Sensors

Setting up a virtual sensor

Thank you for unboxing the Perch Security sensor. Your sensor has the latest version of the sensor software installed.

Virtual Sensor Setup

DUE TO ISSUES WITH THE MICROSOFT NDIS CAPTURE STACK IN HYPER-V 2016, PERCH HAS DROPPED SUPPORT FOR HYPER-V 2016 UNTIL A PERMANENT FIX HAS BEEN IDENTIFIED.

  1. Obtain the latest Perch Sensor VMWare OVA or Hyper-V zip file from the Perch Sales Team.
    If you need a Perch Sales contact, please fill out our form here.
  2. Install
    VMWare - Use the sensor image OVA with ESXi, vSphere or Virtualbox to create a pre-configured Perch Sensor virtual machine.
    Hyper-V - For instructions on how to import the sensor image from the zip, click here
    Note regarding Hyper-V: We have noticed that if the latest updates are not installed, Server 2012R2 and Server 2016 have issues running NDIS Mirroring as required for proper functionality.
  3. If you need assistance in configuring virtual switches to pass along mirrored port traffic, refer to documentation available for VMWare and Hyper-V.

User Information

The sensor has default user information:

Username: perch
Password: prairiefire

Note: If you lock the perch account out with invalid password attempts, the account will be locked out for 30 minutes.

Login
Logging in with this user will take you to a console application to configure your sensor.

Network Configuration

The sensor configuration wizard starts with the management network interface as shown below. The management network interface is the interface used to connect to the Perch cloud via the Internet.

Network Configuration Screen 1

Use the arrow keys to select the interface. Here we have selected the interface called enp1s0.

Network Configuration Screen 2

Then select whether or not the interface uses DHCP, here we have selected No and filled in the corresponding information.

Network Configuration Screen 3

Hit OK to continue. The settings are saved as we move on to the next section.

Network Configuration Screen 4

Proxy Configuration

Proxy configuration which is optional. If the management network interface does not need a proxy to access the Internet, select No then OK to continue.

Proxy Configuration Screen 1

If a proxy is needed then select Yes and fill in the necessary information as shown below.

Proxy Configuration Screen 2

In either case hit OK to continue. The settings are saved as we continue to the next section.

Proxy Configuration Screen 3

Monitored Network Interfaces

Here we can select which interfaces we wish to monitor, including the management interface we chose earlier (though this is not necessary).

The interfaces that should be monitored are the ones that have mirrored/spanned traffic that reproduces all your internal network traffic at an ingress/egress point, this is typically done with port mirroring on a managed switch.

Monitored Network Interfaces Screen 1

Here the enp0s31f6 interface is marked as being monitored.

Monitored Network Interfaces Screen 2

Also on this section is the Suricata HOME_NET1 value, which indicates your local network subnets. The prepopulated default is appropriate in almost all cases.

As usual, hit OK to continue. The settings are saved as we continue to the next section.

Monitored Network Interfaces Screen 3

1 Home net is an important intrusion detection parameter. This tells the detection engine which IP range is your network. Many rules are defined as traffic from your home network to “not” your home network.

Sensor Information

The next section covers some miscellaneous information about the sensor and its installation. This includes sensor name, to distinguish among a many-sensor installation, and geographic location.

Sensor Information Screen 1

For geographic location, any one of the Zip code, Country code / Postal code or Geohash may be used.

TIP: Your information is used to approximate your location on the map within the Perch app for you and members of your communities with your permission.

Sensor Information Screen 2

Hit OK when done. Settings are saved before moving to the final step.

Sensor Information Screen 3

Register Your Sensor

Registration with the Perch cloud is the final step in the configuration process. To complete this step you first need to generate an invite code from the Perch web application.

To get your sensor invite code:
Login or register at: app.perchsecurity.com

For users installing their first sensor, select add sensor from the right sidebar.

Sidebar Add Sensor

Alternatively, find device invites under the gear settings menu icon:

Menu Device Invites

On the Device Invites page, create a new invite code with the plus iconadd_circle.

Device Invite Popup

The above code is fake and for demonstration purposes only ;)

Input your code into the sensor:
Enter the code you received from the Perch app into your sensor. Please wait while your sensor completes registration as it may take a few minutes.

Register Your Sensor Screen 1

Register Your Sensor Screen 2

A animation with be shown while the registration process executes.

Register Your Sensor Screen 3

Once successfully completed, the sensor will be fully operational, though it may take some time before its internal processes have been fully initialized.

Well Done
Well done!