AWS vSensor FAQs

Supported Regions for Vectra AWS vSensor Deployment

What should I do if the requested instance type is not supported in my region?

• Not every AWS region will have all Vectra supported instance types available. If you encounter this error, you may need to choose another supported instance type or region to deploy into. For additional information please see the following AWS documentation:

• https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-instancelaunchfailure.html#ts-as-instancelaunchfailure-3

What should I do if traffic mirroring is not available in my region?

• AWS may not have Traffic Mirroring available in every region. Please check at the below URL under Network Analysis to ensure traffic mirroring is available in the region of your choice:

• https://aws.amazon.com/vpc/pricing/

• If it is not available, you may need to work with a 3^rd party packet broker to direct traffic to your Vectra Sensor(s).

How do I create and manage my Amazon EC2 key pairs?

• Please refer to this AWS article for how to create and manage your Amazon EC2 key pairs:

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

How to I validate that my vSensor is deployed correctly?

• From the Vectra Brain, once the vSensor has been paired, the vSensor will show as Forwarding from the Configuration → COVERAGE → Data Sources → Network → Sensors page.

How do I update a deployed vSensor?

• vSensors are updated automatically from the Vectra Brain.

How do I repair a broken deployment?

• Please follow these steps:

  1. Delete the vSensor.

  2. Re-deploy using the AWS CloudFormation template.

  3. Validate that the vSensor is working as expected.

• If you continue to have issues, please contact Vectra Support for assistance.

How do I rotate my Amazon EC2 key pairs?

• Please refer to the "Add or replace a key pair for your instance" section of the following AWS article on managing Amazon EC2 key pairs:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

How do I manage my AWS Service limits?

• If you already have a number of resources deployed within your AWS footprint, then it's possible that during deployment you will encounter an AWS service limit. If you encounter such a limit, please refer to the following AWS document on how to request an increase to your service limits:

• https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html

How do I validate that traffic is being seen by my AWS Sensor?

• To see that packets are being receive by the traffic interface, use SSH to login to the CLI of the Sensor as the vectra user and use the show traffic stats command.

  • Some guidance was shared in the SSH Key Pair section.

  • Run the show traffic stats several times to see that packet counts are increasing.

• In the Vectra UI if you navigate to Network Stats → Ingested Traffic, you can see the traffic graph for your Sensor.

  • For this graph to display, there must be at least 1 Mbps of traffic being captured.

  • Once traffic capture begins, it will take a few minutes for this graph to be populated. Use the CLI of the Sensor as shown above to validate that packets are flowing first.

• Please see the following Vectra support article for recommendations on network traffic that should be examined and excluded from analysis:

  • Network Traffic Recommendations

• After sending traffic to your Sensors, it is a best practice to validate that the traffic observed meets quality standards required for accurate detection and processing. Vectra’s Enhanced Network Traffic Validation feature provides alarms and metrics that can be used to validate the quality of your traffic. Please see the following Vectra support article for details:

  • Traffic Validation (ENTV)

• Support portal: https://support.vectra.ai

• Email: [email protected] (preferred contact method)

• Additional information: https://www.vectra.ai/support