Network sensor
For XDR to process and correlate network traffic data you need to install and configure the Network sensor in your environment.
The Network Sensor is configured in TAP mode and gets a copy of the network traffic via a SPAN port. It can detect any type of device that communicates via IPv4 or IPv6 network protocols, regardless of whether the device is managed by Bitdefender or not. If there are any IoT devices on the network that communicate using those same protocols, the Network sensor will inspect that traffic as well.
To use the Network sensor you must meet the following requirements:
Hardware
The default configuration for the Network sensor virtual appliance requires 2 CPU and 2 GB RAM.
Memory | CPU | Processed throughput |
---|---|---|
2 GB | 2 x 2 GHz | 5 Gb |
2 GB | 2 x 1 GHz | 2.5 Gb |
2 GB | 2 x 0.5 GHz | 1 Gb |
Note
All results have been recorded with a Network probe, a client and a server inside a network. The client generates 12 GB traffic to the server. The PCAP drop is ~2-3% for all setups.
Network
For more information about configuring the SPAN/mirroring port, refer to the following pages: