Windows: Downloading and Deploying The Windows Agent
Last updated
Last updated
Please review the Windows agent parameters. They can be adjusted as needed. It is recommended that the default values be kept. Please go to "Settings & Reporting" -> "Deployment Settings", then click "Configure Management Module." The duration can be set lower for small-scale deployments.
Communication Interval
The agent and the portal communication interval. It is based on minutes.
In-Depth Search Interval
Agents can in-depth search on machines and this is the search interval. It is based on minutes.
Remediation jobs Interval
The time interval that the agent gets the remediation info. If there is any remediation job assigned to the agent, the agent will get this information in that interval. It is based on minutes.
Virus Total Mininum Detection Count
Detection count for performing actions and analysis.
Maximum Number of Active Data Collectors
The active number of parallel collections, a lower number means lower source usage and the default value is min 3.
Kill Process on Malicious Detection
Set enabled for killing the processes on malicious detection.
Data Collection Servers
The Sensor address for collection of the data.
Enable Interactive Session for Agents
The interactive session permission for agents to connect to the machine to execute commands.
Interactive Session Interval (minutes)
Interactive session live time for logging out.
Update Check Interval (minutes)
The interval for the package manager to communicate with the portal to get and send the settings.
Enable Backup Server for Installation & Upgrade File Downloads
The option for backing up the server for installation and upgrading the files.
Enable External IP Address Check
The option for checking the external IP address of the machines.
Other options are not recommended in this situation, so there is no information about them on this page. But the settings are clear to understand that most of them are intervals of each collection loop or specifying the artifacts.
Once the intervals are entered, click on the "Save" button. For small-scale testing, the parameters can be set to 5 minutes. The duration should be increased for larger-scale deployments.
Windows Threat Monitor Settings are specifically designed for monitoring process activity, honeypot accesses, file activity, and script executions. Default intervals should be like the image below, but please edit as per your system requirements.
Go to "Settings & Reporting" -> "Deployment Settings", then click on "Download". The executable Windows agent should be started after that. Once it is downloaded, click to run the executable, and when it is done, the machine data will be added to the portal.
Once the agent is deployed, please check initial data is being populated. Initial Sysmon data can take up to 15-20 minutes to be available within the system based on the configured parameters. Autoruns, processes, inventory data, and device information are available for Windows agents.
