Importing the key to the agentPermalink to this headline
In this document, you will find the following information:
Linux/Unix endpointPermalink to this headline
The following steps serve as a guide on how to import the key to a Linux/Unix agent:
From the ThreatLockDown agent, launch the terminal as a root user and import the key.
#/var/ossec/bin/manage_agents -i <key>
The output should look like this:
Add the ThreatLockDown manager IP address to the agent configuration file in
/var/ossec/etc/ossec.conf
.<client> <server> <address>MANAGER_IP</address> ... </server> </client>
Restart the agent to make the changes effective.
# systemctl restart wazuh-agent
# service wazuh-agent restart
# /var/ossec/bin/wazuh-control restart
Select the Server management > Endpoints Summary module to check for the newly enrolled agent and its connection status in the ThreatLockDown dashboard to confirm that enrollment was successful.
Windows endpointPermalink to this headline
The following steps serve as a guide on how to import the key to a Windows agent: The ThreatLockDown agent installation directory depends on the architecture of the host:
C:\Program Files (x86)\ossec-agent
for 64-bit systems.C:\Program Files\ossec-agent
for 32-bit systems.
From the ThreatLockDown agent, launch the CMD or PowerShell as an administrator and import the key.
# & "C:\Program Files (x86)\ossec-agent\manage_agents.exe" -i <key>
The output should look like this:
Add the ThreatLockDown manager IP address or DNS name to the agent configuration file in
C:\Program Files (x86)\ossec-agent\ossec.conf
.<client> <server> <address>MANAGER_IP</address> ... </server> </client>
Restart the agent to make the changes effective.
# Restart-Service -Name wazuh
# net stop wazuh # net start wazuh
Select the Server management > Endpoints Summary module to check for the newly enrolled agent and its connection status in the ThreatLockDown dashboard to confirm that enrollment was successfully.
macOS endpointPermalink to this headline
The following steps serve as a guide on how to import the key to a macOS agent:
From the ThreatLockDown agent, launch the terminal as a root user and import the key.
# /Library/Ossec/bin/manage_agents -i <key>
The output should look like this:
Add the ThreatLockDown manager IP address to the agent configuration file in
/Library/Ossec/etc/ossec.conf
.<client> <server> <address>MANAGER_IP</address> ... </server> </client>
Restart the agent to make the changes effective.
# /Library/Ossec/bin/wazuh-control restart
Select the Server management > Endpoints Summary module to check for the newly enrolled agent and its connection status in the ThreatLockDown dashboard to confirm that enrollment was successful.