Quick Start Guide | Sentinel Nerd

Follow these five steps to start monitoring your UniFi network with Sentinel Nerd.

Prerequisites

A Sentinel Nerd account (sign up free)
A UniFi controller (Network, Protect, Access, or Talk) running firmware 7.x or later
Network access from your controller to ingest.sentinelnerd.com on port 514 (syslog) or 443 (API)

Step 1: Create Your Instance

After signing in, navigate to your Dashboard and click New Instance. Give it a name (e.g., "Office Network") and select your region.

Choosing a region

Select the region closest to your UniFi controller for the lowest latency. Events are processed and stored in the selected region.

Step 2: Connect Your Controller

Every Sentinel instance listens for three collector protocols on dedicated UDP ports. Configure your UniFi devices to send each type of data to the corresponding port:

Collector endpoints

Syslog       UDP + TCP   1514    Firewall, IDS, hostapd, DHCP, kernel, admin
NetFlow      UDP         2055    NetFlow v5, v9, IPFIX from gateways
SNMP Traps   UDP         1162    SNMPv1 and v2c traps from switches/APs

In your UniFi Network Controller, go to Settings → System → Advanced → Remote Syslog and enter your Sentinel host with port 1514. Enable all log levels you want to monitor.

For NetFlow/IPFIX export, enable it on your gateway (UDM, UDM-Pro, USG) and point the collector host at port 2055. Protocol v9 or IPFIX recommended.

For SNMP traps on switches/APs: Remote Monitoring → SNMP → Trap destination to port 1162.

Alternatively (or in addition), use the API integration for richer event data:

API Configuration

Controller URL: https://your-unifi-controller:443
Username: sentinelnerd-readonly
Password: (your read-only account password)
Polling Interval: 30s

Note

We recommend creating a dedicated read-only local account on your UniFi controller for Sentinel Nerd. Never use your admin credentials.

Step 3: Verify Events Are Flowing

Within 60 seconds of configuration, events should start appearing in your instance dashboard. Look for the green "Connected" indicator next to your integration.

You can also verify via the API:


curl -H "Authorization: Bearer YOUR_API_KEY" \
      https://api.sentinelnerd.com/v1/events?limit=5

Step 4: Enable Detection Rules

Sentinel Nerd ships with 50+ built-in detection rules. Head to Detection → Rules in your dashboard and enable the rule packs that match your needs:

Network Security — Port scans, brute force, unauthorized access
IDS/IPS Alerts — Intrusion detection event correlation
Physical Security — Unauthorized door access, camera tampering
Anomaly Detection — Unusual traffic patterns, new device alerts

See the Detection Rules guide for writing custom rules.

Step 5: Configure Alerting

Go to Alerting → Channels to set up where you want to receive notifications. Sentinel Nerd supports:

Email (built-in)
Slack
Discord
PagerDuty
Custom webhooks

Recommended setup

Start with email alerts for critical severity, then add Slack or Discord for medium+ events once you've tuned your rules to reduce noise.

Next Steps

Connect UniFi Network for detailed firewall and IDS/IPS monitoring
Enable Traffic Analytics to see NetFlow/IPFIX top-talkers and protocol breakdown
Enable SNMP Trap receiver for switch/AP events
Use Network Events to troubleshoot operational issues separately from security alerts
Write custom detection rules for your environment
Set up active response to automatically block threats
Manage multiple clients with the multi-tenant admin center (MSPs)
Explore the API for custom integrations and automation