If you haven’t purchased Perch SIEM please reach out to your sales representative or contact us at email@example.com.
If you need to download the Perch Log Shipper, please log into the Perch Application and navigate to Settings > Sensors and click “download the installer” at the top of the page.
Supported OS versions - Windows 7 or Server 2012 R2 or greater.
Locate and execute the downloaded installer.
Choose Next> and agree to the License Agreement.
If you choose to send the logs to the Perch Sensor, select Send to Sensor and provide the IP address of the Perch Sensor.
If you choose to send the logs directly to the Perch Cloud, choose Send to Cloud (API) and provide the Client Token (API). You can obtain the Client Token by navigating in the Perch App to Settings > Sensors and copy the Agent Token from the top of the sensors settings page.
Click Finish to complete the setup.
The Perch Log Shipper for Windows includes simple command line options to deploy the Log Shipper silently and set the IP address or Client Token.
perch-log-shipper-latest.exe /qn OUTPUT="IP" VALUE="10.10.10.205"
This will install the Perch Log Shipper silently and set a Sensor IP address of 10.0.0.205.
perch-log-shipper-latest.exe /qn OUTPUT="TOKEN" VALUE="abc-123-def-456"
This will install the Perch Log Shipper silently and set a Client Token to send the log data directly to the Perch Cloud.
If there is a host-based firewall, network firewall, or network ACL between the endpoint and the Perch sensor, TCP/5044 will need to be allowed to traverse from the endpoint to the Perch sensor for data sent to the sensor. If the Cloud API option is chosen, TCP/443 will need to be allowed outbound to ingest.perchsecurity.com.
The installer writes data to C:\Program Files\Perch (or C:\Program Files (x86), for x86 based systems), C:\ProgramData\Perch\ and creates three services - perch-winlogbeat, perch-auditbeat and sysmon.