Importing the key to the agentPermalink to this headline

In this document, you will find the following information:

Linux/Unix endpoint
Windows endpoint
macOS endpoint

Linux/Unix endpointPermalink to this headline

The following steps serve as a guide on how to import the key to a Linux/Unix agent:

From the ThreatLockDown agent, launch the terminal as a root user and import the key.

#/var/ossec/bin/manage_agents -i <key>

The output should look like this:

Output
    Agent information:
        ID:001
        Name:agent_1
        IP Address:any
    Confirm adding it?(y/n): y
    Added.

Add the ThreatLockDown manager IP address to the agent configuration file in /var/ossec/etc/ossec.conf.

   <client>
     <server>
       <address>MANAGER_IP</address>
       ...
     </server>
   </client>

Restart the agent to make the changes effective.
# systemctl restart wazuh-agent
# service wazuh-agent restart
# /var/ossec/bin/wazuh-control restart
Select the Server management > Endpoints Summary module to check for the newly enrolled agent and its connection status in the ThreatLockDown dashboard to confirm that enrollment was successful.

Windows endpointPermalink to this headline

The following steps serve as a guide on how to import the key to a Windows agent: The ThreatLockDown agent installation directory depends on the architecture of the host:

C:\Program Files (x86)\ossec-agent for 64-bit systems.
C:\Program Files\ossec-agent for 32-bit systems.

From the ThreatLockDown agent, launch the CMD or PowerShell as an administrator and import the key.

# & "C:\Program Files (x86)\ossec-agent\manage_agents.exe" -i <key>

The output should look like this:

Output
  Agent information:
      ID:001
      Name:agent_1
      IP Address:any
  Confirm adding it?(y/n): y
  Added.

Add the ThreatLockDown manager IP address or DNS name to the agent configuration file in C:\Program Files (x86)\ossec-agent\ossec.conf.
```
   <client>
     <server>
       <address>MANAGER_IP</address>
       ...
     </server>
   </client>
```
Restart the agent to make the changes effective.
# Restart-Service -Name wazuh
# net stop wazuh # net start wazuh
Select the Server management > Endpoints Summary module to check for the newly enrolled agent and its connection status in the ThreatLockDown dashboard to confirm that enrollment was successfully.

macOS endpointPermalink to this headline

The following steps serve as a guide on how to import the key to a macOS agent:

From the ThreatLockDown agent, launch the terminal as a root user and import the key.

# /Library/Ossec/bin/manage_agents -i <key>

The output should look like this:

Output
Agent information:
    ID:001
    Name:agent_1
    IP Address:any

Confirm adding it?(y/n): y
Added.

Add the ThreatLockDown manager IP address to the agent configuration file in /Library/Ossec/etc/ossec.conf.

   <client>
     <server>
       <address>MANAGER_IP</address>
       ...
     </server>
   </client>

Restart the agent to make the changes effective.
```
# /Library/Ossec/bin/wazuh-control restart
```
Select the Server management > Endpoints Summary module to check for the newly enrolled agent and its connection status in the ThreatLockDown dashboard to confirm that enrollment was successful.