Sensors

Setting up a physical sensor

Note:

If you’ve already completed your sensor installation, send an email to help@perchsecurity.com with your company and sensor name. Once the Perch team receives your email, we’ll verify that we see your sensor traffic and get your onboarding process started.

Before you start

Tackle these tasks before you start setting up your sensor:

  1. Create your Perch account
  2. Schedule your sensor installation

TIP:

If at any point you need help with your sensor installation (or anything else), reach out to our Customer Success team at help@perchsecurity.com.

Cabling up

Once you have created your Perch account and scheduled your sensor installation, you are ready to set up your physical sensor. You can use a keyboard and mouse if available, or scan your network with an IP scanner and SSH into the sensor using the username and password provided below.

  1. Cable your sensor before powering on. Check out our sensor diagrams to determine what ports go where.
  2. Once you have the cabling in place, power on the sensor.
  3. Begin login and network configuration (instructions below).

Login configuration

Log in with these default user credentials:

Username: perch
Password: prairiefire

Log in with your default credentials, and you’ll be prompted to set up your username. Next, you’ll be redirected to a console application to begin configuring your sensor.

TIP:

After a period of 100 days, the password will expire, and you’ll need to enter a new one.

Note:

Follow the prompts to create your new password. It wants a minimum of nine characters, an alphanumeric, an uppercase letter, and a special character, or it will rebel against your authority.

sensor image 1

Network Configuration

The sensor configuration wizard begins with the Management Network interface (shown below). It connects to the Perch cloud via the internet. By default, the management network interface is configured with DHCP, but can be changed to a static IP address to support your infrastructure needs.

Use the arrow keys to highlight the interface you wish to use and spacebar to select. Here, we have selected the interface called enp1s0. The interface names will vary depending on the sensor.

sensor image 2

Use the Tab key to move to the next section. Use your spacebar to select whether or not the interface will use DHCP. In our example, we have selected No and filled in the rest.

sensor image 3

If you are connected to the sensor via SSH, the session will close after you click OK. Once you are reconnected, hit OK again to move on to the next screen.

sensor image 4

Hit OK to continue. The settings are saved as we move on to the next section.

sensor image 5

sensor image 6

sensor image 7

Proxy Configuration

Proxy configuration is optional.

  1. If the management network interface doesn’t need a proxy to access the internet, select No then OK to continue.
  2. If a proxy is needed, select Yes and fill in the necessary information as shown below.

sensor image 8

In either case, hit OK to continue. The settings are saved as we continue to the next section.

sensor image 9

Hit OK to continue. The settings are saved as we move on to the next section.

sensor image 10

Hit OK to continue. The settings are saved as we move on to the next section.

sensor image 11

Monitored Network Interfaces

Here you can select which interfaces you wish to monitor.

The interfaces that should be monitored are the ones that have mirrored/spanned traffic that reproduces all your internal network traffic at an ingress/egress point. This is typically done with port mirroring on a managed switch. If you need help with setting up a port mirror, we’ve assembled documentation for many popular switches here.

In this example, the enp0s31f6 interface is marked as being monitored.

Also on this example is the Suricata HOME_NET1 value, which covers all of the private network subnets. The prepopulated default is appropriate in almost all cases.

Hit OK to continue. The settings are saved as we continue to the next section.

sensor image 12

Note:

1 Home net is an important intrusion detection parameter. This tells the detection engine which IP range is your network. Many rules are defined as traffic from your home network to “not” your home network.

Hit OK to continue. The settings are saved as we move on to the next section.

sensor image 13

Hit OK when done. Settings are saved before moving to the final step.

sensor image 14

sensor image 15

Sensor Information

This section covers some miscellaneous information about the sensor and its installation, including sensor name, to identify sensors in a multiple-sensor installation and varying geographic location.

For geographic location, any one of the ZIP codes, Country codes / Postal codes, or Geohash may be used.

TIP:

With your permission, your information is used to approximate your location on the map within the Perch app for you and members of your communities.

sensor image 16

Hit OK to continue. The settings are saved as we move on to the next section.

sensor image 17

Register Your Sensor

Registration with the Perch cloud is the final step in the configuration process. To complete this step, generate an invite code from the Perch web application.

  1. To get your sensor invite code, login or register at: app.perchsecurity.com.

  2. For users installing their first sensor, click Connect a Sensor.

    sensor image 16

  3. For all other sensor installations, go to Settings then Sensors and click on the Purple Plus icon.

    sensor image 17

  4. On the Device Invites page, create a new invite code with the Purple Plus icon.

    sensor image 18

  5. Enter the code you received from the Perch app into your sensor and hit OK. Please wait while your sensor completes registration as it may take a few minutes.

    sensor image 18 sensor image 19 sensor image 20

  6. Once completed, the sensor will be fully operational, though it may take some time before its internal processes have been fully initialized.

    sensor image 21