Deploy Threat Stack Windows Agent 2.x Series

Follow

Overview

This document describes the installation and configuration steps for the Threat Stack host-based Windows Agent 2.x series.

Pre-Installation for the Threat Stack Agent

Before you install the Threat Stack host-based Agent, please ensure your environment supports one of the following Windows Server Operating System versions:

• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019
Installing the Threat Stack Agent

Prerequisites

• Ensure you have administrator privileges on the host to perform the installation.

Once you have downloaded the installer, select one of the installation methods below.

Windows Setup Installation
1. Navigate to the location of the Threat Stack Cloud Security Agent.msi file.
2. Double click the file to run it.
3. A setup wizard window will appear. Click Next to continue with the installation.

4. The next screen will display a configuration page, where you can update the following settings:

• The default installation location
• By default, it is "C:\Program Files\Threat Stack\". Click Change to browse to a location of your choice.
• The Threat Stack URL
• The Ruleset Name
• By default, it is set to Windows Rule Set. You can include multiple rule sets by separating them with a comma.
• For example, to include a Windows and a PCI rule set, enter the following (Do not include the period at the end):
Windows Rule Set, PCI Rule Set.
• The Deployment Key
• A deployment key is required to complete the installation. It is available by logging into your Threat Stack CSP. Navigate to the Settings page and click the Application Keys tab. The key will be displayed under the Deployment Key section.
• By default, the option for Start the services after setup is complete is checked.
• You can uncheck this option. The services will be installed but won’t start until the host is rebooted.

5. After entering your organization’s deployment key click Next.

6. Once you have reviewed your selections and are ready to proceed, click Install.

Note

If you have administrator privileges but are not logged into your administrator account, the Install button will show a User Account Control (UAC) shield.

1. Once the installation is complete, a confirmation message will appear on the screen. Click Finish to close the window.
• To confirm the agent is running on the host, open a command prompt. Enter the following command from the install directory and press ENTER:
tsagent status

2. Your newly installed server will appear in the Threat Stack CSP on the Servers page.
Command Line Installation

The agent can be installed from the command line by either using Windows PowerShell or a Command Prompt. The example below shows the installation process using the Command Prompt.

1. Open the Command Prompt Window as an administrator.
2. Enter the following command and press ENTER:
msiexec /qn /i "c:\path\to\threatstack.msi" TSDEPLOYKEY="<DEPLOY_KEY>"

The command line parameters are as follows:
• “C:\path\to\threatstack.msi” - Indicates the location of the msi installer.
• TSDEPLOYKEY - It indicates the deployment key used to register with the platform. Replace <DEPLOY_KEY> with your deployment key.
• A deployment key is required to complete the installation. It is available by logging into your Threat Stack CSP. Navigate to the Settings page and click the Application Keys tab. The key will be displayed under the Deployment Key section.
• TSCLOUDURL (optional) - It indicates the URL of the Threat Stack CSP.
• TSRULESETNAMES (optional) - It indicates the rule set(s) being used.
• It defaults to the Windows Rule Set. You can include multiple rule sets by separating them with a comma.
• For example, to include a Windows and a PCI rule set, enter the following (Do not include the period at the end):
TSRULESETNAMES=“Windows Rule Set, PCI Rule Set”.
• TSSTARTSERVICES (optional) - You can set the Threat Stack agent (tsagent) service to not start after the installation by adding TSSTARTSERVICES=”No” to the command line.
• The services will start once the host has been rebooted.
• INSTALLDIR (optional) - It indicates the installation location.
• By default, it is "C:\Program Files\Threat Stack\".
3. The installation will quietly run in the background. Once complete, it will return a new command line.
• To confirm the agent is running on the host, enter the following command from the install directory and press ENTER:
tsagent status
4. Your newly installed server will appear in the Threat Stack CSP on the Servers page.