Using the Audit Agent

Preview

In addition to conducting agentless audits through the Audit Service, AlloyScan also provides the option for an agent-based audit. This type of audit involves using the Audit Agent, which is a lightweight service installed directly on each audited computer. This article describes the scenarios for using the Audit Agent and explains how to conduct remote computer audits using an agent-based approach.

The Audit Agent operates autonomously and does not have any physical entry points that can be managed externally. Instead, it initiates a connection with the server and works solely within that established connection. This is why with the Audit Agent, there is no need to open any additional access methods or any specific network ports and protocols to establish connections with the audited computer. The Audit Agent gathers information and executes audit tasks directly on the computer, and then securely communicates the findings back to AlloyScan.

This makes the Audit Agent particularly useful for auditing individual computers that are not on the company’s network or get connected to the network only occasionally. One such example is auditing the laptops used by traveling employees who often work remotely.

In general, the Audit Agent is an ideal choice for scenarios where traditional access methods are unavailable or restricted. Here are a few examples of such scenarios:

• Remote or isolated environments with limited network connectivity.

• Air-gapped systems which are intentionally isolated from external networks for security reasons.

• Third-party or untrusted networks where it may not be feasible to establish direct network connections for security reasons.

• Restricted network access due to firewall rules, network policies, or other access control mechanisms.

Deploying the Audit Agent

The Audit Agent can be deployed to computers directly, remotely, or using Group Policy Objects (GPO). Every method is described in detail below.

Direct deploy

To deploy the Audit Agent directly to a Windows, macOS, or Linux computer you wish to audit, navigate to Admin Center > Tasks and services > Audit agents and then follow the steps in the appropriate section below.

Deploying Audit Agent on Windows

1. Download the Audit Agent zip archive directly to the audited computer.

2. Extract the zip archive.

3. Run the installer included in the Audit Agent package. Follow the installation prompts and provide any required configuration details.

Deploying Audit Agent on macOS

To deploy the Audit Agent on a macOS computer, proceed as follows:

1. Download the Audit Agent zip archive directly to the audited computer.

2. Extract the zip archive.

3. Click on the file AlloyMacAuditAgent.pkg located in the root of the archive. This will launch the standard macOS installer.

4. Follow the prompts of the installer to complete the installation.

To uninstall, navigate to the Audit Agent installation folder (by default /Library/AlloyMacAuditAgent) and run the uninstall script. For example, you can use the command sudo ./uninstall.sh.

Deploying Audit Agent on Linux

To deploy the Audit Agent on a Linux computer:

1. Download the Audit Agent zip archive directly to the audited computer.

2. Extract the zip archive.

3. Execute the install.sh script located in the root of the archive.

4. Run the script using a command such as sudo /bin/bash "install.sh".

To uninstall, navigate to the /opt/AlloyLinuxAuditAgent directory and run the uninstall script.

Once the installation is complete, the Audit Agent automatically initiates an audit process on the audited computer. Within a timeframe of 10 to 15 minutes the audit results will appear in the inventory.

Deploying via a download link

You can also use the Copy download link option to conveniently transfer the Audit Agent package from AlloyScan to the audited computer without the need for external storage devices or network transfers. To do this, proceed as follows:

1. Navigate to Admin Center > Tasks and services > Audit agents.

2. Click on Copy download link. This copies the download link to your clipboard.

3. Access the computer to be audited.

4. Open a web browser on the audited computer and paste the copied download link into the browser's address bar.

5. Download the Audit Agent package directly to the audited computer.

6. Run the installer included in the Audit Agent package. Follow the installation prompts and provide any required configuration details.

Remote deploy

This method is recommended if a computer is discovered during a scan, but the scan itself is not able to retrieve crucial audit information. This can be due to firewall settings, network restrictions, or other factors that limit the scan's access to the target computer. By deploying the Audit Agent to such a computer, you ensure a more thorough and reliable audit.

To deploy the Audit Agent remotely, proceed as follows:

1. Locate the computer in the Scan Results table.

2. Click on in the Ready for audit column for that computer record. This opens the Troubleshoot side panel.

3. In the Audit Alloy Agent section of the Troubleshoot panel, click on the Install button. A new panel appears, prompting you to test if the agent can be installed on the device.

4. Click on the Test button. If the test is successful, the status changes to Passed and the Install button becomes available.

5. Click Install to deploy the agent on the remote computer.

Deploy using Group Policy Objects (GPO)

Administrators can use the GPO feature to centrally manage and distribute the Audit Agent across multiple computers within the network. This method provides a convenient and efficient way to scale the deployment of the Audit Agent and maintain control over the auditing process throughout the network infrastructure.

Audit Agent updates

The Audit Agent is designed to receive automatic updates without requiring any user intervention. These updates are deployed seamlessly, ensuring that the Audit Agent remains up to date with the latest features, improvements, and security enhancements.