Endpoint Agent
What is the function of the endpoint agent?
The agent collects advanced telemetry from your endpoints to enable cyber threat detection and facilitate incident response. It provides complete visibility into endpoints, recording forensic-like evidence such as network connections, logins, processes, user actions, downloaded files, and much more. The agent can also be used to execute interactive threat-hunting queries and perform various incident response actions.
Agent Deployment Prerequisites
- Processor: x86_64 processor and OS
- Network: Agents will attempt to initiate outbound connections via TCP port 443.
- Download: https://portal.threatdefence.io/deployment/endpoint-agent
What Operating Systems are Supported?
Windows
- Windows 11
- Windows 10
- Server 2016
- Server 2019
- Server 2022
Linux
- Debian 11 or Later
- Ubuntu 18.04 or Later
- RHEL 7 or Later
- Oracle Linux 7 or Later
- Amazon Linux 2 or later
- SLES 15.3 or Later
How can we verify if an agent is online and reporting?
In the Analyst Console, under the endpoint menu, two dashboards are available:
- Inventory of Agents: conducts a daily check to confirm if agents are reporting.
- Real-time Inventory of Agents: shows the last event received from an agent.
How do you remove an agent from the Console?
You must uninstall the agent directly from the endpoint.
Can I run EDR and the visibility agent at the same time?
Yes, they can co-exist on the same endpoint. Just ensure that your EDR is not blocking the installation of the agent.
Related Articles: