View Categories

Argus Agent

6 min read

Argus Agent Enrollment #

Essential Capabilities #

  • Enroll agents: Register agents with the Argus Manager to start monitoring endpoints.
  • Generate enrollment keys: Use secure keys for agent registration.
  • Monitor agent status: Ensure agents are properly connected and transmitting data.

Finding Argus Agent Enrollment #

  • Navigate to Agent Enrollment in Argus:
  • Open the Argus dashboard.
  • Go to the Argus section from the main menu.
  • Select Agent Enrollment.

Configuring Argus Agent Enrollment #

  1. Generate Enrollment Key:
  • In the Agent Enrollment section, click on Generate Enrollment Key.
  • Specify the expiration time (e.g., 1 hour, 1 day) and click Generate.
  • Copy the generated key for agent registration.
  1. Enroll an Agent:
  • On the system where the Argus agent is installed, run the following command, replacing KEY with the key generated in Argus:

argus-agent-auth -m <manager_ip> -A <agent_name> -k <KEY>

  • After running the command, the agent will automatically register with the Argus Manager.
  1. Verify Agent Enrollment:
  • Go back to the Agent Enrollment section in Argus.
  • Check the status of newly enrolled agents in the list.
  • Once connected, agents will show as Active.

Using Agent Enrollment for Network Security #

  • Enroll all necessary endpoints (servers, workstations, cloud instances) to ensure full network visibility.
  • Use enrollment keys with short expiration times to avoid unauthorized access.

Argus Agent Management #

Essential Capabilities #

  • Monitor agent status: Track agents’ activity and connection status.
  • Manage agent configuration: Apply or update configuration settings to agents.
  • Perform agent-related tasks: Enable, disable, or restart agents remotely.

Finding Argus Agent Management #

  • Navigate to Agent Management in Argus:
  • Open the Argus dashboard.
  • Go to the Argus section from the main menu.
  • Select Agent Management.

Configuring Argus Agent Management #

  1. View Agent Status:
  • In the Agent Management section, you will see a list of all enrolled agents.
  • Use filters to sort by Active, Disconnected, or Pending agents.
  • Click on any agent to view detailed information such as IP address, status, and last connection time.
  1. Configure Agent Settings:
  • Select the agent you want to configure and click on Edit Configuration.
  • Modify configuration parameters such as log collection settings, event monitoring rules, or system auditing.
  • Click Save to apply the changes. Changes will be automatically pushed to the selected agent.
  1. Manage Agent Actions:
  • In the Agent Management section, select one or more agents.
  • Click on the Actions button to choose from the following options:
  • Restart Agent: Restart the agent to apply new settings.
  • Disable Agent: Temporarily disable the agent if it’s no longer needed.
  • Remove Agent: Permanently remove an agent from the Argus Manager.
  1. Automate Agent Management Tasks:
  • Use Automation features in Argus to schedule regular health checks on agents.
  • Create automation rules for auto-disabling agents that haven’t communicated in a specified time frame.

Using Argus Agent Management for Network Security #

  • Regularly monitor agent status to ensure they are actively reporting data.
  • Configure agents with appropriate log collection and monitoring rules to align with your network’s security policies.
  • Use automation to streamline agent management, reducing manual oversight.

Argus Manager

Agent Enrollment Service #

Essential Capabilities #

  • Register agents: Automatically or manually enroll agents to the Argus Manager.
  • Manage enrollment keys: Secure agent connections using unique keys.

Finding the Agent Enrollment Service #

  • Navigate to Agent Enrollment:
  • Open the Argus dashboard.
  • Go to the Argus section in the main menu.
  • Select Agent Enrollment.

Configuring Agent Enrollment #

  1. Generate Enrollment Key:
  • In the Agent Enrollment section, click on Generate Enrollment Key.
  • Set the expiration time for the key and click Generate.
  • Use this key during agent installation for secure enrollment.
  1. Enroll Agents:
  • On the target system, run the command:

argus-agent-auth -m <manager_ip> -A <agent_name> -k <enrollment_key>

  • After executing the command, agents will appear in the Agent Enrollment section in Argus.

Using Agent Enrollment Service for Network Security #

  • Securely register all endpoints, ensuring that only authorized agents communicate with your Argus Manager.
  • Regularly regenerate enrollment keys to avoid unauthorized access.

Agent Connection Service #

Essential Capabilities #

  • Monitor agent connectivity: Keep track of agent communication status.
  • Manage agent connections: Ensure secure and stable agent-to-manager communication.

Finding the Agent Connection Service #

  • Navigate to Agent Management:
  • Open the Argus dashboard.
  • Go to the Argus section in the main menu.
  • Select Agent Management.

Configuring Agent Connection Service #

  1. View Agent Connectivity:
  • The Agent Management page shows the status of all connected agents.
  • Use the filters to find Active, Disconnected, or Pending agents.
  1. Reconnect Disconnected Agents:
  • If an agent is disconnected, click on the agent’s name.
  • Choose Reconnect from the actions list.
  1. Modify Connection Settings:
  • Navigate to Settings under Agent Management.
  • Adjust timeout, heartbeat intervals, or IP allow list to control agent connection behavior.

Using Agent Connection Service for Network Security #

  • Monitor agent connectivity closely to detect communication issues.
  • Use connection management settings to ensure stable, secure communication between agents and the Argus Manager.

Analysis Engine #

Essential Capabilities #

  • Process security events: Analyze data collected from agents.
  • Generate alerts: Flag suspicious behavior based on predefined rules.

Finding the Analysis Engine #

  • Navigate to Security Events:
  • Open the Argus dashboard.
  • Go to the Argus section in the main menu.
  • Select Security Events.

Configuring the Analysis Engine #

  1. Review and Manage Event Data:
  • In the Security Events section, you will find logs and alerts generated by the analysis engine.
  • Use filters to narrow down events by type, severity, or agent.
  1. Customize Analysis Settings:
  • Go to Settings in the Security Events section.
  • Adjust event processing parameters, like batch size or retention policies, to fit your network’s performance needs.

Using the Analysis Engine for Network Security #

  • Regularly review the event logs to spot unusual behavior or potential threats.
  • Customize analysis settings to optimize performance and alerting based on your network’s size and complexity.

Data Sources #

Essential Capabilities #

  • Collect data from multiple sources: Gather information from logs, systems, and cloud services.
  • Manage data sources: Configure and enable the collection of relevant logs and metrics.

Finding Data Sources #

  • Navigate to Data Collection:
  • Open the Argus dashboard.
  • Go to the Argus section in the main menu.
  • Select Data Collection.

Configuring Data Sources #

  1. Enable Data Sources:
  • In the Data Collection section, you will see a list of supported data sources (e.g., Docker, AWS, Office 365).
  • Select the data source you want to enable and click Configure.
  1. Set up Data Collection:
  • For each data source, specify connection details such as credentials, API tokens, or file paths.
  • Test the connection and enable the data collection to start ingesting logs.

Using Data Sources for Network Security #

  • Ensure data is collected from all critical network components (e.g., servers, cloud services) to have a complete security picture.
  • Configure the data sources based on your network architecture to capture relevant security events.

Decoding #

Essential Capabilities #

  • Translate raw logs into structured data: Convert incoming data into readable formats.
  • Apply decoders to specific log types: Ensure proper log parsing for all data sources.

Finding the Decoding Feature #

  • Navigate to Decoding Settings:
  • Open the Argus dashboard.
  • Go to the Argus section in the main menu.
  • Select Decoding Settings.

Configuring Decoding #

  1. Assign Decoders to Data Sources:
  • In the Decoding Settings section, find the data source you want to assign a decoder to.
  • Select the appropriate decoder for the type of data (e.g., Apache logs, Windows Event logs).
  1. Create Custom Decoders:
  • Click on Add Custom Decoder if your data source requires a unique log format.
  • Define the decoder logic and save.

Using Decoding for Network Security #

  • Ensure decoders are properly configured to avoid missing critical information in raw logs.
  • Regularly review decoding results to ensure the correct parsing of logs from all sources.

Rule Evaluation and Alerting #

Essential Capabilities #

  • Match security rules to logs: Detect threats by comparing logs against predefined rules.
  • Trigger alerts based on rule matches: Automatically generate alerts when suspicious activity is detected.

Finding Rule Evaluation and Alerting #

  • Navigate to Rule Settings:
  • Open the Argus dashboard.
  • Go to the Argus section in the main menu.
  • Select Rule Settings.

Configuring Rule Evaluation and Alerting #

  1. Manage Predefined Rules:
  • In the Rule Settings section, you will find predefined rules grouped by category (e.g., malware detection, file integrity).
  • Enable or disable rules based on your security needs.
  1. Create Custom Rules:
  • Click on Add Custom Rule to define your own rules for specific network conditions or behaviors.
  • Specify the log pattern, conditions, and actions (e.g., alert, ignore).
  1. Configure Alerts:
  • Go to the Alerts section under Rule Settings.
  • Set alert thresholds and choose the delivery method (email, SMS, etc.).

Using Rule Evaluation and Alerting for Network Security #

  • Customize rules to fit your organization’s unique security requirements.
  • Ensure alerts are configured to notify the appropriate teams in case of security incidents.

Leave a Reply

Your email address will not be published. Required fields are marked *