After Installation

Adjust firewall rules using so-allow

Depending on what kind of installation you did, the Setup wizard may have already walked you through adding firewall rules to allow your analyst IP address(es). If you need to allow other IP addresses, you can manually run so-allow.

Services

  • Verify services are running:

    sudo so-status
    

Other

  • Full-time analysts may want to connect using a dedicated Analyst VM.
  • Any IDS/NSM system needs to be tuned for the network it’s monitoring. Please see the Tuning section.
  • Configure the OS to use your preferred NTP server.