CISCO Secure Cloud Analytics Sensor

Kupu Whakataki

Cisco Secure Cloud Analytics (now part of Cisco XDR) is a SaaS-based security service that detects and responds to threats in IT environments, both on-premises and in the cloud. This guide explains how to deploy Secure Cloud Analytics sensors as part of your private network monitoring service, for use in enterprise networks, private data centers, branch offices, and other on-premises environments.

• Mena kei te whakaaro koe ki te whakamahi i te Secure Cloud Analytics i roto i ngā taiao kapua tūmatanui anake, pērā i a Amazon Web Services, Microsoft Azure, or Google Cloud Platform, you do not need to install a sensor. Go to the public cloud monitoring guides for more information.
• Kei roto i tēnei aratohu ngā tohutohu mō te tāuta i te pūoko ki runga i te Ubuntu Linux. Mō ngā tohutohu tāutanga ki runga i ētahi atu pūnaha whakahaere, tirohia te Aratohu Whirihoranga Matatau o te Pūoko Tātari Kapua Haumaru.

Ngā Whakaaro mō te Whakatakotoranga Pūoko

• Ka taea e koe te whakatakoto i ngā pūoko hei kohikohi i ngā raraunga rere, pērā i a NetFlow, hei whakauru rānei i ngā waka whatunga e whakaatahia ana mai i tētahi pouara, i tētahi pana rānei i tō whatunga. Ka taea hoki e koe te whirihora i tētahi pūoko hei kohikohi i ngā raraunga rere me te whakauru hoki i ngā waka whatunga whakaata. Kāore he rohe mō te maha o ngā pūoko e whakatakotoria ana.
• If you want to configure a sensor to collect flow data, see Configuring a Sensor to Collect Flow Data for more information.
• If you want to configure a sensor to ingest traffic from a mirror or SPAN port, see Network Device Configuration for more information on configuring your network devices to mirror traffic.
• Ka taea e te pūoko putanga 4.0, neke atu rānei, te kohikohi i te telemetry NetFlow whakarei ake. Mā tēnei ka taea e Secure Cloud Analytics te whakaputa i ngā momo tirohanga me ngā matohi hou. Mō ētahi atu kōrero, tirohia te Aratohu Whirihoranga Secure Cloud Analytics mō te Enhanced NetFlow.
• Kāore te pūoko e tautoko i te IPv6.

Sensor Prerequisites

Ka taea e koe te tāuta i tētahi pūoko ki runga i tētahi taputapu tūturu, i tētahi mīhini mariko rānei, me ngā whakaritenga e whai ake nei:

Waehanga	Whakaritenga iti rawa
Atanga whatunga	kia kotahi te atanga whatunga, e tohua ana ko te atanga Mana, hei tuku mōhiohio ki te ratonga Tātari Kapua Haumaru. Mēnā kei te hiahia koe ki te whirihora i te pūoko ki te tango i ngā waka whatunga mai i tētahi taputapu whatunga e tārua ana i runga i tētahi tauranga whakaata, me whai koe i tētahi, neke atu rānei, atanga whatunga e tohua ana ko ngā atanga Whakaata.
RAM	4 GB
PTM	kia rua ngā matua, neke atu rānei
Mokowā Rokiroki	60 GBDisk space is used to cache production NetFlow data before sending records to Secure Cloud Analytics.
Te Uru Ipurangi	e hiahiatia ana hei tango i ngā mōkihi mō te tukanga tāutanga

Kia mōhio ki ngā mea e whai ake nei mō ngā atanga Mirror kua tohua:

• Ka whiwhi ngā atanga whakaata i tētahi tārua o ngā waka pūtake katoa e tomo mai ana, e puta atu ana ki te ūnga. Me whakarite kia iti iho tō waka tino nui i te kaha o te hononga atanga whakaata o te pūoko.
• He maha ngā pana ka maturuturu i ngā mōkihi mai i ngā atanga pūtake mēnā he nui rawa te rere o ngā raraunga kua whirihorahia ki tētahi ūnga tauranga whakaata.

Ngā Whakaritenga Tāpiri mō ngā Taputapu Tinana

Waehanga	Whakaritenga iti rawa
Tāutatanga File Tukuake	Ko tētahi o ēnei hei tukuake i te tāutanga .iso file: 1 tauranga USB, me te puku kohiko USB 1 puku kōpae whatu, me tētahi kōpae whatu ka taea te tuhi (pērā i te kōpae CD-R)

Virtual machines can boot directly to the .iso file me te kore he whakaritenga tāpiri.

Ngā Whakaritenga Tāpiri mō te Mīhini Mariko
Mena kei te whakatinanahia tō pūoko hei mīhini mariko, me whakarite kua whirihorahia te kaihautū mariko me te whatunga mō te aratau pōturi i te atanga whatunga tuarua mena kei te whakaaro koe ki te whakauru i ngā waka mai i te tauranga whakaata, i te tauranga SPAN rānei.

• When deploying the sensor in a VMWare 8 environment, the sensor will fail to load when using the default UEFI boot setting. To fix this issue, on the Customize Hardware step, select VM Options > Boot Options, then choose BIOS from the Firmware drop-down list.

VMware hypervisor
If you are running the virtual machine on a VMware hypervisor, configure the virtual switch for promiscuous mode:

1. Tīpakohia te kaihautū i roto i te rarangi taonga.
2. Tohua te ripa Whirihoranga.
3. Pāwhiritia te Whatunga.
4. Pāwhiritia Ngā Āhuatanga mō tō pana mariko.
5. Tīpakohia te pana mariko ka pāwhiri Whakatika.
6. Tīpakohia te ripa Haumarutanga.
7. Tīpakohia Whakaae mai i te tahua taka-iho Aratau Whakarerekētanga.

Tirohia te pūtake mātauranga VMware mō ētahi atu kōrero mō te aratau pōrearea. Me whakatakoto pea e koe te VLAN ID ki te 4095.

Pouaka Mariko
Mena kei te whakahaere koe i te mīhini mariko i roto i te VirtualBox, whirihorahia te urutau mō te aratau pōrearea:

1.  Tīpakohia te urutau mō te atanga Mirror mai i ngā Tautuhinga Whatunga.
2.  Set promiscuous mode to Allow in the Advanced Options.

See the VirtualBox documentation on virtual networking for more information.

Ngā Whakaaro Whakatakotoranga Pūoko
Because network topologies can vary greatly, keep the following general guidelines in mind when deploying your sensors:

1.  Whakatauhia mēnā kei te hiahia koe ki te whakatakoto i ngā pūoko ki:
   • kohikohi raraunga rere
   • whakauru i te hokohoko whatunga whakaata
   • me kohikohi ētahi i ngā raraunga rere, ā, me horomia e ētahi ngā waka whatunga whakaata
   • e kohikohi ana i ngā raraunga rere me te horomi i ngā waka whatunga whakaata
2.  Ki te kohikohi raraunga rere, whakatauhia ko ēhea ngā hōputu ka taea e ō pūrere whatunga te kaweake, pēnei i te NetFlow v5, NetFlow v9, IPFIX, sFlow rānei.
   He maha ngā pareārai ahi e tautoko ana i te NetFlow, tae atu ki ngā pareārai ahi Cisco ASA me ngā Cisco Meraki MX Appliances. Tirohia ngā tuhinga tautoko a tō kaihanga kia mōhio ai mēnā kei te tautoko hoki tō pareārai ahi i te NetFlow.
3. Ensure that the network port on the sensor can support the Mirror ports capacity.
   Whakapā atu ki te Tautoko Cisco mēnā e hiahia ana koe ki te āwhina mō te whakatinana i ngā pūoko maha ki tō whatunga.

Checking Your Sensor Version
Hei whakarite kei a koe te pūoko hou rawa atu kua whakatinanahia ki tō whatunga (putanga 5.1.3), ka taea e koe te tirotiro i te putanga o te pūoko o nāianei mai i te rārangi whakahau. Mena me whakapai ake koe, tāuta anō i te pūoko.

1.  SSH ki roto i te pūoko kua whakatinanahia.
2. At the prompt, enter cat /opt/obsrvbl-ona/version and press Enter. If the console does not display 5.1.3, your sensor is out of date. Download the most recent sensor ISO from the web atanga kaiwhakamahi o te tomokanga.

Ngā Whakaritenga Whakauru Pūoko
The physical appliance or virtual machine must have access to certain services over the internet. Configure your firewall to allow the following traffic between a sensor and the external internet:

Momo waka	E hiahiatia ana	Wāhitau IP, rohe, me te tauranga, te whirihoranga rānei
Te waka HTTPS e puta atu ana mai i	āe	tauranga 443, ā, ko te wāhitau IP ko

Ko te atanga Whakahaere o te pūoko ki te ratonga Secure Cloud Analytics e manaakihia ana i runga i a Amazon Web Ratonga		tō wāhitau IP tomokanga AWS S3 IP addresses for your Secure Cloud Analytics region. As the AWS IP addresses can change, refer to the AWS Ka āwhina ngā awhe wāhitau IP i te kaupapa me te rapu mō te ratonga S3 me tō rohe AWS i roto i te JSON kua whakaratohia fileHei kimi i tō rohe AWS, haere ki tō papatohu Haumarutanga Kapua Tātari ka panuku ki raro o te whārangi. Ka whakaatuhia e te āpure i te hiku te ingoa o te rohe mō tō tomokanga e rite ana ki ngā rohe AWS e whai ake nei: North America (N. Virginia): us-east-1 Uropi (Frankfurt): eu- pokapū-1 Ahitereiria (Sydney): ap- tonga-mā-rāwhiti-2
		1. Tāutahia te SSH ki te pūoko hei kaiwhakahaere.
		2. I roto i te tohu whakahau, tāuruhia tēnei whakahau:
Whakaūtia te pūoko kia kōrero noa ki ngā wāhitau Cisco e mōhiotia ana	kahore	sudo nano opt/obsrvbl-ona/config.local ka pēhi i te pātene Tomo hei whakatika i te whirihoranga file 3. Update the OBSRVBL_SENSOR_ EXT_ONLY setting to be the following: OBSRVBL_SENSOR_ EXT_ONLY=true.
		4. Pēhia te Ctrl + 0 hei tiaki i ngā huringa.

		5. Pēhia te Ctrl + x hei puta atu. 6. I te tohu whakahau, patohia te sudo service obsrvbl-ona restart hei tīmata anō i te pūoko.
Te whakawhiti i te atanga Whakahaere o te pūoko ki te tūmau Ubuntu Linux hei tango i te pūnaha whakahaere Linux me ngā whakahōutanga e pā ana.	āe	us.archive.ubuntu.com:443/TCP us.archive.ubuntu.com:80/TCP
Te whakawhiti i te atanga Whakahaere o te pūoko ki te tūmau DNS hei whakatau i te ingoa kaihautū	āe	[local DNS server]:53/UDP
Te rere o ngā waka mai i tētahi taputapu rapurongoā mamao ki tō pūoko	kahore	54.83.42.41:22/TCP

Mena kei te whakamahi koe i tētahi ratonga takawaenga, waihangahia he okotahi takawaenga mō ngā wāhitau IP atanga Mana pūoko.

Whirihoranga Pūrere Whatunga
Ka taea e koe te whirihora i tō pana whatunga, i tō pouara rānei kia whakaata i tētahi tārua o ngā waka, kātahi ka tukuna ki te pūoko.

• Because the sensor sits outside the normal flow of traffic, it cannot directly influence your traffic. Configuration changes that you make in the web Ka awe te atanga kaiwhakamahi o te tomokanga i te whakaputanga whakatūpato, ehara i te āhua o te rere o ō waka. Ki te hiahia koe ki te whakaae, ki te aukati rānei i ngā waka i runga i ngā whakatūpato, whakahoutia ō tautuhinga pareārai.
• See the following for information on network switch manufacturers and resources to configure mirrored traffic:

Kaihanga	Ingoa Pūrere	Tuhinga
NetOptics	pā whatunga	Tirohia te whārangi rauemi a Ixia mō ngā tuhinga me ētahi atu kōrero
Kikamona	pā whatunga	Tirohia ngā whārangi rauemi me ngā whārangi mōhiotanga a Gigamon mō ngā tuhinga me ētahi atu mōhiohio.

	Kaitātari (SPAN)
Hunipera	whakaata tauranga	See Juniper’s TechLibrary documentation for an exampTe Whakatakotoranga i te Whakaata Tauranga mō te Aroturuki ā-Rohe o te Whakamahinga Rauemi Kaimahi i runga i ngā Pana Raupapa EX
NETGEAR	whakaata tauranga	See Netgear’s knowledge base documentation for an exampte māramatanga o te whakaata tauranga me tana mahi me tētahi pana whakahaere
ZyXEL	whakaata tauranga	Tirohia ngā tuhinga mātauranga a ZyXEL mō ngā mōhiohio e pā ana ki te whakamahi i te Whakaata i runga i ngā pana ZyXEL.
atu	tauranga aroturuki, tauranga tātari, tauranga pato	See Wireshark’s wiki documentation for a switch reference for multiple manufacturers

You can also deploy a network test access point (tap) device to pass a copy of traffic to the sensor. See the following for information on network tap manufacturers and resources to configure the network tap.

Kaihanga	Ingoa Pūrere	Tuhinga
NetOptics	pā whatunga	Tirohia te whārangi rauemi a Ixia mō ngā tuhinga me ētahi atu kōrero
Kikamona	pā whatunga	Tirohia ngā whārangi rauemi me ngā whārangi mōhiotanga a Gigamon mō ngā tuhinga me ētahi atu mōhiohio.

Whirihoranga Rere
Me whirihora e koe tō pūrere whatunga kia tukuna ngā raraunga NetFlow. Tirohia https://configurenetflow.info/ or https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/netflow/Cisco Tirohia te NetFlow_Configuration.pdf mō ētahi atu kōrero mō te whirihora i te NetFlow i runga i ngā taputapu whatunga Cisco.

Tāutanga me te Whirihoranga Pāpāho Pūoko

I mua i to tiimata i te whakaurunga, review the instructions to understand the process as well as the preparation, time, and resources you’ll need for the installation and configuration.
E rua ngā kōwhiringa mō tēnei tāutanga:

• Te Tāuta i te Pūoko ki runga i te Mīhini Mariko: Ki te tāuta koe i tētahi pūoko ki runga i te mīhini mariko, ka taea e koe te whakaara mai i te .iso file tika.
•  Te Tāuta i te Pūoko ki runga i tētahi Taputapu Ā-tinana: Ki te tāuta koe i tētahi pūoko ki runga i tētahi taputapu ā-tinana, ka hangaia e koe he pāpāho ka taea te whakaara mā te whakamahi i te .iso file, kātahi ka tīmata anō te taputapu ka whakaara anō mai i taua pāpāho.

Ka horoia te kōpae e tāutahia ai te pūoko i mua i te tāutanga o te pūoko i te wā e tāutahia ana. I mua i te tīmatanga o te tāutanga, me whakaū kāore he raraunga e hiahia ana koe ki te tiaki i roto i te taputapu tūturu, i te mīhini mariko rānei e whakaaro ana koe ki te tāuta i te pūoko.

Creating Boot Media

• Mena kei te whakatinana koe i tētahi pūoko ki tētahi taputapu tūturu, ka whakatinanahia e koe tētahi .iso file e tāuta ana i te pūoko, i runga i te Ubuntu Linux.
• If you write the .iso file ki tētahi kōpae whatu, pērā i te CD, DVD rānei, ka taea e koe te whakaara anō i te taputapu tūturu me te kōpae whatu i roto i te puku kōpae whatu, ka whiriwhiri ki te whakaara anō mai i te kōpae whatu.
• Ki te hanga koe i tētahi puku kohiko USB me te .iso file me te taputapu Rufus, ka taea e koe te whakaara anō i te taputapu tūturu, te whakauru i te puku kohiko USB ki te tauranga USB, me te whiriwhiri ki te whakaara anō mai i te puku kohiko USB.
• Ki te whakatū koe i tētahi pūoko me te kore e whakamahi i tētahi ISO, me whakahou pea e koe ngā tautuhinga pareārai ahi o te taputapu ā-rohe kia taea ai te uru atu ki ngā raraunga. Ka tino taunaki mātou kia whakatūria e koe te pūoko mā te whakamahi i te ISO kua whakaratohia.
• Mā te waihanga i tētahi puku kohiko USB whakaara anō ka mukua ngā mōhiohio katoa kei runga i te puku kohiko. Kia tino mohio kei roto i te puku kohiko ētahi atu mōhiohio.

Tikiake i te ISO o te pūoko file
Tikiake i te putanga hou o te pūoko ISO mai i te web portal. Use this either to install (for a new sensor) or reinstall (to upgrade an existing sensor).

1.  Takiuru ki te Secure Cloud Analytics hei kaiwhakahaere.
2.  Tīpakohia te Āwhina (?) > Tāuta Pūoko i te Wāhi Noho.
3.  Click the .iso button to download the latest ISO version.
4. Go to Create a Bootable Optical Disc or Create a Bootable USB Flash Drive.

Create a Bootable Optical Disc
Whāia ngā tohutohu a tō kaihanga hei tārua i te .iso file ki tētahi kōpae whatu.

Waihangahia he Puku Kohiko USB Whakaara

1. Insert a blank USB flash drive into a USB port on the appliance you want to use to create the bootable USB flash drive.
2.  Log in to the workstation.
3. I roto i to web pūtirotiro, haere ki te taputapu Rufus webpae.
4.  Tikiake i te putanga hou o te taputapu Rufus.
5. Whakatuwheratia te taputapu Rufus.
6.  Tīpakohia te puku kohiko USB i te tahua taka-iho Pūrere.
7. Tīpakohia te ahua Kōpae, te ahua ISO rānei mai i te tahua taka-iho Kōwhiringa Whakaara.
8. Pāwhiritia te TĪWHIRI ka tīpako i te ISO o te pūoko file.
9. Patohia te START.

Mā te waihanga i tētahi puku kohiko USB whakaara anō ka mukua ngā mōhiohio katoa kei runga i te puku kohiko. Kia tino mohio kei roto i te puku kohiko ētahi atu mōhiohio.

Tāuta i te Pūoko

1.  Kōwhiria te tikanga whakaara mō te .iso penei:
   • Mīhini Mariko: Mena kei te tāuta koe ki tētahi mīhini mariko, whakaara mai i te .iso file.
   • Taputapu Ā-tinana: Mena kei te tāuta koe ki tētahi taputapu ā-tinana, whakauruhia te pāpāho whakaara, tīmata anō te taputapu, ka whakaara anō mai i te pāpāho whakaara.
2. Select Install ONA (Static IP) at the initial prompt, then press Enter.
3. Tīpakohia he reo mai i te rārangi reo mā te whakamahi i ngā kī pere, kātahi ka pēhi i te Enter.
4. Mō te whirihoranga Papapātuhi, kei a koe ēnei kōwhiringa e whai ake nei:
   • Tīpakohia he Tahora me te Momo hei whirihora i te papapātuhi, kātahi ka pēhi i te Enter.
   • Tīpakohia te Tāutuhia te papapātuhi, kātahi ka pēhi i te Enter.
5. Mō te whirihoranga Whatunga, tīpakohia te Ā-ringa, kātahi ka pēhi i te Tomo. All other network interfaces are automatically configured as Mirror interfaces.
6.  Tāuruhia he Whatunga-iti mō te taputapu, tīpakohia te Haere Tonu mā te whakamahi i ngā kī pere, kātahi ka pēhi i te Tomo.
7.  Enter an IP address for the appliance, select Continue with the arrow keys, and press Enter.
8. Enter a Gateway router IP address, select Continue with the arrow keys, and press Enter.
9.  (Optional) For Search domains, enter the domain(s) that will be automatically appended to the hostname when attempting to resolve to an IP address, select Continue with the arrow keys, and press Enter.
   By default, the install will automatically use DHCP and proceed with the install. To override the DHCP IP address, you will need to manually edit the interface after the install is complete.
   Ka tūtohu mātou kia tāuruhia e koe tētahi wāhitau tūmau ingoa mana ā-rohe mēnā kua whakatinanahia tētahi ki tō whatunga.
10. . Tāuruhia te Ingoa Katoa mō te kaiwhakamahi hou, e hono ana ki tētahi pūkete ehara i te pūtake mō ngā whakaaetanga whakahaere, kātahi ka tīpako i te Haere Tonu mā te whakamahi i ngā kī pere, kātahi ka pēhi i te Enter.
11.  Tāuruhia te ingoa o tō tūmau, koinei te ingoa ka whakamahia e te pūoko ina kōrero ana ki ētahi atu rorohiko, ā, ka kitea i roto i te tomokanga Secure Cloud Analytics, kātahi ka tīpako i te Haere Tonu mā te whakamahi i ngā kī pere, kātahi ka pēhi i te Enter.
12.  Enter the Username for your account, which is the non-root account with administrative permissions, then select Continue with the arrow keys and press Enter.
13.  Kōwhiria he kupuhipa mō te kaiwhakamahi hou, kātahi ka tīpako Haere Tonu mā te whakamahi i ngā kī pere, kātahi ka pēhi i te Tomo.
14. Tāuruhia anō te kupuhipa hei manatoko, kātahi ka tīpako Haere Tonu mā te whakamahi i ngā kī pere, kātahi ka pēhi i te Tomo. Ki te kore koe i tāuru i te kupuhipa kotahi i ngā wā e rua, ngana anō.
    The account you create during setup is the only account you can use to access the virtual machine. This installation does not create a separate Secure Cloud Analytics portal account.
15. To confirm the installation process, select Continue, then press Enter.
    Ka mukua e tēnei mahi ngā raraunga katoa kei runga i te puku. Me whakarite kia takoto kau i mua i te haere tonu.Wait several minutes for the installer to install the required files.
16. Ina whakaatuhia e te tāutanga te Tāutanga Kua Oti, tīpakohia te Tīmata Anō ināianei mā te whakamahi i ngā kī pere, kātahi ka pēhi i te Tomo hei tīmata anō i te taputapu.
17. Kia tīmata anō te taputapu, takiuru mā te pūkete kua hangaia kia tika ai ō taipitopito tuakiri.

Hei Mahi Panuku

• Ki te whakawhāitihia te urunga ki ō taiao tūmataiti, kia tino whakaaetia te whakawhitiwhiti kōrero ki ngā IP e tika ana. Tirohia ngā Whakaritenga Uru Pūoko mō ētahi atu kōrero.
• Mena kei te whakamahi koe i te pūoko hei kohikohi i ngā rerenga whatunga, pērā i te NetFlow, tirohia te Whirihora i tētahi Pūoko hei Kohikohi Raraunga Rere mō ētahi atu kōrero mō te whirihora i te pūoko.
•  Mena kei te whakamahi koe i te pūoko, ā, kei te tāpiri atu ki te SPAN, ki ngā tauranga whakaata rānei hei kohikohi i ngā waka whakaata, tirohia te Tāpiri i ngā Pūoko ki te Web Tomokanga mō ētahi atu kōrero mō te tāpiri i ngā pūoko ki te Secure Cloud Analytics web tomokanga.
•  Mena kei te whirihora koe i te pūoko kia tukuna te Enhanced NetFlow telemetry, tirohia te Cisco Secure Cloud Analytics Configuration Guide for Enhanced NetFlow mō ētahi atu kōrero.

Attaching Sensors to the Web Portal

• Once a sensor is installed, it will need to be linked with your portal. This is done by identifying the sensor’s public IP address and entering it into the web tomokanga. Mena kāore e taea e koe te whakatau i te wāhitau IP tūmatanui o te pūoko, ka taea e koe te hono ā-ringa i te pūoko ki tō tomokanga mā te whakamahi i tana kī ratonga ahurei.

Ka taea e te pūoko te hono atu ki ngā tomokanga e whai ake nei:

• https://sensor.ext.obsrvbl.com (US)
• https://sensor.ext.eu-prod.obsrvbl.com (EU)
• https://sensor.ext.anz-prod.obsrvbl.com (Ahitereiria)

Mena he maha ngā pūoko he stagi tētahi wāhi pokapū, pērā i te MSSP, ā, he mea hanga mō ngā kiritaki rerekē, me tango te IP tūmatanui i muri i te whirihoranga o ia kiritaki hou. Mena he wāhitau IP tūmatanui o te stagKi te whakamahia te taiao rorohiko mō ngā pūoko maha, ka taea te hono hē o te pūoko ki te tomokanga hē.
Mena kei te whakamahi koe i te tūmau takawaenga, whakaotia ngā mahi i te wāhanga Whirihora Takawaenga hei whakahohe i te whakawhitiwhiti kōrero i waenga i te pūoko me te Tātari Kapua Haumaru. web tomokanga.

Te Kimi me te Tāpiri i te Wāhitau IP Tūmatanui o te Pūoko ki te Tomokanga

1. SSH ki roto i te pūoko hei kaiwhakahaere.
2. At the command prompt, enter curl https://sensor.ext.obsrvbl.comandpressEnter. The error value of unknown identity means that the sensor is not associated with a portal. See the following image for an example.Tō kaihautū ratonga URL may be different based on your location. In your Secure Cloud Analytics portal, go to Settings > Sensors and scroll to the bottom of the page to find your service host url.
3.  Tāruatia te wāhitau IP tuakiri.
4.  Takiuru atu i te pūoko.
5.  Log in to the Secure Cloud Analytics as a site administrator.
6.  Tīpakohia ngā Tautuhinga > Ngā Pūoko > IP Tūmatanui.
7. Pāwhiritia Tāpiri Wāhitau IP Hou.
8. Whakauruhia te wāhitau IP tuakiri ki te āpure Wāhitau Hou. 9. Pāwhiritia te Waihanga. Whai muri i te whakawhiti kī o te tomokanga me te pūoko, ka whakatūria e rātou te wā kei te heke mai
9. Click Create. After the portal and sensor exchange keys, they establish future connections using the keys, not the public IP address.
   E 20 meneti pea te roa i mua i te whakaatahia mai o tētahi pūoko hou ki te tomokanga.

Manually Add a Portal’s Service Key to a Sensor
Mena kāore e taea e koe te tāpiri i te wāhitau IP tūmatanui o te pūoko ki te web tomokanga, he tangata rānei koe
MSSP e whakahaere ana i ngā maha web ngā tomokanga, whakatikahia te whirihoranga whirihoranga ā-rohe o te pūoko file to manually add a portal’s service key to associate the sensor with the portal.
This key exchange is done automatically when using the public IP address in the previous section.

1. Takiuru ki te Secure Cloud Analytics hei kaiwhakahaere.
2.  Tīpakohia Tautuhinga > Pūoko.
3.  Navigate to the end of the sensor list and copy the Service Key. See the following image for an example.
   Kī Ratonga:(whakaatu) Kaihautū Ratonga:
4. SSH ki roto i te pūoko hei kaiwhakahaere.
5. I te tohu whakahau, tāuruhia tēnei whakahau: sudo nano /opt/obsrvbl-ona/config.loca, kātahi ka pēhi i te Enter hei whakatika i te whirihoranga. file.
6. Tāpirihia ngā rārangi e whai ake nei, me te whakakapi me te kī ratonga o te tomokanga meurl>me tō kaihautū ratonga ā-rohe url# Kī Ratonga
   KĪ_RATONGA_OBSRVBL = " "OBSRVBL_HOST="url>”
   I roto i tō tomokanga Haumarutanga Kapua, haere ki Ngā Tautuhinga > Ngā Pūoko ka panuku ki raro o te whārangi hei kimi i tō kaihautū ratonga url.
   Tirohia te whakaahua e whai ake nei mō tētahi tauira o muaample:
7. Pēhia te Ctrl + 0 hei tiaki i ngā huringa.
8.  Press Ctrl + x to exit.
9.  At the command prompt, enter sudo service obsrvbl-ona restart to restart the Secure Cloud Analytics service.

E 20 meneti pea te roa i mua i te whakaatahia mai o tētahi pūoko hou ki te tomokanga.

Configuring Proxy
If you are using proxy server, complete the following steps to enable communication between the sensor and the web tomokanga.

1.  SSH ki roto i te pūoko hei kaiwhakahaere.
2.  I te tohu whakahau, tāuruhia tēnei whakahau: sudo nano /opt/obsrvbl-ona/config.local, kātahi ka pēhi i te Enter hei whakatika i te whirihoranga. file.
3.  Tāpirihia te rārangi e whai ake nei, me te whakakapi i te proxy.name.com ki te ingoa manaaki, ki te wāhitau IP rānei o tō tūmau proxy, me te Port ki te tau tauranga o tō tūmau proxy: HTTPS_PROXY=”proxy.name.com:Port.”
4. Pēhia te Ctrl + 0 hei tiaki i ngā huringa.
5.  Press Ctrl + x to exit.
6. At the command prompt, enter sudo service obsrvbl-ona restart to restart the Secure Cloud Analytics service.

E 20 meneti pea te roa i mua i te whakaatahia mai o tētahi pūoko hou ki te tomokanga.

Te Whakaū i te Hononga Tomokanga o te Pūoko
I muri i te tāpiri i tētahi pūoko ki te tomokanga, whakaūhia te hononga i roto i te Secure Cloud Analytics.

Mena i hono ā-ringa koe i tētahi pūoko ki te web tomokanga mā te whakahou i te config.local
whirihoranga file using a service key, using the curlcommand to confirm the connection from the sensor may not return the web ingoa o te tomokanga.

1. Takiuru ki te Tātari Kapua Haumaru.
2. Tīpakohia Ngā Tautuhinga > Ngā Pūoko. Ka puta te pūoko i te rārangi.

If you do not see the sensor on the Sensors page, log into the sensor to confirm the connection.

1. SSH ki roto i te pūoko hei kaiwhakahaere.
2. At the command prompt, enter curl https://sensor.ext.obsrvbl.comandpressEnter. The sensor returns the portal name. See the following image for an example.Tō kaihautū ratonga url may be different based on your location. In your Secure Cloud Analytics portal, go to Settings > Sensors and scroll to the bottom of the page to find your service host url.
3. Takiuru atu i te pūoko.

Te Whirihora i tētahi Pūoko hei Kohi Raraunga Rere

• Ka hangaia e te pūoko ngā rekoata rere mai i te waka i runga i ōna atanga Ethernet mā te taunoa. E whakaaro ana tēnei whirihoranga taunoa kua honoa te pūoko ki tētahi tauranga SPAN, ki tētahi tauranga Ethernet whakaata rānei. Mena ka taea e ētahi atu taputapu i runga i tō whatunga te whakaputa rekoata rere, ka taea e koe te whirihora i te pūoko i roto i te web te atanga kaiwhakamahi o te tomokanga hei kohikohi i ngā rekoata rere mai i ēnei pūtake ka tuku atu ki te kapua.
• Mena ka whakaputahia e ngā taputapu whatunga ngā momo rere rerekē, me whirihora te pūoko kia kohia ia momo mā runga i tētahi tauranga UDP rerekē. Mā tēnei ka taea hoki te whakatau raruraru
  easier. By default, the local sensor firewall (iptables) has ports 2055/UDP, 4739/UDP, and 9995/UDP open. If you want to use additional UDP ports, you must configure them in
  te web tomokanga.

You can configure collection of the following flow types in the web portal UI:

• NetFlow v5 – Port 2055/UDP (open by default)
• NetFlow v9 – Port 9995/UDP (open by default)
• IPFIX – Port 4739/UDP (open by default)
•  sFlow – Tauranga 6343/UDP

Kua whakaratohia e mātou ngā tauranga taunoa, engari ka taea ēnei te whirihora ki ō tauranga e pai ana ki a koe i roto i te web atanga kaiwhakamahi o te tomokanga.

Certain network appliances must be selected in the web te atanga kaiwhakamahi o te tomokanga i mua i te mahi tika:

• Cisco Meraki – Tauranga 9998/UDP
• Cisco ASA – Tauranga 9997/UDP
• SonicWALL – Tauranga 9999/UDP

Meraki firmware version 14.50 aligns Meraki log export format with NetFlow format. If your Meraki device runs firmware version 14.50 or greater, configure your sensor with a Probe Type of NetFlow v9and a Source of Standard. If your Meraki device runs a firmware version older than 14.50, configure your sensor with a Probe Type of NetFlow v9and a Source of Meraki MX (below ver. 14.50).

Te Whirihora i ngā Pūoko mō te Kohinga Rere

1. Takiuru ki te Secure Cloud Analytics hei kaiwhakahaere.
2. Tīpakohia Tautuhinga > Pūoko.
3. Click the Settings drop-down menu for the sensor you added.
4. Kōwhiria te whirihora i te NetFlow/IPFIX.
   This option requires an up-to-date sensor version. If you do not see this option, select Help (?) > On-Prem Sensor Install to download a current version of the sensor ISO.
5. Pāwhiritia Tāpirihia he Pūtirotiro Hou.
6.  Kōwhiria he momo rere mai i te tahua taka-iho Momo Tirotiro.
7.  Whakauruhia he nama Tauranga.
   Ki te hiahia koe ki te tuku i te Enhanced NetFlow ki tō pūoko, kia mōhio koe kāore te tauranga UDP e whirihorahia ana e koe i te tauranga e whirihorahia ana mō te Flexible NetFlow, te IPFIX rānei i roto i tō whirihoranga pūoko. Hei tauiraampWhirihorahia te tauranga 2055/UDP mō te Enhanced NetFlow, me te tauranga 9995/UDP mō te Flexible NetFlow. Tirohia te Aratohu Whirihoranga mō te Enhanced NetFlow mō ētahi atu kōrero.
8. Kōwhiria he Kawa mai i te tahua taka-iho.
9.  Kōwhiria he Pūtake mai i te tahua taka-iho.
10.  Pāwhiritia Tiaki.

E 30 meneti pea te roa ka puta mai ngā whakahōutanga whirihoranga pūoko i roto i te tomokanga.

Raparongoā

Hopukia ngā Mōkihi mai i te Pūoko
I ētahi wā, me manatoko pea e te Tautoko Cisco ngā raraunga rere e whiwhihia ana e te pūoko. Ka tūtohu mātou kia mahia tēnei mā te whakaputa i tētahi hopunga mōkihi o ngā rere. Ka taea hoki e koe te whakatuwhera i te hopunga mōkihi i roto i te Wireshark hei whakahou.view nga raraunga.

1.  SSH ki roto i te pūoko hei kaiwhakahaere.
2.  I te tohu, patohia te sudo tcpdump -Dā, pēhi i te Enter hei view he rārangi o ngā atanga. Tuhia te ingoa o te atanga Mana o tō pūoko.
3. I te tohu, patohia te sudo tcpdump -i -n -c 100 “tauranga "-w" , whakakapi me tō ingoa atanga Mana, me te tau tauranga e rite ana ki ō raraunga rere kua whirihorahia, me me te ingoa mō te pcap i hangaia file, kātahi ka pēhi i te Enter. Ka whakaputa te pūnaha i tētahi pcap file me te ingoa kua tohua mō te rere o taua atanga, mā runga i te tauranga kua tohua.
4. Takiuru atu i tō pūoko.
5. Using an SFTP program, such as PuTTY SFTP (PSFTP), or WinSCP, log into the sensor.
6. I te tohu, patohia te "get" , whakakapi me tō pcap i hangaia file ingoa, ka pēhi i te Enter hei whakawhiti i te file ki tō teihana mahi ā-rohe.

Analyze the Packet Capture in Wireshark

1. Tikiake me te tāuta i te Wireshark, kātahi ka whakatuwhera i te Wireshark.
2. Tīpakohia File > Whakatuwheratia, kātahi ka tīpako i tō pcap file.
3. Tīpakohia Tātari > Wetewaehere Hei.
4. Click + to add a new rule.
5. Tīpakohia te CFLOW mai i te tahua taka-iho o nāianei, kātahi ka pāwhiri i te ĀE. Ka whakahōu te atanga kaiwhakamahi ki te whakaatu i ngā mōkihi e pā ana ki a NetFlow, IPFIX, sFlow rānei. Ki te kore he hua e puta mai, kāore te pcap i roto i ngā mōkihi e pā ana ki a NetFlow, ā, kua hē te whirihoranga o te kohinga raraunga rere i runga i te pūoko.

Rauemi Tāpiri

Mo etahi atu korero mo te Secure Cloud Analytics, tirohia enei e whai ake nei:

• https://www.cisco.com/c/en/us/products/security/stealthwatch-cloud/index.html mo te tianara ki rungaview
• https://www.cisco.com/c/en/us/support/security/stealthwatch-cloud/tsd-products-support-series-home.html mo nga rauemi tuhinga
• https://www.cisco.com/c/en/us/support/security/stealthwatch-cloud/products-installation-guides-list.html mo te whakaurunga me nga kaiarahi whirihoranga, tae atu ki te Aratohu Whakamahinga Tuatahi o te Kapua Kapua tātaritanga

Whakapā Tautoko
Mena kei te hiahia tautoko hangarau koe, mahia tetahi o enei e whai ake nei:

•  Whakapa atu ki to hoa Cisco rohe
• Whakapā Cisco Tautoko
• Hei whakatuwhera i tetahi keehi na web: http://www.cisco.com/c/en/us/support/index.html
• Hei whakatuwhera i tetahi keehi ma te imeera: tac@cisco.com
•  Mo te tautoko waea: 1-800-553-2447 (US)
• Mo nga nama tautoko o te ao: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

Huri Hītori

Putanga Tuhinga	Te Ra Whakaputa	Whakaahuatanga
1_0	Paenga-whāwhā 27,2022	Putanga tuatahi
1_1	Akuhata 1,2022	Te whakahou i ngā mōhiohio Tautoko Cisco.  Kua tāpirihia he tuhipoka mō ngā IP tūmatanui.
1_2	Hui-tanguru 17, 2023	Kua tāpirihia te wāhanga Whirihoranga Takawaenga.  Kua whakahoutia ngā tautuhinga pūoko Meraki.
1_3	Pipiri 21,2023	I whakatikahia tētahi hapa tuhituhi. Updated numbering for procedures.
1_4	Paenga-whāwhā 8, 2024	Kua whakahoutia te kupu whakataki i roto i te Pāpāho Pūoko Te whakaurunga me te Whirihoranga wāhanga. Ngā huringa hōputu iti.
1_5	Oketopa 30, 2024	Whakahoutia te Ngā Whakaritenga Whakauru Pūoko wahanga.
2_0	Hakihea 4, 2024	Kua whakahoutia te putanga pūoko, kua tāutahia he Pūoko wāhanga, Te Kimi me te Tāpiri i te Wāhitau IP Tūmatanui o te Pūoko ki te Tomokanga wāhanga, me Sensor Prerequisites wahanga.
2_1	Paenga-whāwhā 21, 2025	Kua tāpirihia te tuhipoka kōwhiringa whakaara VMware ki te Ngā Whakaritenga Tāpiri mō te Mīhini Mariko wahanga. Whakahoutia te Manually Add a Portal’s Service Key to a Pūoko wāhanga hei whakauru i ngā mōhiohio whirihoranga OBSRVBL_HOST.
2_2	Oketopa 17, 2025	I tangohia te herenga o Amerika Te Raki-anake mō te whakamana i te pūoko kia kōrero noa ki ngā wāhitau Cisco e mōhiotia ana.

Nga korero Mana pupuri

• Ko Cisco me te tohu Cisco he tohu tohu, he tohu rehita ranei na Cisco me ona hononga ranei i te US me etahi atu whenua. Ki view he rarangi o nga tohu tohu Cisco, haere ki tenei URL: https://www.cisco.com/go/trademarks. Ko nga tohu tohu-tuatoru kua whakahuahia ko nga rawa o ratou ake rangatira. Ko te whakamahi i te kupu hoa ehara i te mea he hononga hononga i waenga i a Cisco me etahi atu kamupene. (1721R)
• © 2025 Cisco Systems, Inc. me/ranei ona hononga. Pūmau te mana.

FAQ

Can the sensor collect IPv6 traffic?

Kāo, kāore te pūoko e tautoko i ngā waka IPv6.

Tuhinga / Rauemi

CISCO Secure Cloud Analytics Sensor [pdf] Aratohu Kaiwhakamahi Pūoko Tātari Kapua Haumaru, Pūoko Tātari Kapua, Pūoko Tātari, Pūoko

Tohutoro

• Pukapuka Kaiwhakamahi