Configuring Sensor Profiles

You must have Root scope to use this feature.

Instead of configuring each sensor individually, you can configure sensor profiles to centralize settings. When you add a new sensor, you simply apply the profile to the sensor. Similarly, when you need to change a sensor configuration, you can change the profile instead of changing each sensor.

You can create as many profiles as you need. You can even clone an existing profile if you want to make small changes to an existing profile before applying it to other sensors.

Each sensor profile names a specific receiver. Although there is a default receiver, you should set up receivers before entering new profiles. See the Receivers configuration page for more information.

If you configure a packet receiver with a security sensor as the destination, and that sensor does not have a span port configured, that sensor will not ingest files (for malware and IDS analysis) from its own traffic. For the sensor to ingest files, you must do one of the following:

• Configure another security sensor to forward traffic to that one.
• Remove the receiver (if it's not being used).
• Point the receiver at another sensor.

Sensor Profile List

Select the System | Collection | Sensor Profiles option to display the Sensor Profile Configuration table listing the existing sensor profiles.

Each row represents a sensor profile. You can:

• Click Create to create a new sensor profile.
• Click to edit the sensor profile.
• Click to delete the sensor profile.
• Check one or more profile's boxes and use the Clone button to create copies of them for editing.

See the Tables page for more information on working with tables.

Cloning Sensor Profiles

You can clone sensor profiles by checking their boxes in the Sensor Profiles list and clicking the Clone button. By default, cloned sensor profiles are given the same name as the source profile plus a timestamp indicating the time when the profile was cloned – for example, if you clone Pluto, it might become Pluto (Tue Jun 21 2022 13:12:24).

The system handles clone names differently depending on whether you selected a single sensor profile for the clone or multiple:

• If you clone a single sensor profile, you can supply your own name for the cloned profile in the dialog box that appears. For example, in the illustration below, we've cloned the sensor profile named Pluto and given it the custom name of Saturn:

  

• If you elect to clone multiple sensor profiles, you cannot customize the names for the clones and must accept the defaults instead. For example:

  

Keep in mind that Sensor Profile names cannot be changed once the profile is created. Because of this, if you want to customize the names of your cloned sensor profiles, make sure to clone them one at a time rather than using the bulk clone feature.

You can only clone the profiles in the Sensor Profiles tab. The legacy profiles in the Aggregator Profiles (deprecated) tab cannot be cloned.

Adding or Editing Sensor Profiles

When you create a new sensor profile you can:

• Add a new standard sensor profile
• Add a new modular sensor profile