| --enable-watcher - Enable filesystem watcher, default: True -h/--help - Show help text
| Start Catalogic GuardMode Agent. | Catalogic.GuardMode.Agent.exe run |
| -u/--username* - Agent REST API username
-p/--password* - Agent REST API password
--operating-system - Current OS
--group-name - DPX node group name, default: DefaultGroup
-h/--help - Show help text
| Register current agent as a DPX security node. You have to add a DPX instance as notification provider before using this command. | Catalogic.GuardMode.Agent.exe register dpx --username <value> --password <value> [options] |
| --id - DPX notification provider ID -h/--help - Show help text
| Deregister current agent as DPX security node. | Catalogic.GuardMode.Agent deregister dpx [options] |
config list notification-provider dpx | --id - DPX notification provider id
-h/--help - Show help text
| List registered DPX notification providers. | Catalogic.GuardMode.Agent.exe config list notification-provider dpx [options] |
config add notification-provider dpx | -u/--username* - DPX username
-p/--password - DPX password, ENV variable: GMA_DPX_PASSWORD
--hostname* - DPX hostname
--batch-size - Maximum events batch size, default: 200
--enabled - Enable DPX notification provider, default: True
--send-frequency - Notification sending frequency in seconds, default: 5
-h/--help - Show help text
| Add a DPX instance as a notification provider. | Catalogic.GuardMode.Agent.exe config add notification-provider dpx --username <value> --password <value> --hostname <value> [options] |
config update notification-provider dpx | --id* - DPX notification provider id
-u/--username - DPX username
-p/--password - DPX password
--hostname - DPX hostname
--batch-size - Maximum events batch size, default: 200 --enabled - Enable DPX notification provider, default: True
--send-frequency - Notification sending frequency in seconds, default: 5
-h/--help - Show help text
| Update DPX notification provider configuration. | Catalogic.GuardMode.Agent.exe config update notification-provider dpx --id <value> [options] |
config remove notification-provider dpx | --id* - DPX notification provider id
-h/--help - Show help text
| Remove a DPX instance from the notification provider configuration. | Catalogic.GuardMode.Agent.exe config remove notification-provider dpx --id <value> [options] |
config list notification-provider syslog | --id - Syslog notification provider ID -h/--help - Show help text
| List Syslog notification providers. | Catalogic.GuardMode.Agent.exe config list notification-provider syslog [options] |
config add notification-provider syslog | --hostname* - Syslog hostname or IP address
--port - Syslog port, default: 514
--tls-enabled - Enable TLS communication, default: False
--validate-tls-certificate - Enable TLS certificate validation, default: True
--tls-certificate-path - Path to certificate file
--application-name Application name which will be included in Syslog messages, default: Catalogic-Guard-Mode-Agent
--output-template - Serilog message format, default: "[{Level:u3}]: {Message:l}{Exception}"
--protocol Syslog communication protocol, default: TCP, available: TCP, UDP
--batch-size - Maximum events batch size, default: 200
--enabled - Enable DPX notification provider, default: True
--send-frequency - Notification send frequency, default: 5 -h/--help - Show help text
| Add a Syslog server as a notification provider. | Catalogic.GuardMode.Agent.exe config add notification-provider syslog --hostname <value> [options] |
config update notification-provider syslog | --id* - Syslog notification provider ID
--hostname - Syslog hostname or IP address
--port - Syslog port, default: 514
--tls-enabled - Enable TLS communication, default: False
--validate-tls-certificate - Enable TLS certificate validation, default: True
--tls-certificate-path - Path to certificate file
--application-name Application name which will be included in Syslog messages, default: Catalogic-Guard-Mode-Agent
--output-template - Serilog message format, default: [{Level:u3}]: {Message:l}{Exception}
--protocol Syslog communication protocol. default: TCP, available: TCP, UDP
--batch-size - Maximum events batch size, default: 200
--enabled - Enable DPX notification provider, default: True
--send-frequency - Notification sending frequency in seconds, default: 5 -h/--help - Show help text
| Update Syslog notification provider configuration. | Catalogic.GuardMode.Agent.exe config update notification-provider syslog --id <value> [options] |
config remove notification-provider syslog | --id* - Syslog notification provider ID -h/--help - Show help text
| Remove a Syslog server from the notification provider configuration. | Catalogic.GuardMode.Agent.exe config remove notification-provider syslog --id <value> [options] |
config update notification-provider log | --batch-size - Maximum event batch size --enabled - Enables log notification provider --send-frequency-seconds - Interval, in seconds, between each batch of sent notifications -f|--file - Path to the configuration file, default: appsettings.json -h/--help - Show help text
| Update log notification provider configuration. | Catalogic.GuardMode.Agent config update notification-provider log [options] |
| -t|--token - Token value. If not set, a random string will be used instead, ENV variable: GM_REGISTRATION_TOKEN. -h/--help - Show help text
| Sets registration token used to authenticate registration with management server. | Catalogic.GuardMode.Agent registration-token set [options] |
config update basic-authentication | -u/--username - Username for REST API basic authentication, default: sysadmin
-p/--password* - Password for REST API basic authentication
-f/--file - Path to file where credentials will be saved, default: appsettings.json
-h/--help - Show help text
| Save basic authentication credentials into appsettings.json file. | Catalogic.GuardMode.Agent.exe config update basic-authentication --password <value> --username <value> [options] |
| --file* - Path to the configuration file that will be merged the current configuration -h/--help - Show help text
| Merge provided configuration file with current configuration. | Catalogic.GuardMode.Agent.exe config merge --file <PathToOldConfigurationFile> |
| --enabled - Enables the SMB TCP listener -p|--port - A port on which agent will listen to SMB rsyslog messages through TCP -t|--template - SMB message template. It has to match the full_audit:prefix value from smb.conf file --end - End marker of rsyslog message -h/--help - Show help text
| Update SMB monitoring configuration. SMB monitoring is only supported on Linux. | Catalogic.GuardMode.Agent config update smb [options] |
| directorypaths* - Paths to the scanned directories --update-interval - Interval, in seconds, between scan diagnostic information prompts, default: 5 --check-blocklist - If true, file names will be analyzed during scan to find files with suspicious names often used by ransomware, default: False --send-alert-notifications - If true, send out alerts on suspicious file found, default: True -h/--help - Show help text
| Execute a file scan on specific directories. | Catalogic.GuardMode.Agent scan execute <directorypaths...> [options] |
| -h/--help - Show help text
| List information about all scans. | Catalogic.GuardMode.Agent.exe scan list [options] |
| -h/--help - Show help text
| | Catalogic.GuardMode.Agend.exe scan show [options] |