About Audit Agents
An Audit Agent is an endpoint-side worker that audits a computer from the device itself and sends audit results back to AlloyScan over outbound HTTPS.
Use Audit Agents for offsite computers, laptops, remote networks, and other devices that cannot be reached reliably by an in-network Audit Service.
Menu path
Admin Center > Site Settings > Tasks and services > Audit agents
You can also deploy agents from Network > Audit agents.
Scope
Audit Agents are managed per Site. An agent installed for one Site reports into that Site's inventory and does not cross over into other Sites on the same instance.
What the Audit agents page is for
Use this page to:
- review registered Audit Agents for the current Site
- check whether agents are active or stale
- confirm agent version and last activity
- diagnose endpoints that have stopped reporting
- understand which computers are being audited by agent-based audit rather than agentless service audit
The deployment flow itself lives under Network > Audit agents, where users can download Windows, macOS, and Linux installation packages or copy download links.
Lifecycle
Audit Agents follow the same inactivity-cleanup model as Audit Services:
| State | Meaning |
|---|---|
| Active | The agent is installed and sends heartbeats. |
| Inactive | The agent has not sent a heartbeat within the configured inactivity period. |
| ScheduledForDeletion | The agent has been marked for deletion after inactivity or an admin action. |
| Deleted | The registration has been removed. |
If an agent comes online while scheduled for deletion, it self-uninstalls. If it stays offline until the expiration date, AlloyScan removes the server-side record.
The inactivity window is configured at Admin Center > Site Settings > Settings > Audit agent settings.
How Audit Agents differ from Audit Services
| Item | Audit Agent | Audit Service |
|---|---|---|
| Runs on | The audited endpoint | A Windows host inside the network |
| Audit model | Agent-based, push results to AlloyScan | Agentless, scan/audit reachable targets |
| Network requirement | Outbound HTTPS/443 from endpoint | Connectivity from service host to target devices |
| Typical use | Remote users, laptops, offsite computers | Internal networks, servers, SNMP, hypervisors, cloud segments |
Both methods produce Audit Snapshots and populate the same Inventory.