Redeploying a Sensor

Role Availability Read-Only Investigator Analyst Manager

USM Anywhere enables you to redeploy a sensor when needed. If you redeploy a sensor, all the assets, AlienVault Agents, events, alarms, rules, and scheduler jobs are kept and linked to the new sensor. However, if you delete the sensor instead, you will lose all the information related to that sensor.

When a sensor is redeployed, the disk and memory states of the old sensor are discarded. Customer-specific configurations, stored on the sensor due to compliance constraints, are lost. Therefore, you must redo the following configurations after redeploying a sensor:

  • All the settings you have modified for the old sensor.

    You can find these settings by selecting Data Sources > Sensors and then your sensor. This includes the credentials to access your virtual environment and your Active Directory (AD) settings. See Sensors Page Overview for more information.

  • All the certificates you have uploaded for log forwarding, which can be Graylog, syslog, or NXLog.

    You can find these settings by selecting Data Sources > Sensors on the Sensor Apps tab. See Data Sources and Log Collection for more information.

  • Advanced AlienApps configurations you have entered, API Client connections, and keys.

    AlienApps operate through your chosen deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API originate from this sensor, so the sensor must have network access to the AlienApp API endpoints. This may require authentication via a key or certificate depending on the service provider. See Advanced AlienApps for more information.

To redeploy a sensor

  1. Go to Data Sources > Sensors to open the page.
  2. Click the icon of the sensor you want to redeploy.
  3. Click Delete this sensor and deploy a new one.

    A dialog box opens showing the authentication Process used to verify the identity of a user, user device, or other entity, usually through a username and password. code that you need for activating the new sensor. Copy the code for later usage.

  4. Deploy the sensor following the instructions in the Deployment Guide. Depending on the type of sensor, you must follow different instructions.

    Note: AT&T Cybersecurity recommends that you keep the same IP address as the old sensor to minimize reconfiguration efforts.

  5. Open a web browser, enter the IP address of the sensor, and connect the new sensor using the authentication code you have copied.

    This code instructs USM Anywhere to link the assets, AlienVault Agents, events, alarms, rules, and scheduler jobs on the old sensor to the new sensor.

  6. Configure your USM Anywhere Sensor following the steps in the Setup Wizard. See the Setup Wizard documentation for more information.
  7. Redo the relevant configurations discussed at the beginning of this section.
  8. Verify that the redeployed sensor can receive data from your network.

Related Video Content

To view other related training videos, click here.