Installer and Docker agent configuration
The following procedure lets you make changes to the agent.
- Sign in to the agent machine using SSH.
- Make sure you are in the
/home/siemplify_agent/agent_source
directory. If you are using Docker for installation, make sure you are inside the container. - To show the configuration options, enter the following command:
python agent_cli.py -h
A full list with explanations is displayed later on in this document.
Note: If you want to see the current values of each of these configurations, enter
For example, you can change the value of one of these options:printenv
.python agent_cli.py set_verify_ssl_slave false
- In addition, there are more configurations that you can change within the
update_environment
command (environment variables). To see these configurations, enter the following command:python agent_cli.py update_environment -h
(A full list with explanations is displayed later on in this document.) For example, take one of these and change the value as follows:
python agent_cli.py update_environment_status RETRANSMISSION_LOOP_INTERVAL_SECONDS 30
The following list provides more information on the options that you can configure as detailed in the procedure earlier:
Options under python agent_cli.py update_environment
Option | Description | Values |
---|---|---|
TASK_TIMEOUT | Defines the time for timeout for tasks that were pulled from the publisher and not executed | Time in seconds |
SERVER_API_ROOT | Publisher API server address. This indicates where the agent pulls tasks from and publishes results to. | API Address |
SERVER_API_TOKEN | Used for authenticating the requests sent to the publisher | Server API token |
VERIFY_SSL | A boolean parameter that defines if the agent should connect with a publisher only if it has a signed SSL certificate, or not to verify if it has a signed SSL certificate. | True/False |
RETRANSMISSION_LOOP_INTERVAL_SECONDS | Defines the time between each interval for checking if the publisher has got a CASE_ACK for the connector package that Google Security Operations has pulled. When the CASE_ACK is received, the agent deletes the connector package from the retransmission folder (this means that the case that was created on the agent has reached the platform) | Time in seconds |
RETRANSMISSION_SAVE_PERIOD_DAYS | Defines the lifetime a connector package can have in the retransmission folder. If the package did not get a CASE_ACK it is deleted. | Time in days |
RETRANSMISSION_FOLDER_MAX_SIZE_MB | Defines the size the retransmission folder can reach. Once the max size is reached, the agent will start to delete connector packages (from oldest to newest) until the size is again in the defined boundary. | Size in MB |
VERIFY_SSL_SLAVE | If the value is 'True', it will communicate with the secondary publisher only if it has a signed SSL certificate | True/False |
PROXY_ADDRESS | Defines the agent service to communicate with the Publisher, using a predefined proxy server. | Proxy IP Address |
AGENT_KEY | Key for decrypting the packages pulled from the publisher and encrypting the results and passing them back to the publisher | Encrypted Agent key |
SERVER_API_ROOT_SLAVE | Secondary Publisher API server address. This indicates where the agent pulls tasks from and publishes results to. | API Address |
PROXY_ADDRESS_SLAVE | Defines the agent service to communicate with the secondary Publisher, using a predefined proxy server. | Proxy IP Address |
DEPLOYMENT_TYPE | indicates whether the agent is deployed through a docker or installer | Docker/Installer |
How to configure an agent-publisher proxy
This defines the agent service that communicates with the publisher, using a predefined proxy server. The only information that is transferred is the communication between the agent and the publisher.
Configure a proxy on an existing agent (both installer and docker)
- Run the following command:
python3 /opt/SiemplifyAgent/agent_cli.py update_environment PROXY_ADDRESS https://{proxy_host}
Configure a proxy on a new installer agent
- Download the package.
- Edit the .env file inside the package and add the required environment
variable:
PROXY_ADDRESS=https://{proxy_host}
Configure a proxy on a new docker agent
- Before running the docker command, you need to add the following as an env var
-e PROXY_ADDRESS=https://{proxy_host}
.
How to configure an integration proxy
This defines the proxy for integrations running on the Agent.
Configure a proxy on an integration agent
Before running the docker command, add one of the following as a var:
HTTP_PROXY=https://{HTTP_PROXY}
HTTPS_PROXY=https://{HTTPS_PROXY}
NO_PROXY=https://{NO_PROXY}
(to bypass proxy traffic)