Network Sensor for AWS Requirements

The Insight Network Sensor for AWS deployment requires a provisioned virtual host and the necessary network infrastructure to receive your network traffic. The following section will cover all host system and networking requirements so that you are prepared for the deployment phase.

Before you start the installation process, make sure that you have configured the following:

VPC IDThe VPC where the sensor will be deployed.
SSH KeyPairA KeyPair that can be used to access the sensor shell if required.
Insight Platform install token for sensorA token to identify the new sensor to the Insight Platform. You can get this from Insight Platform Collection Data Management .
Platform Comms SubnetAllows the sensor to communicate with the Insight Platform. You may use an existing subnet or create a new one.
Platform Comms Security GroupAllows outbound https. You may use an existing Security Group or create a new one.
Mirror SubnetA private subnet for Mirror Traffic. You may use an existing subnet or create a new one.
Mirror Security GroupAllows UDP 4789 from VPC. You may use an existing Security Group or create a new one.

Configure your Network Infrastructure

To help you visualize the network infrastructure, a simplified VPC with workload servers and sensor is shown below.

VPC diagaram


Workloads traffic is routed to servers in a private Production Subnet from a Load Balancer in a public subnet. A sensor is installed in the VPC, with 2 Network Interfaces (NICs). One NIC is in the Platform Comms subnet, a private subnet, with a route to a Network Address Translation (NAT). The second NIC is in a private Mirror Subnet. It does not require any routing to gateways. Interfaces on the Workloads server are mirrored to the Mirror Interface (Mirror Target) on the Sensor.

Mirrored Network Interfaces

The Network Sensor for AWS requires 2 network interfaces. One NIC is used for communication with the Insight Platform. This is referred to as the Platform communications NIC. The second NIC is used to receive Mirror Traffic and is referred to as the Mirror Traffic NIC.

Configure your NICs on different subnets

AWS advises against configuring 2 NICs on an instance in the same subnet. By using 2 NICs and subnets, you can isolate mirror traffic from production or platform communication traffic. See the AWS documentation for more details:

Network Interface Requirements

The following are the properties required for NIC configuration on the Network Sensor EC2 instance:

NIC NameDescriptionSubnet PropertiesSecurity Group
Platform CommsFacilitates communication with the Insight Platform for configuration and payload upload.Has a route to NAT gateway. ACL allows outbound HTTPS (port 443).Allow outbound https (443) to the internet.
Mirror TrafficReceives Mirror Traffic for analysis.ACL allows inbound UDP port 4789 from VPC.Allow inbound from the VPC on UDP port 4789.

Once you have configured your VPC and ensured that you have everything listed above, you are ready to move on to the deployment phase.