Add standalone appliance sensors¶
When Corelight-update is deploying content to appliance sensors, such as hardware and virtual sensors that are not Fleet-managed, it uses the sensor API to authenticate and deploy content to those sensors.
To configure a standalone appliance sensor in Corelight-update, you’ll require:
Network connectivity from the Corelight-update host to the sensor.
The IP address or FQDN of the sensor.
The sensor username and password.
The Corelight-update sensor inventory requires one entry for each sensor. You can remove any setting that’s not required for a specific sensor’s configuration.
sensors:
- name: # sensor name
type: # physical, virtual
fleet: false
ip: # address or fqdn
username: # sensor username
password: # leave blank to use encrypted password
encrypted_pass: # use the 'encrypt' CLI command to encrypt a password before it's stored here
suricata: true # push suricata rulesets to this sensor
intel: true # push intel files to this sensor
input: true # push input files to this sensor
bundle: true # push package bundle to this sensor
Fleet Managed Sensors
If a stanalone appliance sensor is later connected to Fleet Manager, you can remove it from the Corelight-update inventory, or you can set fleet: true
in the sensor inventory settings. This will cause Corelight-update to skip the sensor while it processes the rest of the policy inventory.