How to Re-register an Agent

Overview

This document describes the steps to re-register an Agent not displaying in the Threat Stack Cloud Security PlatformⓇ (CSP).

Tip

If you need to re-register multiple Agents, Threat Stack recommends re-registering one Agent first to ensure the process works as expected. You may then re-register remaining Agents in parallel.

Linux Agent 1.x Series

If you log into the Threat Stack CSP and the Servers page does not display the expected number of servers, then you may need to re-register your Agent(s). If you see a "Agent has been revoked. Shutting down" message in /opt/threatstack/cloudsight/logs/cloudsight.log, then you need to re-register your Agent.

Prerequisites

  • Administrator access to your Amazon Web Service (AWS) account
  • Access to the Threat Stack console
  • Your deployment key, which can be found in Settings > Application Keys

Instructions

  1. In the Command Line, type the following command and press ENTER:
    sudo cloudsight stop
  2. Type the following command and press ENTER:
    sudo rm /opt/threatstack/cloudsight/config/.secret
  3. Do one of the following:
    1. To re-register your Agent with the Threat Stack Base Rule Set, type the following command and press ENTER:
      sudo cloudsight setup --deploy-key=<your deploy key>

      Replace <your deploy key> with your deployment key.

    2. To re-register your Agent with a different Threat Stack ruleset, type the following command and press ENTER:
      sudo cloudsight setup --ruleset=”<ruleset name>
      --deploy-key=<your deploy key>

      Replace <your deploy key> with your deployment key. Replace <ruleset name> with the Threat Stack Ruleset name, such as HIPAA.

      Note

      You can specify multiple rulesets for an Agent by including comma separated ruleset names in the ruleset parameter.

  4. Type the following command and press ENTER:
    sudo cloudsight start
Linux Agent 2.x Series

If you log into the Threat Stack CSP and the Servers page does not display the expected number of servers, then you may need to re-register your Agent(s). If you run the sudo tsagent status command and receive a "1 – tsagent: Agent is revoked" message, then you need to re-register your Agent.

Prerequisites

  • Administrator access to your Amazon Web Service (AWS) account
  • Access to the Threat Stack console
  • Your deployment key, which can be found in Settings > Application Keys
  • Your AWS hostname

Instructions

Instructions for a Non-revoked Agent
  1. In the Command Line, type the following command and press ENTER:
    sudo systemctl stop threatstack
  2. Type the following command and press ENTER:
    sudo tsagent setup --deploy-key=<your deploy key> 
    --ruleset=“Base Rule Set” --hostname=“<your hostname>

    Replace <your deploy key> with your deployment key. Replace <your hostname> with your AWS hostname.

    Note

    You can specify multiple rulesets for an Agent by including comma separated ruleset names in the ruleset parameter.

  3. Type the following command and press ENTER:
    sudo systemctl start threatstack
Instructions for a Revoked Agent
  1. In the Command Line, type the following command and press ENTER:
    sudo systemctl stop threatstack
  2. Type the following command and press ENTER:
    sudo rm /opt/threatstack/etc/tsagentd.cfg /opt/threatstack/etc/agent.db
  3. Type the following command and press ENTER:
    sudo tsagent setup --deploy-key=<your deploy key> 
    --ruleset=“Base Rule Set” --hostname=“<your hostname>

    Replace <your deploy key> with your deployment key. Replace <your hostname> with your AWS hostname.

    Note

    You can specify multiple rulesets for an Agent by including comma separated ruleset names in the ruleset parameter.

  4. Type the following command and press ENTER:
    sudo systemctl start threatstack
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request