Getting Started

Onboarding Overview

Complete your Setup

Getting setup is easy. To streamline time-to-value with Perch we provide instructions on how to complete your setup and break you out of your shell. Once you’re complete your you should have all the skills you need to setup your business with Perch.

Connect a Sensor

Learn how to deploy a perch sensor here: setup a physical sensor, setup a virtual sensor

Perch sensors, physical or virtual, collect network traffic and log data from your environment. To begin to get data into the platform you need to deploy a sensor. Although you will be able to see community sightings without a sensor, you would not be actively participating in the community. Many customers handle their own installs, however if you need assistance, feel free to tag @help on Slack or email

Join a Community

Without communities a Perch sensor is able to record all kinds of data from the environment, but with communities the Perch sensor will begin generating alerts that are triaged by the Perch SOC. Perch provides click and subscribe content from a number of threat intelligence communities. If you would like to see a threat intelligence community added to Perch let @ideas know in #squawkbox or email

Alert Contacts

Something happened, who should Perchy tell? It’s common for customers to provide us with one or two contacts and perhaps a distribution list for people that should receive escalations form the Perch SOC. The Perch SOC will work with these contacts to notify your organization of security incidents and provide some remediation advice.

Monitored Assets

In order to provide you killer threat detection, we need to know about your assets. In the monitored assets settings page you can refine what assets and networks should be monitored by Perch.

Please note that public IP ranges need to be explicitly monitored. By default, Perch monitors RFC1918 addresses. To monitor a public IP range with a Perch sensor you should add the public IP ranges and check the “Monitored” box. When you define a monitor asset or network of assets you can identify it with a name that will improve Perch SOC analysis and reduce the amount of it takes you to respond to a security incident.

Approved Software

Many indicators detect software associated with past breaches. This may be benign software for your environment and represent business as usual. We are not focused on identifying every piece of software in your environment. We are focused on understanding your approved software that regularly generates alerts flagged for analysts review.

If it is against your company’s acceptable use policy for employees, you set is as approved software. It’s ok if you’re not sure about approved software for your Organization. You can use this settings section to indicate to Perch SOC that you are not concerned about this software. For more granular controls you can suppress alerts for a single asset or network and continue receiving notifications when that software is used elsewhere. Analysts will make decisions on when to escalate or false positive future alerts based on the approved software settings.