The sensor has default user information:
Username: perch Password: prairiefire
Note: If you lock the perch account out with invalid password attempts, the account will be locked out for 30 minutes.
Logging in with this user will take you to a console application to configure your sensor.
The sensor configuration wizard starts with the management network interface as shown below. The management network interface is the interface used to connect to the Perch cloud via the Internet. By default the management interface is configured with DHCP. This can be changed to a static IP address to support your infrastructure needs.
Use the arrow keys to select the interface. Here we have selected the interface called enp1s0, this will vary depending on the sensor.
Then select whether or not the interface uses DHCP; here we have selected No and filled in the corresponding information.
Hit OK to continue. The settings are saved as we move on to the next section.
Proxy configuration which is optional. If the management network interface does not need a proxy to access the Internet, select No then OK to continue.
If a proxy is needed, select Yes and fill in the necessary information as shown below.
In either case, hit OK to continue. The settings are saved as we continue to the next section.
Here we can select which interfaces we wish to monitor, including the management interface we chose earlier (though this is not necessary).
The interfaces that should be monitored are the ones that have mirrored/spanned traffic that reproduces all your internal network traffic at an ingress/egress point, this is typically done with port mirroring on a managed switch. If you need help with setting up a port mirror, we have assembled documentation for many popular switches here.
Here the enp0s31f6 interface is marked as being monitored.
Also on this section is the Suricata HOME_NET1 value, which indicates your local network subnets. The prepopulated default is appropriate in almost all cases.
As usual, hit OK to continue. The settings are saved as we continue to the next section.
The next section covers some miscellaneous information about the sensor and its installation. This includes sensor name to indentify sensors in a multiple-sensor installation, and geographic location.
For geographic location, any one of the Zip code, Country code / Postal code or Geohash may be used.
Hit OK when done. Settings are saved before moving to the final step.
Registration with the Perch cloud is the final step in the configuration process. To complete this step you first need to generate an invite code from the Perch web application.
To get your sensor invite code:
Login or register at: app.perchsecurity.com
For users installing their first sensor, select add sensor from the right sidebar.
Alternatively, find device invites under the gear settings menu icon:
On the Device Invites page, create a new invite code with the plus iconadd_circle.
Input your code into the sensor:
Enter the code you received from the Perch app into your sensor. Please wait while your sensor completes registration as it may take a few minutes.
A animation with be shown while the registration process executes.
Once successfully completed, the sensor will be fully operational, though it may take some time before its internal processes have been fully initialized.