Online Help
Audit Agent Reference
The Audit Agent is an OS-specific component installed on an endpoint that audits its host and pushes audit data back to AlloyScan over outbound HTTPS. Use Audit Agents for endpoints that leave your local network or that an Audit Service cannot reach.
Fields
| Field | Type | Values | Default | Description |
|---|---|---|---|---|
| Name | string | hostname-style | — | Identifier shown in the agents grid. |
| Audit ID | UUID | — | system-generated | Per-agent identifier used in audit snapshots. |
| Status | enum | Active / Inactive | — | Reflects recent heartbeat state. |
| IP address | string | IPv4 / IPv6 | — | Endpoint network address. |
| Device | reference | — | — | Linked Inventory device record for the audited host. |
Constraints
- An Audit Agent is OS-specific. Supported platforms are Windows, macOS, and Linux.
- An Audit Agent requires only outbound TCP/443 (HTTPS) to the AlloyScan instance. No inbound ports are required.
- Initial audit results from a freshly installed agent typically arrive within 10 to 15 minutes.
- Per-site setting Audit agent auto tag applies a configured tag to every agent-audited device automatically.
- An Audit Agent that is silent past the inactivity period (default 30 days) is automatically scheduled for deletion.
States
| State | Description | Transitions |
|---|---|---|
| ACTIVE | Agent has a null Expiration date. Audit data flows normally. | -> MARKED_FOR_DELETION when an Administrator clicks Mark for deletion, when inactivity exceeds the per-site Inactivity period, or when Delete is invoked. |
| MARKED_FOR_DELETION | Agent has an Expiration date set. | -> ACTIVE when an Administrator unmarks the agent. -> DELETED when the Expiration date passes while the agent remains offline. -> SELF_DELETE when the agent comes online before the Expiration date. |
| SELF_DELETE | The agent is performing self-uninstall on the endpoint. | -> DELETED on completion. |
| DELETED | Terminal state. The agent record is removed. | — |
A background process named RetiredAgentsAndServices enforces inactivity-based transitions periodically.