Sensors transfer metadata from the host in your on-premise deployment to the NetWitness Detect AI for analysis and investigation. Sensors also transfer alerts generated in NetWitness Detect AI to your on-premise NetWitness Platform Respond server for incident management. RSA NetWitness Detect AI uses Cloud Link service as the sensor that you must install and register on your on-premise host. Once the devices are registered, information from the Log Decoders are transferred to RSA NetWitness Detect AI and the results are sent back to the on-premise NetWitness Platform in the form of alerts.
Perform the following steps in the specific order to configure NetWitness Detect AI sensor:
|1.||Review the prerequisites, and ensure that your system meets the expected requirements before installing Cloud Link Service.||What are the planning considerations for the Cloud Link Service|
|2.||Install Cloud Link Service on Log Decoder, Log Hybrid, Endpoint Log Hybrid, or the Log Hybrid Retention host.||How to install Cloud Link Service|
|3.||Download the Activation Package.||How to download the Activation Package|
|4.||Register the Cloud Link Service, copy the activation package to the Cloud Link Service directory, and configure the required permissions.||How to register the Cloud Link Service|
|5.||Verify if the Cloud Link service is successfully registered by viewing the status in the NetWitness Platform Sensor List on the cloud.||How to verify if the Cloud Link Service is working|
|6.||Configure the Detect AI data transfer to view Detect AI data on your NetWitness Platform user interface.||How to transfer Detect AI data to RSA NetWitness Platform|
|7.||Monitor the health of sensors that are configured in the devices.||How to monitor the health of the Cloud Link Service|
|8.||Remove one or more devices that are configured within RSA NetWitness Detect AI**.||How to Delete Cloud Link Service|
** Removing a sensor from the NetWitness Detect AI interface will not interfere with typical RSA NetWitness Platform capture and processing. It will only stop the streaming of collected data from on-premise devices.