Overview:
The Free version of the NetWatcher Cloud Endpoint offers a user a great way to get started with NetWatcher.
Once you install the NetAgent you get access to a secure VPN and the Sensor in the Cloud (other items are on the way as well, like File Integrity Monitoring and Log Analysis).
With your secure VPN you can feel comfortable sending information to the internet and having it encrypted. With the addition of Sensor-in-the-Cloud(TM) we take it a whole new level and offer you deep packet inspection and intrusion detection in the Cloud.
Installation:
Once you are approved for the beta you will receive the following email with instructions on how to activate your account:
Step 1: Activate Your Account
When you press the Activate link you will be taken to a page to set your password.
Step 2: Set your password.
Your user account is the email where the activation email was sent.
You will then be taken to the login page. Make sure you bookmark the page.
Step 3:
Login to the NetWatcher Customer Portal using your new password and the email address you used to register for the service.
Step 4: Phone Verification
We use the phone verification process for security purposes.
Check your cell phone for a text with an activation code and enter it here. If you need to change your phone number you can also do that here as well.
Step 5: The Dashboard
Once you verify your phone number you will be taken into a 3 step Tour that explains the NetAgent download process.
Now you are ready to download and install the NetAgent.
Step 6: Download
Press the 'Download NetAgent' button and install the NetAgent and its corresponding Module(s) (like Sensor-in-the-Cloud).
Step 7: Verify
Verify that the agent has installed by checking the SysTray
***The Next Step may take up to 10 minutes to complete***
Step 8: Refresh the page
Verify that the 'Sensor-in-the-Cloud' module and the 'SysTray' modules are dark blue.
Step 9: Test the solution
If you want to produce some activity locally you can easily create some events by clicking on the following:
Creates an event for: ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns.* domain
http://security-research.dyndns.org/pub/botnet-links.html
Creates an event for: ET POLICY Logmein.com /Join.me SSL Remote Control Access
Creates an event for: ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel
Creates an event for: ET INFO HTTP Request to a *.tc domain
You can then see them by going to the Advanced tab (1). Choose the Grouped view (2) and Apply Filter. Eventually you will see the Events (3) below show up. Remember Events get correlated on the back-end to create Alarms. None of these events warrant us creating Alarms with a severity of Low/Med/High. However, if you install Join.me and run it, you will see an informational Alarm appear.
Comments