Install a Modular Sensor in Hyper-V
Hyper-V
When you install a modular sensor in a
Hyper-V
environment, you need to create a virtual switch with a physical network interface that supports promiscuous mode. Promiscuous mode allows the sensor to monitor all traffic. During the setup, you will specify the number of cores, the amount of memory, and disable processor compatibility mode. - Review the Modular Sensor requirements.
- Download theHyper-Vvirtual disk image.
- In theHyper-Vmanager, in the right pane, clickVirtual Switch Manager.
- In the left pane, under theVirtual Switchessection, clickNew virtual network switch.
- SelectExternal.
- ClickCreate Virtual Switch.A switch is created and listed in the Virtual Switches section.
- In the left pane, under theVirtual Switchessection, select the switch that was created in the previous step.
- Type a name for the switch and make note of it.
- In theConnection Typesection, selectExternal networkand the appropriate network interface to connect to external networks.
- ClickOK.
- OpenWindows PowerShelland use the following commands to set promiscuous mode.
- $a = Get-VMSystemSwitchExtensionPortFeature -FeatureId 776e0ba7-94a1-41c8-8f28-951f524251b5
- $a.SettingData.MonitorMode = 2
- add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName<name of the switch>-VMSwitchExtensionFeature $a
Replace<name of the switch>with the name you set in the previous step. - In theHyper-Vmanager, in theActionmenu, clickNew > Virtual Machine.
- Specify a name for the new sensor. It is recommended to use a site naming convention so that the type of sensor can be easily identified by its name.
- Click Next.
- SelectGeneration 1for the generation type. The guest operating system is a 64-bit OS, so you can select "Generation 1".
- Specify the amount of memory (in megabytes) to assign to the VM.It is recommended that you assign at least 1.5 times the number of CPU cores for the memory in gigabytes. For example, if you plan to use 8 virtual cores, assign 12 GB of RAM (8 * 1.5 = 12). You can adjust the number of cores at a later step.
- Configure the Management network interface. You can either enter a static IP or configure using a DHCP server. This is the interface that will be used for the sensor to send its Interflow data records to the data processor.S
- SelectUse an existing virtual hard diskto attach the virtual disk image that you downloaded. You need to specify its location.
- ClickFinish.In theHyper-Vmanager, the virtual machine that you created is listed.
- Select the virtual machine in the list.
- In the right pane, clickSettings.
- In the left pane, clickProcessor.
- Specify the number of virtual cores for this VM.
- ClickApply.
- In the left pane, expand the processor entry and selectCompatibility.
- Ensure that theMigrate to a physical computer with a different processor versionoption is disabled.
- ClickOK.
- Do the following to set a static IP address for the Modular Sensor and apply the token to associate it withCylanceMDR:
- Open the VM for your Modular Sensor. A command line appears.
- Enter your login information. The default username/password is aella/changeme. You are prompted to change the password immediately.
- Set a static IP address for the modular sensor using the following commands:
- set interface management ip <ip_address>
- set interface management gateway <gateway_ip_address>
- set interface management dns <dns_ip_address>
- Enterset token string <token>, where<token>is the token provided by theCylanceMDRonboarding team.The message "Sensor token is successfully set" appears.
- To verify the connection withCylanceMDRuse the following commands:
- show interface
- show cm
- show version
- TheCylanceMDRonboarding team completes the configuration for yourCylanceMDRtenant to receive logs from your Modular Sensor.