Change Agents from Investigate to Monitor

Follow

Threat Stack offers two agent-based packages and enables users to configure the agent to match the package they purchased. You typically configure this during the agent deployment, however, you might want to change the configuration of an agent already deployed.

To transition your Agents from Investigate to Monitor you need to run the following commands on the host:

  1. Run command sudo cloudsight config agent_type=m

Example output: 2017-06-19T17:45:53.124Z: [-] Setting: agent_type = m

  1. Run command sudo cloudsight restart

Example output:

ubuntu@HOST:~$ sudo cloudsight restart

2017-06-19T17:46:35.564Z: [-] Stopping Threat Stack Cloud Sight process: 1552. Please, wait.

2017-06-19T17:46:36.589Z: [-] Stopping Threat Stack Audit Collection Service process: 1584. Please, wait.

2017-06-19T17:46:37.593Z: [-] Stopping Threat Stack File Integrity Monitoring process: 26998. Please, wait.

2017-06-19T17:46:38.606Z: [-] Starting Threat Stack Audit Collection Service. Please, wait.

2017-06-19T17:46:39.611Z: [*] Threat Stack Audit Collection Service initialized.

2017-06-19T17:46:39.614Z: [-] Starting Threat Stack File Integrity Monitoring. Please, wait.

2017-06-19T17:46:40.622Z: [*] Threat Stack File Integrity Monitoring initialized.

2017-06-19T17:46:40.622Z: [-] Starting Threat Stack Cloud Sight. Please, wait.

2017-06-19T17:46:41.629Z: [*] Threat Stack Cloud Sight initialized.”

Chef Recipe Investigate to Monitor

In Chef, to transition your Agents from Investigate to Monitor you need to update the node attribute in your Chef Recipe:

1. Update the node attribute node['threatstack']['agent_type'] from `nil` to `monitor` to change the agent type. There are many ways to accomplish this.

NOTE: You can override attributes from a wrapper cookbook/recipe, environment, or role definition. For more information on how Chef handles attributes, see Chef Attributes.

2. Trigger a restart of the agent. (This should be handled by the Chef recipe.)

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.