Agent Management

Setup and management of agents such as OSSEC, ClamAV for anti-virus, CrowdStrike, and so forth

Security agents monitor virtual machines for threats, vulnerabilities, and compliance. They collect security-related data and send it to centralized controlling software. Security agents include tools like OSSEC (used with SIEM Wazuh), ClamAV (anti-virus), CrowdStrike, and Lacework.

DuploCloud provides seamless installation and management of these security agents, offering three types:

1. Docker-based Agents

These agents run as containers orchestrated by DuploCloud, with privileged access over the Host operating system. They can be deployed on all or a subset of hosts within a cluster.

2. Kubernetes DaemonSet Agents

Kubernetes DaemonSets ensure that security agents are deployed across all or a subset of Hosts in the cluster, typically with privileged access over the Host operating system.

3. Non-Docker VM Agents

These agents are Linux packages or Windows services installed on virtual machines, either baked into the VM image before launch or installed via user data scripts.

Security agents focus on system protection and compliance, while observability agents monitor application performance, health, and infrastructure metrics. For more information on observability agents, please refer to the observability documentation.

Agent Registration

Create an Agent Type. Each vendor or agent software is considered a type. For example, OSSEC, ClamAV, Laceworks, and CrowdStrike are different agent types. To add a new agent type, navigate to Security -> Agents and click Add. The Add Security Agent pane displays. Enter the Agent Name and click Create.
Create an agent deployment. Under the desired Agent tab, Add a deployment to deploy the agent to the Hosts. You must deploy at least one agent per Kubernetes cluster. You can deploy on all hosts in a Kubernetes cluster or on all Hosts for a specific Tenant. Deploying on all hosts for one Tenant is useful for certain Kubernetes clusters or DuploCloud Infrastructures where you have Tenants on which you don't want specific agents to be run.

Behind the scenes, this deployment is just a regular Kubernetes DaemonSet deployment or a built-in container orchestration deployment within a tenant, as documented here.

Creating multiple deployments for multiple Tenants

You can create multiple deployments for multiple tenants. In the case of Kubernetes-based container orchestration, as against DuploCloud built-in orchestration, you can target all nodes in the cluster with just one deployment. The following are the fields in the Update Security Agent Deployment page:

Name is a desired name to track the deployment.
Cluster is the infrastructure name and is the maximum scope of deployment.
Host Tenant is the tenant namespace where the daemon set will be deployed.
Deployment Type is either a K8s DaemonSet or Docker Native for built-in container orchestration.

Once deployed, you can view the deployed instances of the agents under their respective agent tabs, as shown below:

PreviousSecurity Monitoring NextSIEM

Last updated 15 days ago

Was this helpful?

Agent Registration

Create an Agent Type. Each vendor or agent software is considered a type. For example, OSSEC, ClamAV, Laceworks, and CrowdStrike are different agent types. To add a new agent type, navigate to Security -> Agents and click Add. The Add Security Agent pane displays. Enter the Agent Name and click Create.

Create an agent deployment. Under the desired Agent tab, Add a deployment to deploy the agent to the Hosts. You must deploy at least one agent per Kubernetes cluster. You can deploy on all hosts in a Kubernetes cluster or on all Hosts for a specific Tenant. Deploying on all hosts for one Tenant is useful for certain Kubernetes clusters or DuploCloud Infrastructures where you have Tenants on which you don't want specific agents to be run.

Behind the scenes, this deployment is just a regular Kubernetes DaemonSet deployment or a built-in container orchestration deployment within a tenant, as documented here.

Creating multiple deployments for multiple Tenants

Name is a desired name to track the deployment.

Cluster is the infrastructure name and is the maximum scope of deployment.

Host Tenant is the tenant namespace where the daemon set will be deployed.

Deployment Type is either a K8s DaemonSet or Docker Native for built-in container orchestration.

Once deployed, you can view the deployed instances of the agents under their respective agent tabs, as shown below: