Catalogic WebsiteDocumentation

Agent CLI Reference

Category
Command
Parameters
Description

Run agent

run

  • -h/--help - Shows help text.

Start Catalogic ransomware detection agent.

USAGE: Catalogic.GuardMode.Agent.exe run

Register agent as DPX node

register dpx

  • -u/--username* - Agent REST API username

  • -p/--password* - Agent REST API password

  • --operating-system - Current OS name

  • --group-name - DPX node group name, default: DefaultGroup

  • -n/--name - DPX node name, default: Ransomware Detection Agent

  • -h/--help - Shows help text.

Register current agent as DPX security node. To run this command you need to add DPX notification provider first.

USAGE: Catalogic.GuardMode.Agent.exe register dpx --username <value> --password <value> [options]

Manage notification providers configuration

config add notification-provider dpx

  • -u/--username* - DPX username

  • -p/--password* - DPX password

  • --hostname* - DPX hostname

  • --batch-size - Maximum events batch size, default: 200

  • --enabled - Enable DPX notification provider, default: True

  • --send-frequency - Notification send frequency in seconds, default: 5

  • -h/--help - Shows help text

Add a DPX instance as notification provider.

USAGE: Catalogic.GuardMode.Agent.exe config add notification-provider dpx --username <value> --password <value> --hostname <value> [options]

config list notification-provider dpx

  • --id - DPX notification provider id

  • -h/--help - Shows help text

List registered DPX notification providers.

USAGE: Catalogic.GuardMode.Agent.exe config list notification-provider dpx [options]

config remove notification-provider dpx

  • --id* - DPX notification provider id

  • -h/--help - Shows help text

Remove a DPX instance from notification provider configuration.

USAGE: Catalogic.GuardMode.Agent.exe config remove notification-provider dpx --id <value> [options]

config update notification-provider dpx

  • --id* - DPX notification provider id

  • -u/--username - DPX username

  • -p/--password - DPX password

  • --hostname - DPX hostname

  • --batch-size - Maximum events batch size

  • --enabled - Enable DPX notification provider

  • --send-frequency - Notification send frequency

  • -h/--help - Shows help text

Update DPX notification provider configuration.

USAGE: Catalogic.GuardMode.Agent.exe config update notification-provider dpx --id <value> [options]

config add notification-provider syslog

  • --hostname* - Syslog hostname or IP address

  • --port - Syslog port. Default is 514 Default: "514".

  • --tls-enabled - Enable TLS communication. Default is false Default: "False".

  • --validate-tls-certificate - Enable TLS certificate validation Default: "True".

  • --tls-certificate-path - Path to certificate file

  • --application-name Application name which will be included in Syslog messages. Default is 'Catalogic-Guard-Mode-Agent' Default: "Catalogic-Guard-Mode-Agent".

  • --output-template - Serilog message format Default: "[{Level:u3}]: {Message:l}{Exception}".

  • --protocol Syslog communication protocol. Default is TCP. Choices: "Tcp", "Udp". Default: "Tcp".

  • --batch-size - Maximum events batch size. Default: "200".

  • --enabled - Enable DPX notification provider. Default: "True".

  • --send-frequency - Notification send frequency. Default: "5".

Add a Syslog server as notification provider

USAGE:

Catalogic.GuardMode.Agent.exe config add notification-provider syslog --hostname <value> [options]

config list notification-provider syslog

  • --id - Syslog notification provider ID

List Syslog notification providers

USAGE:

Catalogic.GuardMode.Agent.exe config list notification-provider syslog [options]

config remove notification-provider syslog

  • --id* - Syslog notification provider ID

Remove a Syslog server from notification provider configuration.

USAGE:

Catalogic.GuardMode.Agent.exe config remove notification-provider syslog --id <value> [options]

config update notification-provider syslog

  • --id* - Syslog notification provider ID

  • --hostname - Syslog hostname or IP address

  • --port - Syslog port. Default is 514 Default: "514".

  • --tls-enabled - Enable TLS communication. Default is false Default: "False".

  • --validate-tls-certificate - Enable TLS certificate validation Default: "True".

  • --tls-certificate-path - Path to certificate file

  • --application-name Application name which will be included in Syslog messages. Default is 'Catalogic-Guard-Mode-Agent' Default: "Catalogic-Guard-Mode-Agent".

  • --output-template - Serilog message format Default: "[{Level:u3}]: {Message:l}{Exception}".

  • --protocol Syslog communication protocol. Default is TCP. Choices: "Tcp", "Udp". Default: "Tcp".

  • --batch-size - Maximum events batch size. Default: "200".

  • --enabled - Enable DPX notification provider. Default: "True".

  • --send-frequency - Notification send frequency. Default: "5".

Update Syslog notification provider configuration

USAGE:

Catalogic.GuardMode.Agent.exe config update notification-provider syslog --id <value> [options]

Manage REST API basic authentication configuration

config update basic-authentication

  • -u/--username - Username which will be used for rest api basic authentication

  • -p/--password - Password which will be used for rest api basic authentication

  • -f/--file - Path to file where credentials will be saved, default: appsettings.json

  • -h/--help - Shows help text

Save basic authentication credentials into appsettings.json file.

USAGE: Catalogic.GuardMode.Agent.exe config update basic-authentication --password <value> --username <value> [options]

Merge configuration sections, this command is using during agent update to save configuration from previous version.

config merge

  • --file - Path to the configuration file that should be merge to the current configuration

Merge provided configuration file with current configuration

USAGE: Catalogic.GuardMode.Agent.exe config merge --file <PathToOldConfigurationFile>

PreviousAgent command line usageNextAgent configuration

Last updated