Test Agents

The Agent will have logs which you can use to monitor and troubleshoot where necessary.

The Agent Information presented in the Settings screen includes:

  • Last Agent Communication Time

  • Last Action Execution Time

  • Agent Version

  • Deployment Type

  • Required Chronicle Version

  • Agent IP

  • Agent Hostname

  • Paired Publisher

  • Environments

Test the Remote Agents

To perform a basic test of the full flow, try deploying an agent locally (in a disconnected network) and connecting to one of your integrated security tools through the agent.

  1. Create a new agent and send the download link to an email address you can access.

  2. Click on the link in the email and download the agent.

  3. Deploy it locally.

  4. Make sure the agent is in Live status

  5. Make sure the agent can communicate with another product (e.g. Active Directory, ServiceNow). We will test the flow from Chronicle to the agent and back.

  6. Setup the relevant integration to run remotely and test the actions.

Both integrations and connectors provide testing features and show the status of the assigned Remote Agents in the platform.The same flow can be repeated with Agents deployed on remote sites.

Disable an Agent

To disable an agent:

  1. Navigate to Settings > Advanced > Remote Agents.

  2. Click Edit on the required agent.

  3. Check the Disable Agent checkbox. Note that you will receive a warning message.

  4. Click Save.

To delete an agent:

  1. Navigate to Settings > Advanced > Remote Agents.

  2. Click Edit on the required agent.

  3. Click the Delete button. Note that you will receive a warning message.