Argus Agent Enrollment #
Essential Capabilities #
- Enroll agents: Register agents with the Argus Manager to start monitoring endpoints.
- Generate enrollment keys: Use secure keys for agent registration.
- Monitor agent status: Ensure agents are properly connected and transmitting data.
Finding Argus Agent Enrollment #
- Navigate to Agent Enrollment in Argus:
- Open the Argus dashboard.
- Go to the Argus section from the main menu.
- Select Agent Enrollment.
Configuring Argus Agent Enrollment #
- Generate Enrollment Key:
- In the Agent Enrollment section, click on Generate Enrollment Key.
- Specify the expiration time (e.g., 1 hour, 1 day) and click Generate.
- Copy the generated key for agent registration.
- Enroll an Agent:
- On the system where the Argus agent is installed, run the following command, replacing KEY with the key generated in Argus:
argus-agent-auth -m <manager_ip> -A <agent_name> -k <KEY>
- After running the command, the agent will automatically register with the Argus Manager.
- Verify Agent Enrollment:
- Go back to the Agent Enrollment section in Argus.
- Check the status of newly enrolled agents in the list.
- Once connected, agents will show as Active.
Using Agent Enrollment for Network Security #
- Enroll all necessary endpoints (servers, workstations, cloud instances) to ensure full network visibility.
- Use enrollment keys with short expiration times to avoid unauthorized access.
Argus Agent Management #
Essential Capabilities #
- Monitor agent status: Track agents’ activity and connection status.
- Manage agent configuration: Apply or update configuration settings to agents.
- Perform agent-related tasks: Enable, disable, or restart agents remotely.
Finding Argus Agent Management #
- Navigate to Agent Management in Argus:
- Open the Argus dashboard.
- Go to the Argus section from the main menu.
- Select Agent Management.
Configuring Argus Agent Management #
- View Agent Status:
- In the Agent Management section, you will see a list of all enrolled agents.
- Use filters to sort by Active, Disconnected, or Pending agents.
- Click on any agent to view detailed information such as IP address, status, and last connection time.
- Configure Agent Settings:
- Select the agent you want to configure and click on Edit Configuration.
- Modify configuration parameters such as log collection settings, event monitoring rules, or system auditing.
- Click Save to apply the changes. Changes will be automatically pushed to the selected agent.
- Manage Agent Actions:
- In the Agent Management section, select one or more agents.
- Click on the Actions button to choose from the following options:
- Restart Agent: Restart the agent to apply new settings.
- Disable Agent: Temporarily disable the agent if it’s no longer needed.
- Remove Agent: Permanently remove an agent from the Argus Manager.
- Automate Agent Management Tasks:
- Use Automation features in Argus to schedule regular health checks on agents.
- Create automation rules for auto-disabling agents that haven’t communicated in a specified time frame.
Using Argus Agent Management for Network Security #
- Regularly monitor agent status to ensure they are actively reporting data.
- Configure agents with appropriate log collection and monitoring rules to align with your network’s security policies.
- Use automation to streamline agent management, reducing manual oversight.
Argus Manager
Agent Enrollment Service #
Essential Capabilities #
- Register agents: Automatically or manually enroll agents to the Argus Manager.
- Manage enrollment keys: Secure agent connections using unique keys.
Finding the Agent Enrollment Service #
- Navigate to Agent Enrollment:
- Open the Argus dashboard.
- Go to the Argus section in the main menu.
- Select Agent Enrollment.
Configuring Agent Enrollment #
- Generate Enrollment Key:
- In the Agent Enrollment section, click on Generate Enrollment Key.
- Set the expiration time for the key and click Generate.
- Use this key during agent installation for secure enrollment.
- Enroll Agents:
- On the target system, run the command:
argus-agent-auth -m <manager_ip> -A <agent_name> -k <enrollment_key>
- After executing the command, agents will appear in the Agent Enrollment section in Argus.
Using Agent Enrollment Service for Network Security #
- Securely register all endpoints, ensuring that only authorized agents communicate with your Argus Manager.
- Regularly regenerate enrollment keys to avoid unauthorized access.
Agent Connection Service #
Essential Capabilities #
- Monitor agent connectivity: Keep track of agent communication status.
- Manage agent connections: Ensure secure and stable agent-to-manager communication.
Finding the Agent Connection Service #
- Navigate to Agent Management:
- Open the Argus dashboard.
- Go to the Argus section in the main menu.
- Select Agent Management.
Configuring Agent Connection Service #
- View Agent Connectivity:
- The Agent Management page shows the status of all connected agents.
- Use the filters to find Active, Disconnected, or Pending agents.
- Reconnect Disconnected Agents:
- If an agent is disconnected, click on the agent’s name.
- Choose Reconnect from the actions list.
- Modify Connection Settings:
- Navigate to Settings under Agent Management.
- Adjust timeout, heartbeat intervals, or IP allow list to control agent connection behavior.
Using Agent Connection Service for Network Security #
- Monitor agent connectivity closely to detect communication issues.
- Use connection management settings to ensure stable, secure communication between agents and the Argus Manager.
Analysis Engine #
Essential Capabilities #
- Process security events: Analyze data collected from agents.
- Generate alerts: Flag suspicious behavior based on predefined rules.
Finding the Analysis Engine #
- Navigate to Security Events:
- Open the Argus dashboard.
- Go to the Argus section in the main menu.
- Select Security Events.
Configuring the Analysis Engine #
- Review and Manage Event Data:
- In the Security Events section, you will find logs and alerts generated by the analysis engine.
- Use filters to narrow down events by type, severity, or agent.
- Customize Analysis Settings:
- Go to Settings in the Security Events section.
- Adjust event processing parameters, like batch size or retention policies, to fit your network’s performance needs.
Using the Analysis Engine for Network Security #
- Regularly review the event logs to spot unusual behavior or potential threats.
- Customize analysis settings to optimize performance and alerting based on your network’s size and complexity.
Data Sources #
Essential Capabilities #
- Collect data from multiple sources: Gather information from logs, systems, and cloud services.
- Manage data sources: Configure and enable the collection of relevant logs and metrics.
Finding Data Sources #
- Navigate to Data Collection:
- Open the Argus dashboard.
- Go to the Argus section in the main menu.
- Select Data Collection.
Configuring Data Sources #
- Enable Data Sources:
- In the Data Collection section, you will see a list of supported data sources (e.g., Docker, AWS, Office 365).
- Select the data source you want to enable and click Configure.
- Set up Data Collection:
- For each data source, specify connection details such as credentials, API tokens, or file paths.
- Test the connection and enable the data collection to start ingesting logs.
Using Data Sources for Network Security #
- Ensure data is collected from all critical network components (e.g., servers, cloud services) to have a complete security picture.
- Configure the data sources based on your network architecture to capture relevant security events.
Decoding #
Essential Capabilities #
- Translate raw logs into structured data: Convert incoming data into readable formats.
- Apply decoders to specific log types: Ensure proper log parsing for all data sources.
Finding the Decoding Feature #
- Navigate to Decoding Settings:
- Open the Argus dashboard.
- Go to the Argus section in the main menu.
- Select Decoding Settings.
Configuring Decoding #
- Assign Decoders to Data Sources:
- In the Decoding Settings section, find the data source you want to assign a decoder to.
- Select the appropriate decoder for the type of data (e.g., Apache logs, Windows Event logs).
- Create Custom Decoders:
- Click on Add Custom Decoder if your data source requires a unique log format.
- Define the decoder logic and save.
Using Decoding for Network Security #
- Ensure decoders are properly configured to avoid missing critical information in raw logs.
- Regularly review decoding results to ensure the correct parsing of logs from all sources.
Rule Evaluation and Alerting #
Essential Capabilities #
- Match security rules to logs: Detect threats by comparing logs against predefined rules.
- Trigger alerts based on rule matches: Automatically generate alerts when suspicious activity is detected.
Finding Rule Evaluation and Alerting #
- Navigate to Rule Settings:
- Open the Argus dashboard.
- Go to the Argus section in the main menu.
- Select Rule Settings.
Configuring Rule Evaluation and Alerting #
- Manage Predefined Rules:
- In the Rule Settings section, you will find predefined rules grouped by category (e.g., malware detection, file integrity).
- Enable or disable rules based on your security needs.
- Create Custom Rules:
- Click on Add Custom Rule to define your own rules for specific network conditions or behaviors.
- Specify the log pattern, conditions, and actions (e.g., alert, ignore).
- Configure Alerts:
- Go to the Alerts section under Rule Settings.
- Set alert thresholds and choose the delivery method (email, SMS, etc.).
Using Rule Evaluation and Alerting for Network Security #
- Customize rules to fit your organization’s unique security requirements.
- Ensure alerts are configured to notify the appropriate teams in case of security incidents.