This topic describes how to configure AutoDiscovery sensors and subnets, which define which traffic is collected from your network.
Define an AutoDiscovery sensor
This procedure describes how to define an AutoDiscovery sensor to discover your traffic.
Note: We recommend using the default sensor installed together with the AutoDiscovery server. Depending on your system configuration, you may need additional sensors. For more details, see Install AutoDiscovery.
Do the following:
-
In AutoDiscovery, click the Sensors tab, and click New.
-
In the Define new sensor dialog, define your sensor as follows:
Host Name
Enter the sensor host name or IP address.
Sensor Name
Enter a display name for your sensor.
Network Sensor Port
If you are using a port other than the default port configured, enter the port number.
The default port is 9545.
Use SSL
Select to enable SSL-encrypted communication between the AutoDiscovery server and sensor.
Note: This is relevant only if you have additional sensors installed separately. If selected, you must additionally configure SSL-encrypted communication on the sensor.
-
(Optional): Enable Sampling Mode for your sensor.
This configures your sensor to capture only a sample of the traffic detected and can reduce pressure on the sensor.
Note: Enabling Sampling Mode also disables SSL Certificate collection, IP flow collection, and may affect the detection of HTTP titles.
Do the following:
- Open the /opt/autodiscovery/networksensor/NetworkSensor.cfg sensor configuration file.
-
In the NetworkSensor.cfg file, locate the capture_sampling_rate parameter.
Define the value as <x>, where the sensor analyzes 1 out of every <x> packets.
Configure an AutoDiscovery subnet
Configure an AutoDiscovery subnet to ignore irrelevant endpoints/traffic and enable your system to focus on relevant data only.
By default, sensors only discover traffic that resides in the common internal networks, such as 192.168.x.x.
Note: Each time a new local network sensor is defined, the subnet that it belongs to is added to the list of subnets.
In this case, the subnet name will include the location (IP address) of the network sensor.
Do the following:
-
In AutoDiscovery, select the Configuration > Subnet Management > Subnets.
-
On the Subnets page, do one of the following:
Add a new subnet Click New. In the Create or Edit Subnet dialog, enter the subnet values as needed.
Edit or delete an existing subnet Click Edit or Delete in the row of the relevant subnet. Delete multiple subnets Select the subnets you want to delete and click Delete. Subnet fields include the follwing:
Name
Enter the subnet name.
Subnet (CIDR)
Enter the subnet mask in CIDR format.
Inspect Traffic
Select to enable traffic inspection. This includes HTTP transaction (URL) discovery and DNS resolution for servers in the subnet.
Clear this option to disable traffic inspection.
Note: This option is only relevant when editing a subnet, not adding a new one.
Group
(Optional) Select a group for the subnet in the drop-down menu.
Yes 
No 
