Skip to content

IPS Sensor

Identify the IPS sensor

Identifying the IPS will be more or less easy depending on the way the IPS was installed.

Modo manager

In case the IPS has been installed in manager mode, we just need to verify that the sensor has been properly claimed:

IPS in manager mode claimed

IPS in manager mode claimed

Modo proxy

Unclaimed sensors

Unclaimed sensors

This menu can be displayed by clicking on it and we can see the list of sensors pending to be claimed by the manager.

IPS unclaimed

IPS unclaimed

The shield icon indicates that this sensor has been identified as an ips.

Please note...

The IP shown on the ips sensor corresponds to the management interface.

Reclaim the IPS sensor

As a name, the IPS is identified with a unique identifier of hexadecimal characters. It serves as a link to claim the sensor. Let's select the identifier:

UUID selection.

UUID selection

Copy by pressing CTRL + C, press 'Add Sensor' and 'Claim Sensor':

Action of claiming a sensor.

Action to claim a sensor

This will show us the following window:

Claim properties.

Claim properties

In the 'Name' field we introduce any name and in the 'UUID' field we paste the identifier that we copied previously. Once the fields are filled in, click Save. This will glue the IPS configuration. The web will show them with indicator in its properties.

Configuration and claim

Configuration and claiming

IPS sensor autoconfiguration

If we have access to a console on the machine itself, we can watch the installation process with the journal:

Print the setup logs
journalctl -u rb-register -f

Logs of the registry

Logs of the registry

At the end of the whole registration process, the sensor indicator will update its status as configured (green) in positive case, or failed (red) in negative case:

IPS configured

IPS configured