Installer and Docker agent configuration

The following procedure lets you make changes to the agent.

  1. Sign in to the agent machine using SSH.
  2. Make sure you are in the /opt/SiemplifyAgent directory. If you are using Docker for installation, make sure you are inside the container.
  3. To show the configuration options, enter the following command:
    python agent_cli.py -h

    A full list with explanations is displayed later on in this document.

    Note: If you want to see the current values of each of these configurations, enter printenv.

    For example, you can change the value of one of these options:
    python agent_cli.py set_verify_ssl_slave false
  4. In addition, there are more configurations that you can change within the update_environment command (environment variables). To see these configurations, enter the following command:
    python agent_cli.py update_environment -h
    (A full list with explanations is displayed later on in this document.) For example, take one of these and change the value as follows:
    python agent_cli.py update_environment_status RETRANSMISSION_LOOP_INTERVAL_SECONDS  30
    

The following list provides more information on the options that you can configure as detailed in the procedure earlier:

Options under python agent_cli.py update_environment

Option Description Values
TASK_TIMEOUT Defines the time for timeout for tasks that were pulled from the publisher and not executed Time in seconds
SERVER_API_ROOTPublisher API server address. This indicates where the agent pulls tasks from and publishes results to.API Address
SERVER_API_TOKEN Used for authenticating the requests sent to the publisher Server API token
VERIFY_SSL A boolean parameter that defines if the agent should connect with a publisher only if it has a signed SSL certificate, or not to verify if it has a signed SSL certificate. True/False
RETRANSMISSION_LOOP_INTERVAL_SECONDSDefines the time between each interval for checking if the publisher has got a CASE_ACK for the connector package that Chronicle has pulled. When the CASE_ACK is received, the agent deletes the connector package from the retransmission folder (this means that the case that was created on the agent has reached the platform) Time in seconds
RETRANSMISSION_SAVE_PERIOD_DAYS Defines the lifetime a connector package can have in the retransmission folder. If the package did not get a CASE_ACK it is deleted. Time in days
RETRANSMISSION_FOLDER_MAX_SIZE_MB Defines the size the retransmission folder can reach. Once the max size is reached, the agent will start to delete connector packages (from oldest to newest) until the size is again in the defined boundary. Size in MB
VERIFY_SSL_SLAVEIf the value is 'True', it will communicate with the secondary publisher only if it has a signed SSL certificate True/False
PROXY_ADDRESSDefines the agent service to communicate with the Publisher, using a predefined proxy server. Proxy IP Address
AGENT_KEY Key for decrypting the packages pulled from the publisher and encrypting the results and passing them back to the publisherEncrypted Agent key
SERVER_API_ROOT_SLAVESecondary Publisher API server address. This indicates where the agent pulls tasks from and publishes results to. API Address
PROXY_ADDRESS_SLAVEDefines the agent service to communicate with the secondary Publisher, using a predefined proxy server. Proxy IP Address
DEPLOYMENT_TYPEindicates whether the agent is deployed through a docker or installerDocker/Installer

How to configure a proxy

This defines the agent service that communicates with the publisher, using a predefined proxy server. The only information that is transferred is the communication between the agent and the publisher.

Configure a proxy on an existing agent (both installer and docker)

  • Run the following command:
    python3 /opt/SiemplifyAgent/agent_cli.py update_environment PROXY_ADDRESS https://{proxy_host}

Configure a proxy on a new installer agent

  1. Download the package.
  2. Edit the .env file inside the package and add the required environment variable: PROXY_ADDRESS=https://{proxy_host}

Configure a proxy on a new docker agent

  • Before running the docker command, you need to add the following as an env var -e PROXY_ADDRESS=https://{proxy_host}.