.Network configuration
[width="100%",cols="16%,11%,73%",options="header",]
|===
|Parameter label (name) |Default value|Description|Availability Zones
(`AvailabilityZones`)|`**__Requires input__**`|Availability Zones to use for the subnets in the VPC. Two Availability Zones are used for this deployment.|VPC CIDR
(`VPCCIDR`)|`10.0.0.0/16`|CIDR block for the VPC.|Private subnet 1 CIDR
(`PrivateSubnet1CIDR`)|`10.0.0.0/19`|CIDR block for private subnet 1, located in Availability Zone 1.|Private subnet 2 CIDR
(`PrivateSubnet2CIDR`)|`10.0.32.0/19`|CIDR block for private subnet 2, located in Availability Zone 2.|Public subnet 1 CIDR
(`PublicSubnet1CIDR`)|`10.0.128.0/20`|CIDR block for the public (DMZ) subnet 1, located in Availability Zone 1.|Public subnet 2 CIDR
(`PublicSubnet2CIDR`)|`10.0.144.0/20`|CIDR block for the public (DMZ) subnet 2, located in Availability Zone 2.|Bastion host CIDR
(`RemoteAccessCIDR`)|`**__Requires input__**`|CIDR IP range that is permitted to access the bastion hosts. We recommend that you set this value to a trusted IP range.
|===
.Bastion configuration
[width="100%",cols="16%,11%,73%",options="header",]
|===
|Parameter label (name) |Default value|Description|Bastion host instance type
(`BastionInstanceType`)|`t3.micro`|Amazon EC2 instance type for the bastion hosts.|Key pair name
(`BastionKeyPairName`)|`**__Requires input__**`|Name of an existing public/private key pair, which allows you to securely connect to your instance after it launches.|Bastion host AMI operating system
(`BastionAMIOS`)|`Amazon-Linux2-HVM`|Linux distribution for the Amazon Machine Image (AMI) used for the bastion host instances.
|===
.Darktrace appliance configuration
[width="100%",cols="16%,11%,73%",options="header",]
|===
|Parameter label (name) |Default value|Description|Appliance host name
(`VSensorApplianceHostname`)|`**__Requires input__**`|Host name of the Darktrace appliance.|Appliance port
(`VSensorAppliancePort`)|`443`|Connection port between vSensor and the Darktrace appliance.|Appliance push token
(`VSensorAppliancePushtoken`)|`**__Requires input__**`|Push token to authenticate with the appliance. For more information, see the https://customerportal.darktrace.com/login[Darktrace Customer Portal].
|===
.Darktrace vSensor configuration
[width="100%",cols="16%,11%,73%",options="header",]
|===
|Parameter label (name) |Default value|Description|EC2 instance type
(`VSensorInstanceType`)|`t3.medium`|EC2 instance type. Default is `t3.medium`.|EC2 key pair name
(`VSensorKeyPairName`)|`**__Requires input__**`|EC2 key pair to use to connect to vSensor.|Update key
(`VSensorUpdatekey`)|`XXXXXX:XXXX`|Darktrace update key. If you don't have one, contact your Darktrace representative.|Desired vSensor instance capacity
(`VSensorDesiredCapacityASG`)|`1`|Desired number of vSensor instances in the Auto-Scaling group.|Minimum vSensor instance capacity
(`VSensorMinSizeASG`)|`1`|Minimum number of vSensor instances in the Auto-Scaling group.|Maximum vSensor instance capacity
(`VSensorMaxSizeASG`)|`5`|Maximum number of vSensor instances in the Auto-Scaling group.|osSensor HMAC Token
(`VSensorOsSensorHMAC`)|`**__Blank string__**`|Hash-based message authentication code (HMAC) token to authenticate osSensors with vSensor.
|===
.VPC Traffic Mirror configuration
[width="100%",cols="16%,11%,73%",options="header",]
|===
|Parameter label (name) |Default value|Description|Traffic Mirror rule number
(`VSensorTrafficMirrorRuleNumber`)|`100`|Enter a priority to assign to the rule.|Source traffic CIDR to filter (0.0.0.0/0 for all traffic)
(`VSensorTrafficMirrorSourceCIDR`)|`0.0.0.0/0`|Source CIDR for the Traffic Mirror filter. Enter `0.0.0.0/0` for all traffic.|Destination traffic CIDR to filter (0.0.0.0/0 for all traffic)
(`VSensorTrafficMirrorDestCIDR`)|`0.0.0.0/0`|Destination CIDR for the Traffic Mirror filter. Enter `0.0.0.0/0` for all traffic.
|===
.Logs and captured packet retention
[width="100%",cols="16%,11%,73%",options="header",]
|===
|Parameter label (name) |Default value|Description|CloudWatch logs retention (days)
(`VSensorLogGroupRetention`)|`30`|Number of days to retain Cloudwatch logs.|Captured packets storage retention (days)
(`VSensorLifecycleS3BucketDays`)|`7`|Number of days to retain captured packets in Amazon S3.
|===
.AWS Quick Start configuration
[width="100%",cols="16%,11%,73%",options="header",]
|===
|Parameter label (name) |Default value|Description|Quick Start S3 bucket name
(`QSS3BucketName`)|`aws-quickstart`|Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html.|Quick Start S3 bucket Region
(`QSS3BucketRegion`)|`us-east-1`|AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html.|Quick Start S3 key prefix
(`QSS3KeyPrefix`)|`quickstart-darktrace-vsensor/`|S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html.|Quick Start unique run ID (12 characters or less)
(`ShortID`)|`**__Blank string__**`|Quick Start short unique ID used to identify resources from other installations of this Quick Start. If left empty, a random string is generated.
|===