Is the SOC IP the sensor IP?

[iqworks]

Hi , i tried to research what a sensor was in SO. All I saw was how to work with it, but not where to find it, or see what the IP address was. And is this IP address the one you use in so-allow?

thanks for any help or advice

[InfosecGoon]

"Sensor" is another name for a forward node -- in a distributed architecture, it's a node that runs the network monitoring components like Zeek, Suricata, and Stenographer.

You don't need to do anything in so-allow to use one -- after you build a sensor and join it to your grid, the firewall rules on the Manager will be automatically updated to accommodate the traffic that it produces.

https://docs.securityonion.net/en/2.3/architecture.html#forward-node