Gigamon ThreatInsight Sensor

Gigamon ThreatINSIGHT is a SaaS-based network security monitoring platform built with the ability to detect, respond, and investigate network-based threats. ThreatINSIGHT has the following key features:

Rapid threat-hunting support with rich metadata search of supported protocols
Powerful visualization tools for tracking the different aspects of your network
Automated threat-detections built with alerting functionality

For more information about Gigamon ThreatINSIGHT, refer to the ThreatINSIGHT Portal Guides. To access the Portal Guides, log in to Gigamon ThreatINSIGHT, and then go to Help > Portal Guides.

The Gigamon ThreatINSIGHT Sensor that is deployed on the GigaVUE-HC1 SMT-HC1-S module using GigaVUE-FM, provides single, integrated security solution for threat-detection.

Rules and Notes

Keep in mind the following rules and notes before you deploy Gigamon ThreatINSIGHT on the SMT-HC1-S module:

You can attach only one ThreatINSIGHT sensor to a GigaSMART engine.
You cannot enable other GigaSMART operations on the GigaSMART engine to which the ThreatINSIGHT sensor is attached.
You cannot delete a virtual port that is attached to the GigaSMART engine on which the ThreatINSIGHT sensor is provisioned.
If you delete the ThreatINSIGHT sensor tool from GigaVUE-FM, the ThreatINSIGHT sensor statistics are cleared from GigaVUE-FM and the GigaVUE-HC1 device. You must re-provision the ThreatINSIGHT sensor tool in GigaVUE-FM using a new provision code from the Gigamon ThreatINSIGHT Customer Portal.

Work With Gigamon ThreatInsight Sensor—A Roadmap

Perform the following tasks to deploy the ThreatINSIGHT sensor and monitor the traffic flow:

Step

Task

Refer to

1.

Deploy Gigamon ThreatINSIGHT sensor as a tool on the SMT-HC1-S module of GigaVUE‑HC1.

Get Started With Gigamon ThreatInsight Sensor Deployment

2.

Configure either a classic map or a Fabric map to filter and forward the traffic. Before you proceed with map configurations, ensure that the status of the ThreatINSIGHT sensor is Online and that the Sensor alias is correctly populated. Keep in mind the following details when you configure a classic map or a Fabric map:

Select the GigaVUE-HC1 node that has the SMT-HC1-S module installed and the ThreatINSIGHT sensor deployed.
Select the map type as First Level.
In the Destination field, select the virtual port that GigaVUE-FM had created when you deployed the ThreatINSIGHT sensor.

Note:  The virtual port will be available for selection only if you select the map type as First Level.

The ThreatINSIGHT sensor starts to analyze the traffic and polls the data to the Gigamon ThreatINSIGHT Customer Portal.

Create a New Map
Create Fabric Maps

 

3.

View the network events that the ThreatINSIGHT sensor generates when it inspects the traffic and extracts key protocol metadata for processing. You can run a query to view the events generated in the Last 1 Hour, Last 24 Hours, Last 7 Days, or Last 30 Days.

View Network Events in Gigamon ThreatInsight Customer Portal

4.

View the statistics of the data received and analyzed by the ThreatINSIGHT sensor in GigaVUE-FM.

View Gigamon ThreatInsight Sensor Statistics in GigaVUE-FM

Get Started With Gigamon ThreatInsight Sensor Deployment

To integrate Gigamon ThreatINSIGHT with SMT-HC1-S module, you must deploy the ThreatINSIGHT sensor as one of the tools on the SMT-HC1-S module. Refer to the following sections for details:

Manage Gigamon ThreatInsight Sensor

Refer to the following sections for information about how to manage Gigamon ThreatInsight sensor:

Troubleshoot Gigamon ThreatInsight Sensor Deployment and Management Issues

You can troubleshoot the ThreatINSIGHT sensor deployment issues using the information available in the Details page in GigaVUE-FM. To access the page, go to the Tools page, select the ThreatINSIGHT sensor, click the vertical ellipsis, and then select View Details.

Use the ThreatINSIGHT sensor's diagnostics statistics that appear in the Details tab in the View Statistics page to troubleshoot management issues such as:

the ThreatINSIGHT sensor is unable to obtain configurations from GigaVUE-FM or GigaVUE-OS CLI,
the ThreatINSIGHT sensor is unable to export events to the Gigamon ThreatINSIGHT Customer portal, and so on.

To view the diagnostics statistics in GigaVUE-FM, go to the Tools page, select the ThreatINSIGHT sensor, click the vertical ellipsis, select View Statistics Graph, and then go to the Details tab.

For more details, refer to Troubleshoot Gigamon ThreatInsight Sensor Issues.