How to setup a sensor

Sensors transfer metadata from the host in your on-premise deployment to the NetWitness Platform for analysis and investigation. Sensors also transfer alerts generated in NetWitness Platform to your on-premise NetWitness Platform Respond server for incident management. RSA NetWitness Platform uses Cloud Link service as the sensor that you must install and register on your on-premise host. Once the devices are registered, information from the Log Decoders are transferred to RSA NetWitness Platform and the results are sent back to the on-premise NetWitness Platform in the form of alerts.

Sensor Configuration

Perform the following steps in the specific order to configure NetWitness Platform sensor:

Steps Task How To
1. Review the prerequisites, and ensure that your system meets the expected requirements before installing Cloud Link Service. What are the planning considerations for the Cloud Link Service
2. Install Cloud Link Service on Log Decoder, Log Hybrid, Endpoint Log Hybrid, or the Log Hybrid Retention host. How to install Cloud Link Service
3. Download the Activation Package. How to download the Activation Package
4. Register the Cloud Link Service, copy the activation package to the Cloud Link Service directory, and configure the required permissions. How to register the Cloud Link Service
5. Verify if the Cloud Link service is successfully registered by viewing the status in the NetWitness Platform Sensor List on the cloud. How to verify if the Cloud Link Service is working
6. Configure the Detect AI data transfer to view Detect AI data on your NetWitness Platform user interface. How to transfer Detect AI data to RSA NetWitness Platform
7. Monitor the health of sensors that are configured in the devices. How to monitor the health of the Cloud Link Service
8. Remove one or more devices that are configured within RSA NetWitness Platform**. How to Delete Cloud Link Service

** Removing a sensor from the NetWitness Platform interface will not interfere with typical RSA NetWitness Platform capture and processing. It will only stop the streaming of collected data from on-premise devices.

Submit Feedback
© 2020 RSA Security LLC or its affiliates. All Rights Reserved.