Views:

Learn how to deploy your own Virtual Network Sensor with Microsoft Hyper-V.

Virtual Network Sensor is a lightweight network sensor that scans your network activity and feeds network activity data to TrendAI Vision One™ and allows you to discover unmanaged assets and gain a holistic view of your attack surface. Before using the features of Network Security, you need to set up your Virtual Network Sensor and connect your sensor to TrendAI Vision One™.
Before deploying the Virtual Network Sensor, make sure you complete the following:
  • Review the Virtual Network Sensor system requirements and ensure that you have adequate system resources.
  • Add the Virtual Network Sensor firewall exceptions to your firewall settings.
  • Prepare the following resources:
    • Sufficient privileges (administrator) to execute the PowerShell script successfully
    • Hyper-V environment for hosting a virtual appliance (at least 8 GB RAM, 2 virtual CPUs, and 50 GB of disk space)
    • The host CPU should provide instruction sets which satisfy x86-64-v2 microarchitecture levels, including the following instruction sets:
      • Streaming SIMD Extensions 4.2 (SSE4.2)
      • Supplemental Streaming SIMD Extensions 3 (SSSE3)
      • POPCNT
      • CMPXCHG16B
    • The destination folder for the Virtual Network Sensor instance (which may require administrator permission for access)
    • Virtual switch for the management port
    • Virtual switch for the data port
    • Software requirements: Hyper-V role

Procedure

  1. In the TrendAI Vision One™ console, go to Network SecurityNetwork InventoryVirtual Network Sensor.
  2. Click Deploy Virtual Network Sensor.
    The Virtual Network Sensor Deployment panel appears.
  3. Select Microsoft Hyper-V for the platform.
  4. Select the Connection method.
    • Direct connection: the Virtual Network Sensor connects to TrendAI Vision One™ directly. Make sure the Virtual Network Sensor is able to connect to the internet when using this configuration.
    • Connect using a custom proxy: the Virtual Network Sensor connects to TrendAI Vision One™ through a third-party proxy. After choosing this method, configure the following fields:
      • Proxy address: Specify the IP address of the proxy.
      • Proxy port: Specify the connecting port of the proxy.
      • Proxy server requires authentication: (Optional) Select if the proxy requires authentication credentials.
      • User name: Specify the user name for the proxy credentials.
      • Password: Specify the password for the proxy credentials.
    • Connect using a Service Gateway as proxy: the Virtual Network Sensor connects to TrendAI Vision One™ through a Service Gateway. Select a Service Gateway to use for this method.
      The Virtual Network Sensor must be able to connect to a Service Gateway with the Forward Proxy Service configured and enabled. For more information, see Manage services in Service Gateway.
  5. Click Download Disk Image.
  6. Extract the installation package zip file.
  7. Run the PowerShell CLI.
  8. Type the command [path]\VirtualNetworkSensor_hyperv_image.[version]\.
    Replace [path] with the file path location and [version] with the sensor version.
    For example, if you extracted version 1.0.12 to your desktop, type the command:
    C:\Users\[user]\Desktop\VirtualNetworkSensor_hyperv_image.1.0.12\
  9. Type the command .\vns_deploy.ps1 to run the Virtual Network Sensor setup.
    The Virtual Network Sensor setup dialog appears.
  10. On the Deployment Overview screen, review the steps and click OK to begin configuring the deployment.
  11. Select a preset deployment configuration you want to use based on your expected throughput requirements, then click OK.
  12. Specify the location to store the Virtual Network Sensor on the host machine, then click OK.
  13. Select a virtual switch for the management port and click OK.
  14. Select a virtual switch for the data port and click OK.
  15. Set the administrator password.
    The password must contain:
    • 12 to 32 characters
    • At least one uppercase letter (A-Z)
    • At least one lowercase letter (a-z)
    • At least one number (0-9)
    • At least one special character: ~!`@#$%^&*()/_+=[]{}-\|<>',.?:;"
  16. Click OK.
  17. Review the configuration, and click OK to create the instance.
    The script creates the instance automatically. The process might take a few minutes to complete. When finished, PowerShell displays MAIN: All tasks completed!
  18. After creation finishes, go to the Hyper-V Manager.
  19. Power on the Virtual Network Sensor.
    Your Virtual Network Sensor finishes setting up and automatically connects to Network Inventory.
  20. To confirm that your Virtual Network Sensor has successfully deployed, access the TrendAI Vision One™ and go to Network SecurityNetwork InventoryVirtual Network Sensor to view information about your deployed Virtual Network Sensor.
    If the Virtual Network Sensor does not appear in Network Inventory after deployment, verify the following settings:
    • Network settings (NIC/vNIC setting and order)
    • Firewall settings
    • Proxy settings if using a proxy
    • Review the Virtual Network Sensor FAQ to verify and test the connection
Related information