Warning: You are viewing an older version of this documentation. Most recent is here: 40.0.1

Probe Registration

Registering a Stamus Network Probe

Before registering a Stamus probe, you have to have a one time password for registration. To do so you need to connect to the probe and start sudo stamus_config on the probe. Then select Register probe. This will output a password that you will have to use in the interface.

On Stamus Central Server, click on Appliances major menu -> Select Add probe under Appliance handling form the left hand side menu. Make sure the Type selected is Stamus Probe (default). Enter Name, Description, select a ruleset or template, type in the probes management IP address, select probes type, enter one time password obtained via stamus_config -> click on the button Submit.

Register a Stamus Network Probe via SSL VPN

Before registering a Stamus probe, you have to have a one time password for registration. To do so you need to connect to the probe and start sudo stamus_config on the probe.

A Stamus probe can be registered via SSL VPN as well with the benefit of being able to traverse firewalls/routers without the need to make configurational changes on those.

In order to use VPN on probes, you first need to enable VPN for probes: from the drop down menu on the left upper side corner(Stamus Networks logo), click on Appliances Global Settings -> go to the VPN tab and select the checkbox Enable VPN network for probes. In the Listening Port drop down, you can choose between enabling UDP and TCP ports. Note that using port 443/TCP breaks the IP address logging of connections to SCS.

NOTE: You need to enable listening to port 443/TCP if you want to configure and apply VPN proxy settings on a probe.

After enabling VPN network for probes, on Stamus Central Server, click on Appliances major menu -> Select Add probe under Appliance handling form the left hand side menu. Make sure the Type selected is Stamus Probe (default). Enter Name, Description, select a ruleset or template, select Establish a VPN-> click on the button Submit.

After the task is finished the VPN certificate can be downloaded from the detailed view page of the probe. Click on Appliances major menu -> select the probe, click on View (right corner), click on VPN certificate under Action on the left hand side panel and download the certificate.

Copy the certificate over to the Stamus probe under /home/snuser (or any folder of choice). Log in to the Stamus probe (using the one time password) , elevate as root sudo -i. Import and set up the VPN certificate - example: stamus_vpn_register /home/snuser/vpn-conf-SNProbe1.tar.gz. Upon successful completion the probe should now be registered with Stamus Central Server.

Enable VPN proxy on Network Probes

To enable VPN proxy on a Probe, you have to add/register a Stamus Probe via SSL VPN and enable it on port 443. In order to configure the proxy settings, click on Appliances major menu -> select a probe -> click on the drop down button on the right side of the View button -> select Edit probe. On the Appliance edition page -> go to VPN tab -> select checkbox Connect through a proxy when VPN is enabled on port 443.

In the VPN tab, you can configure the IP address and port of the proxy, the vpn proxy username and password, and also choose between three options of vpn proxy authentication:

  • None

  • Basic

  • NTLM - ‘NTLM Authorization Proxy Server’ (APS) is a proxy software that allows you to authenticate via an MS Proxy Server using the proprietary NTLM protocol

NOTE: You need to have at least one interface prior to submitting proxy configuration.

In the Appliance edition page -> go to Interfaces tab in order to add a new interface or choose between existing.

NOTE: Once you configure the VPN proxy settings, you have to recreate the VPN certificate and register the Probe.

After you have configured and submitted the VPN proxy settings, in the Action panel -> click on VPN certificate -> in Advanced panel -> click on Regenerate certificate. When the task is finished you need to register the probe with the new certificate.

Finish registration of a Stamus Probe

The Stamus probe name has to be chosen carefully, it must follow the guideline of a DNS hostname. And it will be used as an identifier to get access to the logs.

NOTE: A name must not be included in another name to avoid potential conflicts during log fetching.

You can select a template to link the probe to or a ruleset to use with the probe. For more information on template see Probe Templates.

Once the registration task is complete in the detailed probe page click on Edit settings under the Action tab on the left hand side panel. Please confirm the settings especially in terms of protocol and interfaces enabled. Click Submit if changes are made.

Once the registration task is complete to enforce and activate the changes/editions made - in the detailed probe page click on Apply changes under the Pending modifications section on the left hand side panel. You will be presented with a choice to schedule the action or apply immediately.

Stamus appliances/probes are fully managed using Stamus Central Server. For Suricata sensors only the ruleset and log shipping is managed. A Suricata sensor can be any linux distribution that runs Suricata as a service. Please see Register a Suricata Sensor.

Remove/delete a probe

To completely remove or delete a probe from SCS click on Appliances major menu -> Select the desired probe - as available under name form the Stamus Probes list. In the left menu side select sub menu Delete under the Action menu. Click on delete the appliance button.