From MetaFlows User Manual
The MetaFlows Sensor can be deployed in a mode that only runs the SRI BotHunter plugin. This option is available for free in non-commercial personal use. To use BotHunter in a commercial setting, users must obtain a license.
- Install the MetaFlows Sensor Software or download and run the prebuilt MetaFlows Sensor Virtual Machine for VMware
- Upon starting the sensor for the first time, select option 3.
- You will prompted to select if this sensor is for commercial or private use, select the appropriate option.
- During the sensor start up process, you will have to provide answers to the following prompts:
- "enter a name for this sensor (default: metaflows)"
- "enter a domain name for this sensor (default: localdomain)"
- "enter the interface that you would like this sensor to monitor"
- "enter the network address that you want the sensor to monitor (ex.single: 192.168.1.0/24 ex.multiple: 10.0.0.0/8,192.168.1.0/24)"
- "enter the ip address of the SIEM or syslog server this sensor should send events to (ex. 192.168.1.100)"
- if you would like to receive email alerts from this sensor, please enter an email address, otherwise just press enter
- A local web server can be accessed to view any infection reports
- If an IP address was provided for a local SIEM, events will be sent to that IP address.
- If an email address was provided, email alerts will be sent when infections occur (provided postfix is correctly configured for your environment).