1 00:00:07,660 --> 00:00:12,960 All right, now that we have set up and ready to go, it's time to jump in to. 2 00:00:13,920 --> 00:00:15,320 So we love to paint. 3 00:00:15,690 --> 00:00:21,390 I can click something and it's going to take me to a set up whether I click on Dashboard to start. 4 00:00:22,380 --> 00:00:22,650 All right. 5 00:00:22,650 --> 00:00:29,550 So they hit us with the licensing lawyer lingo legally stuff the end user license agreement. 6 00:00:29,560 --> 00:00:34,920 You should read through this, but I'm just going to go to the bottom and I'm going to say, yes, let's 7 00:00:34,920 --> 00:00:35,190 go. 8 00:00:36,540 --> 00:00:36,860 All right. 9 00:00:36,870 --> 00:00:39,450 So this part, it's just doing the hardware check into. 10 00:00:39,450 --> 00:00:41,610 The main thing it's looking for is your memory. 11 00:00:41,940 --> 00:00:46,770 You remember when you sense that you need at least eight gigabytes of RAM apportioned to your open sense 12 00:00:46,860 --> 00:00:47,490 virtual machine. 13 00:00:48,180 --> 00:00:48,540 All right. 14 00:00:48,550 --> 00:00:49,290 So we're good there. 15 00:00:49,470 --> 00:00:50,780 The CPU, we've got it. 16 00:00:51,430 --> 00:00:52,410 Amber checkmark. 17 00:00:52,680 --> 00:00:54,720 As long as it's not an X, we're good to go. 18 00:00:55,080 --> 00:00:58,200 So we're going to click next and she's going to move us through this list of tabs. 19 00:00:58,740 --> 00:01:01,650 So we're going to install a local Mongo DB. 20 00:01:02,670 --> 00:01:03,930 Database, which is kind of. 21 00:01:04,830 --> 00:01:09,510 Redundant because DB stands for database, but anyway, I've got an install that. 22 00:01:10,390 --> 00:01:13,540 I'm going to let this rock come back once it finishes. 23 00:01:14,720 --> 00:01:19,480 All right, that took about five minutes, a solid five minutes. 24 00:01:20,050 --> 00:01:21,010 So I'm going to click next. 25 00:01:21,820 --> 00:01:25,750 And for the interface, we're going to leave the deployment mode to routed mode. 26 00:01:27,080 --> 00:01:29,180 And then we're going to add this interface. 27 00:01:30,520 --> 00:01:31,030 Now. 28 00:01:31,970 --> 00:01:39,050 This only works because if you go to where is it, I don't want to leave the screen, but earlier in 29 00:01:39,050 --> 00:01:43,370 the earlier lectures, I told you, when you're setting up Surakarta, when you're actually setting 30 00:01:43,370 --> 00:01:50,390 up the firewall and the intrusion detection set piece, you only want to enable one interface. 31 00:01:50,390 --> 00:01:51,290 You don't want to enable both. 32 00:01:51,290 --> 00:01:53,900 If you enable both, then you can't run since. 33 00:01:53,980 --> 00:01:56,720 And it actually gives you an error message telling you you need to disable one of them. 34 00:01:57,770 --> 00:02:02,230 I hope that's not too confusing if it is, just go back to it's two or three lectures back when we talk 35 00:02:02,230 --> 00:02:05,620 about configuring Sakata and the intrusion detection piece. 36 00:02:06,550 --> 00:02:06,760 All right. 37 00:02:06,790 --> 00:02:07,630 So we should be good there. 38 00:02:07,870 --> 00:02:08,710 We're going to click next. 39 00:02:10,310 --> 00:02:17,270 And this is a cloud reputation servers that we can use, so basically the nice thing about Sensa is 40 00:02:17,270 --> 00:02:19,700 it's like a poor man's Palo Alto network firewall, right? 41 00:02:19,700 --> 00:02:25,460 So it can go out and look at the cloud, a reputation for, you know, any other URLs that are being 42 00:02:25,460 --> 00:02:26,680 accessed in your environment. 43 00:02:26,720 --> 00:02:29,090 And if it has a negative reputation, it can deny access. 44 00:02:29,720 --> 00:02:30,380 That's pretty cool. 45 00:02:31,070 --> 00:02:34,610 The local domain name to exclude from cloud queries would be Kalvin. 46 00:02:35,210 --> 00:02:36,530 Like that local. 47 00:02:38,090 --> 00:02:40,370 Right, that looks good, next. 48 00:02:42,590 --> 00:02:43,670 Right to health check is good. 49 00:02:44,810 --> 00:02:49,040 Like green deployment, science is going to be home for me. 50 00:02:49,310 --> 00:02:51,840 I have a maximum of 15 devices and slap right? 51 00:02:52,250 --> 00:02:53,200 Not even that much. 52 00:02:53,630 --> 00:02:54,110 We're done. 53 00:02:54,140 --> 00:02:55,450 I don't need to put my email address in. 54 00:02:55,460 --> 00:02:57,950 I don't like spam, so I'm going to click finish. 55 00:03:01,140 --> 00:03:02,700 All right, let's hit refresh. 56 00:03:08,290 --> 00:03:11,320 All right, so we're not going to purchase the subscription and we're just going to do this on the cheap, 57 00:03:12,190 --> 00:03:15,760 although there is a premium option, if you wanted that, I'm not going to dismiss here. 58 00:03:16,780 --> 00:03:18,190 And I'm going to dismiss this one as well. 59 00:03:19,470 --> 00:03:25,680 And this one and if you scroll down, you can see we've got the sense packet engine and maggoty be right 60 00:03:25,680 --> 00:03:27,810 in the cloud and it's actually stopped. 61 00:03:28,020 --> 00:03:28,820 But here's the thing, right? 62 00:03:29,400 --> 00:03:33,180 You can actually put this thing in bypass mode and this is what you might want to do when you're running 63 00:03:33,180 --> 00:03:34,680 a red team engagement to get your lap. 64 00:03:34,960 --> 00:03:39,340 That way, you can see what would have been blocked by a blue team in your infrastructure. 65 00:03:39,430 --> 00:03:40,140 So that's kind of cool. 66 00:03:41,150 --> 00:03:42,220 So we'll leave that stopped. 67 00:03:42,860 --> 00:03:46,370 The key thing I want to show you right here is reports to when we go into reports, there's a lot of 68 00:03:46,700 --> 00:03:47,330 U.S. goodness. 69 00:03:47,330 --> 00:03:48,980 And, you know, I love this screen. 70 00:03:50,080 --> 00:03:53,680 There's a couple of spins, like a reports and policies, but let's think of reports first. 71 00:03:55,220 --> 00:03:56,870 All right, so first we look at Hildur. 72 00:03:57,800 --> 00:04:01,850 You can filter by all these different categories, right, so you can look at HTP version and you can 73 00:04:01,850 --> 00:04:06,960 filter by a specific DNS query or a operating system, right. 74 00:04:07,790 --> 00:04:12,680 The user agent stream, you know, maybe, you know, all your endpoints are using Windows 10 and you 75 00:04:12,680 --> 00:04:13,820 can search for user industry. 76 00:04:13,820 --> 00:04:16,180 That's not Windows 10 to find something bad. 77 00:04:16,190 --> 00:04:18,700 And even applications you can look for rogue applications. 78 00:04:18,710 --> 00:04:19,040 Right. 79 00:04:19,890 --> 00:04:20,870 That equals equals. 80 00:04:20,870 --> 00:04:22,670 And you have some logic you can put there. 81 00:04:22,850 --> 00:04:24,680 But these built-In dashboards are really sweet. 82 00:04:25,170 --> 00:04:29,660 So you get app categories, breakdown by the different applications in your environment, top local 83 00:04:29,660 --> 00:04:33,440 hosts, top remote hosts, top egressed users. 84 00:04:33,450 --> 00:04:34,880 And right now there's not a lot of traffic here. 85 00:04:35,920 --> 00:04:43,860 Because we just did it up, but one of my favorite things to look at here is down here, OK? 86 00:04:44,170 --> 00:04:50,560 Yeah, I like the top destination location because obviously if you're communicating with a server in 87 00:04:50,560 --> 00:04:53,470 a country that you typically don't do business with, that could be a concern. 88 00:04:54,220 --> 00:04:56,470 The Egressed new connections heat map is kind of nice. 89 00:04:57,860 --> 00:05:02,510 And then you can see a list of all the apps, right, so we've got Microsoft Defender, which is normal, 90 00:05:02,510 --> 00:05:02,690 right? 91 00:05:02,690 --> 00:05:07,020 But if you see an app in here that does not look normal, then that would be cause for concern. 92 00:05:07,110 --> 00:05:11,810 YouTube, you know, this is all legit stuff because we just fired up our lab in the top reports. 93 00:05:11,810 --> 00:05:12,050 Right. 94 00:05:12,590 --> 00:05:17,030 We saw like four four four five or nine thousand one or one three three seven. 95 00:05:17,470 --> 00:05:19,880 You probably got a show on your network somewhere and you've been hacked. 96 00:05:21,080 --> 00:05:24,680 So is it even a table of the remote hosts? 97 00:05:25,670 --> 00:05:27,200 You can see the number of bytes that were sent out. 98 00:05:27,860 --> 00:05:31,670 The cool thing here, I don't keep saying the cool thing is so many things, but you can actually look 99 00:05:31,670 --> 00:05:32,480 at the live sessions. 100 00:05:32,840 --> 00:05:33,980 You go to live session explorer. 101 00:05:34,640 --> 00:05:38,930 You can see the sessions as they go out and you can actually set the refresh in a role that you can 102 00:05:38,930 --> 00:05:42,860 search by different things like the source IP or whatever. 103 00:05:43,280 --> 00:05:45,020 You know, it's a nice little graph. 104 00:05:45,020 --> 00:05:50,170 So if you don't want to set up Splunk, you could just do all the work in this dashboard and you could 105 00:05:50,180 --> 00:05:51,040 be very productive. 106 00:05:53,770 --> 00:05:55,780 I mean, as you can see, you can filter by all this stuff. 107 00:05:56,410 --> 00:05:57,130 It's crazy, right? 108 00:05:57,880 --> 00:06:00,130 I can take my refreshing well, you know. 109 00:06:00,980 --> 00:06:05,050 Of course, it's going to put a bigger load on your system to lower the refreshing level, but that's 110 00:06:05,050 --> 00:06:05,410 kind of cool. 111 00:06:05,420 --> 00:06:07,330 You can also search for different things inside this box. 112 00:06:08,200 --> 00:06:09,790 You can choose which columns you want to see. 113 00:06:09,850 --> 00:06:10,840 I mean, look at all these columns. 114 00:06:11,140 --> 00:06:12,410 It's bonkers, right? 115 00:06:12,460 --> 00:06:15,450 I mean, it's just absolutely amazing, all the information you can get in here. 116 00:06:16,160 --> 00:06:17,200 See if we can close this out. 117 00:06:17,590 --> 00:06:18,350 That's pretty cool. 118 00:06:18,350 --> 00:06:19,570 Then you can go through threats. 119 00:06:21,100 --> 00:06:24,400 You know, again, you know, just really explore this now we have no threats detected, but you should 120 00:06:24,400 --> 00:06:28,210 see, you know, when you start running attacks against your environment, if any of the attacks are 121 00:06:28,210 --> 00:06:28,840 detected here. 122 00:06:29,020 --> 00:06:31,240 Right, then you can try to find ways to bypass it. 123 00:06:31,990 --> 00:06:33,730 You can look at all the traffic that's been blocked. 124 00:06:35,320 --> 00:06:39,010 You can also look at the live blog sections, explore so you can see live blocks out there happening. 125 00:06:39,570 --> 00:06:43,320 I mean, this is a fully functional Next-Generation Firewall, guys. 126 00:06:43,330 --> 00:06:45,970 I mean, it is really impressive. 127 00:06:46,720 --> 00:06:50,860 So you have the hardware to set up since I strongly suggest that you set this up in your environment. 128 00:06:51,650 --> 00:06:56,140 I mean, look, you can look at DNS query distributions if you see any anomalous queries or queries 129 00:06:56,140 --> 00:07:00,160 to a location that you typically don't visit, maybe they're at the long end of the graph. 130 00:07:00,160 --> 00:07:04,390 Then you can now look into that other thing that's really interesting at the policies. 131 00:07:05,080 --> 00:07:07,660 So we typically there's one thing we do want to enable here. 132 00:07:07,930 --> 00:07:09,670 I want to enable and if the malware piece. 133 00:07:10,630 --> 00:07:14,170 So when you go into the policy section, you can look at this policy here. 134 00:07:14,170 --> 00:07:15,010 You click actions. 135 00:07:16,910 --> 00:07:21,830 And you can see right now essential security is disabled, so I'm going to enable block malware, block 136 00:07:21,830 --> 00:07:27,890 phishing servers, block spam sites, block hacking sites, right block park domains, all this stuff 137 00:07:28,520 --> 00:07:29,360 is getting enabled. 138 00:07:30,740 --> 00:07:33,660 They've got some advanced functionality on the right side, but you can't enable that for free. 139 00:07:33,680 --> 00:07:35,150 You need a premium subscription for that. 140 00:07:35,600 --> 00:07:39,890 But you can see all the stuff that you could do if you paid extra, which just kind of cool, say these 141 00:07:39,890 --> 00:07:40,340 changes. 142 00:07:42,930 --> 00:07:46,060 Finally in app control, well, not really. 143 00:07:46,080 --> 00:07:47,760 Finally, but you can actually. 144 00:07:48,760 --> 00:07:55,190 See, all different applications we go, all the different applications that you're able to detect and 145 00:07:55,270 --> 00:07:58,120 these are all subfolder, so these are grouped into smaller folders in here. 146 00:07:59,040 --> 00:08:00,940 Because a lot of intelligence of different apps, right? 147 00:08:00,960 --> 00:08:05,490 You've got Cisco, WebEx, Zoom, you know, Microsoft team. 148 00:08:05,520 --> 00:08:09,590 These are things that you can actually block and detect and respond to, which is really, really nice 149 00:08:09,600 --> 00:08:11,900 in each of these folders, has even more apps contained inside of them. 150 00:08:13,140 --> 00:08:16,680 And then the web controls right now are set to permissive, if you want to go custom, you need to pay 151 00:08:16,680 --> 00:08:17,100 for that. 152 00:08:17,790 --> 00:08:19,920 That's a premium option, but you can change it to moderate. 153 00:08:20,100 --> 00:08:23,700 You just want to block like adult sites, advertisements, things like that. 154 00:08:24,270 --> 00:08:28,070 And then you can even send it to high control blocking your right. 155 00:08:28,460 --> 00:08:29,990 So very, very capable product. 156 00:08:30,010 --> 00:08:33,600 I hope you guys see the utility of Sensa in the next lecture. 157 00:08:33,610 --> 00:08:36,910 We're going to instrumented our clients with this fourth quarter. 158 00:08:37,380 --> 00:08:40,410 Don't worry, we're going to get to the point of setting up a router, but we need to at least get a 159 00:08:40,410 --> 00:08:42,540 square on the box and get it partially set up. 160 00:08:42,990 --> 00:08:44,500 So I'll see you guys the next election.