Prerequisites
-
Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.
-
A public key and private key have been generated in the Darktrace portal, as described in Darktrace Portal Configuration.
-
The following port is open:
Direction
Port
Protocol
Source
Outbound
443
HTTPS
darktracebeat
Initialize the Beat
-
Confirm Open Collector is running:
./lrctl statusYou should see the open_collector and metrics versions:
If Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.
-
In the Open Collector, run the following command to start the beat:
./lrctl darktracebeat start
-
Using the arrow keys, select New darktracebeat instance from the list, and then press Enter.
-
Enter a unique identifier for this Darktrace beat instance, and then press Enter.
-
Enter the Darktrace beat domain name, and then press Enter.
-
Enter the previously configured Public key for authentication, and then press Enter.
-
Enter the previously configured Private key for authentication, and then press Enter.
The Darktracebeat service started message appears.
-
(Optional.) To check the status of the service, run the following command:
./lrctl darktracebeat status
Default Config Values for the Darktrace Beat
|
S.No |
Field Name |
Default Values |
|---|---|---|
|
1 |
heartbeatinterval |
60s |
|
2 |
heartbeatdisabled |
false |
|
3 |
period |
2s |
|
4 |
throttlingIntervalSecs |
60 This field value should always be greater than 0. |
|
5 |
numbackhoursData |
7 The Darktrace Beat supports up to 180 hours of backlog data. The range for this value is 1-180 hours. |
|
6 |
limit |
1000 The supported limit range is 1-1000. |