Importing the key to the agent

Linux/Unix endpoint

The following steps serve as a guide on how to import the key to a Linux/Unix agent:

1. From the ThreatLockDown agent, launch the terminal as a root user and import the key.

   #/var/ossec/bin/manage_agents -i <key>
   

   The output should look like this:

       Agent information:
           ID:001
           Name:agent_1
           IP Address:any
       Confirm adding it?(y/n): y
       Added.
   

2. Add the ThreatLockDown manager IP address to the agent configuration file in /var/ossec/etc/ossec.conf.

      <client>
        <server>
          <address>MANAGER_IP</address>
          ...
        </server>
      </client>
   

3. Restart the agent to make the changes effective.

   SystemdSysV initOther Unix based OS

   # systemctl restart wazuh-agent
   

4. Select the Server management > Endpoints Summary module to check for the newly enrolled agent and its connection status in the ThreatLockDown dashboard to confirm that enrollment was successful.

Windows endpoint

The following steps serve as a guide on how to import the key to a Windows agent: The ThreatLockDown agent installation directory depends on the architecture of the host:

• C:\Program Files (x86)\ossec-agent for 64-bit systems.

• C:\Program Files\ossec-agent for 32-bit systems.

1. From the ThreatLockDown agent, launch the CMD or PowerShell as an administrator and import the key.

   # & "C:\Program Files (x86)\ossec-agent\manage_agents.exe" -i <key>
   

   The output should look like this:

     Agent information:
         ID:001
         Name:agent_1
         IP Address:any
     Confirm adding it?(y/n): y
     Added.
   

2. Add the ThreatLockDown manager IP address or DNS name to the agent configuration file in C:\Program Files (x86)\ossec-agent\ossec.conf.

      <client>
        <server>
          <address>MANAGER_IP</address>
          ...
        </server>
      </client>
   

3. Restart the agent to make the changes effective.

   PowerShell (as an administrator)CMD (as an administrator)

   # Restart-Service -Name wazuh
   

4. Select the Server management > Endpoints Summary module to check for the newly enrolled agent and its connection status in the ThreatLockDown dashboard to confirm that enrollment was successfully.

macOS endpoint

The following steps serve as a guide on how to import the key to a macOS agent:

1. From the ThreatLockDown agent, launch the terminal as a root user and import the key.

   # /Library/Ossec/bin/manage_agents -i <key>
   

   The output should look like this:

   Agent information:
       ID:001
       Name:agent_1
       IP Address:any
   
   Confirm adding it?(y/n): y
   Added.
   

2. Add the ThreatLockDown manager IP address to the agent configuration file in /Library/Ossec/etc/ossec.conf.

      <client>
        <server>
          <address>MANAGER_IP</address>
          ...
        </server>
      </client>
   

3. Restart the agent to make the changes effective.

   # /Library/Ossec/bin/wazuh-control restart
   

4. Select the Server management > Endpoints Summary module to check for the newly enrolled agent and its connection status in the ThreatLockDown dashboard to confirm that enrollment was successful.