Importing the key to the agent

In this document, you will find the following information:

Linux/Unix endpoint

The following steps serve as a guide on how to import the key to a Linux/Unix agent:

  1. From the ThreatLockDown agent, launch the terminal as a root user and import the key.

    #/var/ossec/bin/manage_agents -i <key>
    

    The output should look like this:

        Agent information:
            ID:001
            Name:agent_1
            IP Address:any
        Confirm adding it?(y/n): y
        Added.
    
  2. Add the ThreatLockDown manager IP address to the agent configuration file in /var/ossec/etc/ossec.conf.

       <client>
         <server>
           <address>MANAGER_IP</address>
           ...
         </server>
       </client>
    
  3. Restart the agent to make the changes effective.

    # systemctl restart wazuh-agent
    
  4. Select the Server management > Endpoints Summary module to check for the newly enrolled agent and its connection status in the ThreatLockDown dashboard to confirm that enrollment was successful.

Windows endpoint

The following steps serve as a guide on how to import the key to a Windows agent: The ThreatLockDown agent installation directory depends on the architecture of the host:

  • C:\Program Files (x86)\ossec-agent for 64-bit systems.

  • C:\Program Files\ossec-agent for 32-bit systems.

  1. From the ThreatLockDown agent, launch the CMD or PowerShell as an administrator and import the key.

    # & "C:\Program Files (x86)\ossec-agent\manage_agents.exe" -i <key>
    

    The output should look like this:

      Agent information:
          ID:001
          Name:agent_1
          IP Address:any
      Confirm adding it?(y/n): y
      Added.
    
  2. Add the ThreatLockDown manager IP address or DNS name to the agent configuration file in C:\Program Files (x86)\ossec-agent\ossec.conf.

       <client>
         <server>
           <address>MANAGER_IP</address>
           ...
         </server>
       </client>
    
  3. Restart the agent to make the changes effective.

    # Restart-Service -Name wazuh
    
  4. Select the Server management > Endpoints Summary module to check for the newly enrolled agent and its connection status in the ThreatLockDown dashboard to confirm that enrollment was successfully.

macOS endpoint

The following steps serve as a guide on how to import the key to a macOS agent:

  1. From the ThreatLockDown agent, launch the terminal as a root user and import the key.

    # /Library/Ossec/bin/manage_agents -i <key>
    

    The output should look like this:

    Agent information:
        ID:001
        Name:agent_1
        IP Address:any
    
    Confirm adding it?(y/n): y
    Added.
    
  2. Add the ThreatLockDown manager IP address to the agent configuration file in /Library/Ossec/etc/ossec.conf.

       <client>
         <server>
           <address>MANAGER_IP</address>
           ...
         </server>
       </client>
    
  3. Restart the agent to make the changes effective.

    # /Library/Ossec/bin/wazuh-control restart
    
  4. Select the Server management > Endpoints Summary module to check for the newly enrolled agent and its connection status in the ThreatLockDown dashboard to confirm that enrollment was successful.