Option 2: Use the Network Sensor AMI

The Network Sensor AMI allows you to skip some of the manual steps involved in deploying the sensor because it comes preloaded with Amazon Linux 2 and the Network Sensor.

To deploy using the Network Sensor AMI:

  1. Open the AWS console. From the “Services” page, select EC2 and click on AMIs on the left menu.
  2. Select Private Images and search for Rapid7 AWS Network Sensor for Insight IDR.

Sensor AMI

  1. Select the AMI and click Launch.
  2. On the “Choose an Instance Type” page, select instance size t3.xlarge.
  3. Select Next.
  4. On the “Configure Instance Details” page:
    1. Use “Network” to select the correct VPC to deploy the sensor
    2. Use “Subnet” to select the subnet for the Platform Comms interface.
    3. Use “Network Interfaces” to Add Device.
    4. Use “Subnet” to select the Mirror Traffic Subnet.

Configure Instance Details

  1. Scroll down to “Advanced Details”, locate the “User Data” block and enter the Insight Platform install token as follows:

TOKEN=us:dbbbb4e8e-239e4-475a-8b73-0df7feed3d0f

Enter Token

  1. Select Add Storage.
  2. Select Add Tags.
  3. Add tags as desired.
  4. Select Configure Security Group.
  5. Choose Select an existing security group.
  6. Select the Platform Comms Security Group.
  7. Select Review and Launch.
  8. Select Launch to launch the instance, choosing an appropriate KeyPair.
  9. Allow the instance to finish launching.

Complete your configuration

Now that you've deployed using the Network Sensor AMI, you'll need to complete the configuration in Insight Data Collection Management.