...
Access Universal Agent repository
Open the agent's agents repository URL in the UAM UA Manager installation for your environment . If you followed the instructions in the previous paragraph, you should have the URL and access credentials to log in to that repository(https://<DUAM_IP>:8081). Access credentials were defined during the UA Manager installation process.
A warning message is displayed (no certificates available). Click on the advanced configuration button and then click on Proceed to [...].
Use the configured credentials to access the agent's repository website.
UAM’s agents repository is displayed with all available versions of the the Universal Agent listed per targeted platform:
Deploying Windows Universal Agent
...
The unzipped folder contents should look like this:
exts: Extensions of the baseline agent functionality (e.g. log collector).
.crt, secret: Certificate and tokens for agent authentication and secure communications path establishment with the Universal Agent Manager.
Osquery-x.x.x.msi: Osquery agent installation package
Osquery.flags: Configuration parameters and paths
install.ps1: Universal Agent installation script
README.txt: installation instructions
Follow the instructions in the README.txt file. A common issue is the permissions level required to execute the installation script. Should that be the case, make sure you temporarily disable all restrictions using the commands listed in the same file. Remember to also restore the restrictions as they were configured before.
Once the installation script is finished, check that the agent is up and running by opening Windows’ task manager and finding the Osquery daemon listed as an active process:
Log in to the Universal Agent Manager (see above for instructions). The endpoint should be automatically detected and listed as an active host.
Log in to the destination domain in Devo (US > demo for the demo platform). Open one of the box.devo_ua.xxx.xxx tables in it. Data corresponding to the endpoint should start appearing in the data structure, identified by the hostname.
...
Click on deb-dua-osquery-X.X.X-devo-ua-manager.tgz to download the Universal Agent package and untar (tar -xzf deb-dua-osquery-X.X.X-devo-ua-manager.tgz) it in the local filesystem of the endpoint to monitor (e.g., in /var/tmp/devo-ua-manager). The untar folder contents should look like this:
exts: Extensions of the baseline agent functionality (e.g. log collector).
.crt, secret: Certificate and tokens for agent authentication and secure communications path establishment with the Universal Agent Manager.
Osquery-x.x.x.deb: Osquery agent installation package
Osquery.flags: Configuration parameters and paths
install.sh: Universal Agent installation script
README.txt: installation instructions
Follow the instructions in the README.txt file.
Once the installation script is finished, you can check that the agent is up and running by executing
ps -ef | grep osquery
. You should see several osquery processes running:Log in to the UAM (see previous paragraphs for instructions). The endpoint should be automatically detected and listed as an active host.
Log in to the destination domain in Devo (US > demo for the demo platform). Open one of the box.devo_ua.xxx.xxx tables in it. Data corresponding to the endpoint should start appearing in the data structure, identified by the hostname. In the next screenshots you can see some examples:
To check the operations system connected with Universal Agent:
To check the network connected with Universal Agent:
.
Deploying the macOS Universal Agent
...
The unzipped folder contents should look like this:
exts: Extensions of the baseline agent functionality (e.g. log collector).
.crt, secret: Certificate and tokens for agent authentication and secure communications path establishment with the UA Manager.
Osquery-x.x.x.pkg: Osquery agent installation package.
Osquery.flags: Configuration parameters and paths.
install.sh: UA installation script.
README.txt: Installation instructions.
...