Adding an IBM Storage Defender sensor through the UI

Edit online

You can add the sensor on one or more systems through the IBM® Storage Defender® UI.

Before you begin

Note:

To review the system requirements, see IBM Storage Defender Data Resiliency Service: Connection manager, sensor and sensor control nodes requirements.
The procedure that is described in this topic is not applicable for external sensor control nodes. This procedure makes use of the internal sensor control node built into the connection manager.

Note: The systems must be added to a recovery group prior to installing a sensor via the UI.

Procedure

To add an IBM Storage Defender sensor on one or multiple systems, complete the following steps:

Log in to IBM Storage Defender.
Click the main menu on the upper left corner of the page.
Click Data Resiliency > Groupings > Recovery groups.
From the list of recovery groups, click the name of the recovery group you are interested in. This action opens the Recovery group details page.
On the Detection tab, go to the Defender sensors tile and click Get started.

Note: If you have previously installed sensors, you will see the Manage button on the Defender sensors tile.
On the Manage sensors pop-up window, select one or multiple VMs to add sensors by clicking the checkbox.
Note:
- The connection manager uses FQDNs of the VMs for sensor installation or uninstallation operations. Therefore the IBM Storage Defender sensor installation UI does not allow the selection of the following VMs:
  
  VMs with no FQDN
  
  VMs with localhost set as the FQDN
  
  VMs with identical FQDNs
  
  Any changes on the VMs network configurations will be reflected in the UI after the next automatic or manually-triggered inventory scan. The automatic inventory scan interval is one hour.
- To check the supported operating systems and necessary software packages for IBM Storage Defender sensors, see IBM Storage Defender Data Resiliency Service: Connection manager, sensor and sensor control nodes requirements.
- For VMs that are running on the Windows operating systems, you must complete the prerequisite steps. For more information, see Prerequisites for IBM Storage Defender sensor for Windows.
Click Add sensor + in the title bar.
Enter either a username and password, or the SSH key to access the virtual machine.
Note:
- All the selected VMs must have the same login credentials.
- To install a sensor, you must have passwordless sudo access.
Click Add Sensor to submit the installation request.
The state of selected VMs will change to Installing before showing the final result of the installation.

Note: Monitor the Notification menu to check for completed or failed notifications for each sensor. If the status is TIMEOUT, the installation request was accepted but did respond for 15 minutes. For the FAILED status, check the detailed error message in the notification.

Results

After you added the sensor, the sensor automatically starts to monitor file access activities on the system. When the sensor detects any abnormal access patterns that resemble ransomware attacks, the sensor sends alert messages to the on-premises connection manager. The connection manager then forwards these alerts to the IBM Storage Defender Data Resiliency Service (DRS) through a secure connection. Also, the sensor sends heartbeat messages to the DRS through the connection manager periodically to indicate that the sensor is running normally.