Remote Collector overview

Remote Collectors let you deploy sensors in multiple isolated locations. Remote Collectors must be connected to a Guardian and act as a remote interfaces, that broaden its capture capability.

Remote Collectors are low-resource sensors that capture data from distributed locations and send it to Guardian(s) for further analysis. A Remote Collector is typically installed in isolated areas, such as windmills, or solar power fields, where it monitors multiple small sites. Traffic is encrypted. The Remote Collector firmware receives automatic updates from the connected Guardian.

The relationship between a Remote Collector and a Guardian is similar to that between a Guardian and a Central Management Console (CMC), but with some key differences. A Remote Collector:
  • Does not process sniffed traffic, it just forwards it to the Guardian to which it is attached
  • Has no graphical user interface (GUI)

  • A Remote Collector has bandwidth limitations

You must enable a Guardian to receive traffic from a Remote Collectors. Once it has been enabled in the Guardian, the Remote Collector provides an additional (virtual) network interface, called a remote-collector that aggregates the traffic of all the Remote Collectors connected to it. You can open the Guardian's Sensors page to inspect all the Remote Collectors that are currently connected.

Each Remote Collector forwards its sniffed traffic to a set of Guardians. Multiple Remote Collectors can connect to a Guardian. To avoid third-party interception, traffic is encrypted with high security measures over the transport layer security (TLS) channel.