Endpoint Agent

What is the function of the endpoint agent?

The agent collects advanced telemetry from your endpoints to enable cyber threat detection and facilitate incident response. It provides complete visibility into endpoints, recording forensic-like evidence such as network connections, logins, processes, user actions, downloaded files, and much more. The agent can also be used to execute interactive threat-hunting queries and perform various incident response actions.

What Operating Systems are Supported?

• Windows: Windows 10 Server 2016 or later
• Linux - Debian/Ubuntu: Debian 11, Ubuntu 18.04 or later
• Linux - Redhat/Centos: RHEL 7, Centos 7, Amazon Linux or later

Agent Deployment Prerequisites

• Processor: 64-bit processor and OS
• Network: Agents will attempt to initiate outbound connections via TCP port 443.
• Download: https://portal.threatdefence.io/deployment/endpoint-agent

How can we verify if an agent is online and reporting?

In the Analyst Console, under the endpoint menu, two dashboards are available:

• Inventory of Agents: conducts a daily check to confirm if agents are reporting.
• Real-time Inventory of Agents: shows the last event received from an agent.

How do you remove an agent from the Console?

You must uninstall the agent directly from the endpoint.

Can I run EDR and the visibility agent at the same time?

Yes, they can co-exist on the same endpoint. Just ensure that your EDR is not blocking the installation of the agent.

Related Articles:

• Deployment - Installing Endpoint Agent (Windows)
• Deployment - Agent Troubleshooting