The network sensor is currently monitoring and processing network traffic.
- “Initialize” - The network sensor is waiting for a network traffic source NIC selection.
- This is a required step of all network sensor deployments and is covered in step 5 of this documentation set.
- “Stopped” - The network sensor is not performing any monitoring tasks.
- Note that the “Stopped” operational status is completely separate from the “Offline” connectivity status. A stopped network sensor can still have the connectivity to report to the Insight platform with its installed agent.
- To restart a stopped network sensor, click Restart on the bottom left corner of its card.
You can make configuration changes to a fully deployed network sensor by clicking Configure on the bottom left corner of its card. Available configuration options are grouped in the following categories.
From the General tab of the configuration panel, you can make adjustments to the following settings:
- The name of the network sensor, as shown on the card.
- The designation of the network traffic source NIC.
- Local subnet values, separated by commas.
- Berkeley Packet Filter (BPF) values, which will allow you to configure the network sensor to ignore specific types of traffic.
- Enable or disable network traffic monitoring on the network sensor.
Traffic Monitoring Controls
From the Traffic Monitoring tab of the configuration panel, you can tune what kinds of network data the network sensor will analyze with the following switches:
- Analysis of DHCP lease assignments
- Analysis of DNS requests
- Analysis of IPv4 flow data with application recognition (available with purchase of the add-on module)
After you’ve made your changes, click Save at the bottom of the configuration panel to apply them to your network sensor.