ThreatLockDown agent enrollment

Agent enrollment is the process of registering ThreatLockDown agents as authorized members of the ThreatLockDown solution. Agent enrollment allows:

  • The ThreatLockDown manager to register agents and generate unique keys for them.

  • The use of the key to encrypt communication between the agent and the manager.

  • Validation of the identity of the agents communicating with the manager.

Please note that, when following our Installation guide, it is recommended to use environment variables to automatically configure the ThreatLockDown agent. This allows the agent to enroll and connect to the ThreatLockDown manager. This documentation provides additional information on the different enrollment options.

Enrollment methods

There are two options for enrolling agents with the ThreatLockDown manager.

  1. Enrollment via agent configuration: Once the IP address of the manager has been set, the agent will be able to automatically request the key and import it. This is the recommended enrollment method.

  2. Enrollment via manager API: The user requests the key from the manager API and then manually imports it to the agent.

Requirements

The following has to be in place to ensure the ThreatLockDown agent enrollment is done:

  1. An installed and running ThreatLockDown manager.

  2. An installed and running ThreatLockDown agent on the endpoint that the user needs to enroll.

  3. Outbound connectivity from the ThreatLockDown agent to the ThreatLockDown manager services. The following ports are configurable:

    • 1514/TCP for agent communication.

    • 1515/TCP for enrollment via automatic agent request.

    • 55000/TCP for enrollment via manager API.

Note

You can find instructions to install and enroll agents in the ThreatLockDown dashboard making use of the deployment variables. Go to Endpoints Summary, and click on Deploy new agent.

Troubleshooting

Refer to the Troubleshooting section for details on how to test the connectivity between the agent and the manager.