Sensors transfer metadata from the host in your on-premise deployment to the NetWitness Platform for analysis and investigation. Sensors also transfer alerts generated in NetWitness Platform to your on-premise NetWitness Platform Respond server for incident management. RSA NetWitness Platform uses Cloud Link service as the sensor that you must install and register on your on-premise host. Once the devices are registered, information from the Log Decoders are transferred to RSA NetWitness Platform and the results are sent back to the on-premise NetWitness Platform in the form of alerts.
Perform the following steps in the specific order to configure NetWitness Platform sensor:
| Steps | Task | How To |
|---|---|---|
| 1. | Review the prerequisites, and ensure that your system meets the expected requirements before installing Cloud Link Service. | What are the planning considerations for the Cloud Link Service |
| 2. | Install Cloud Link Service on Log Decoder, Log Hybrid, Endpoint Log Hybrid, or the Log Hybrid Retention host. | How to install Cloud Link Service |
| 3. | Download the Activation Package. | How to download the Activation Package |
| 4. | Register the Cloud Link Service, copy the activation package to the Cloud Link Service directory, and configure the required permissions. | How to register the Cloud Link Service |
| 5. | Verify if the Cloud Link service is successfully registered by viewing the status in the NetWitness Platform Sensor List on the cloud. | How to verify if the Cloud Link Service is working |
| 6. | Configure the Detect AI data transfer to view Detect AI data on your NetWitness Platform user interface. | How to transfer Detect AI data to RSA NetWitness Platform |
| 7. | Monitor the health of sensors that are configured in the devices. | How to monitor the health of the Cloud Link Service |
| 8. | Remove one or more devices that are configured within RSA NetWitness Platform**. | How to Delete Cloud Link Service |
** Removing a sensor from the NetWitness Platform interface will not interfere with typical RSA NetWitness Platform capture and processing. It will only stop the streaming of collected data from on-premise devices.