Agent CLI Reference
Hint. Required parameters in the table below are marked with an asterisk (*).
run
--enable-watcher - Enable filesystem watcher, default: True
-h/--help - Show help text
Start Catalogic GuardMode Agent.
Catalogic.GuardMode.Agent.exe run
register dpx
-u/--username* - Agent REST API username
-p/--password* - Agent REST API password
--operating-system - Current OS
--group-name - DPX node group name, default: DefaultGroup
-h/--help - Show help text
Register current agent as a DPX security node. You have to add a DPX instance as notification provider before using this command.
Catalogic.GuardMode.Agent.exe register dpx --username <value> --password <value> [options]
deregister dpx
--id - DPX notification provider ID
-h/--help - Show help text
Deregister current agent as DPX security node.
Catalogic.GuardMode.Agent deregister dpx [options]
config list notification-provider dpx
--id - DPX notification provider id
-h/--help - Show help text
List registered DPX notification providers.
Catalogic.GuardMode.Agent.exe config list notification-provider dpx [options]
config add notification-provider dpx
-u/--username* - DPX username
-p/--password - DPX password, ENV variable: GMA_DPX_PASSWORD
--hostname* - DPX hostname
--batch-size - Maximum events batch size, default: 200
--enabled - Enable DPX notification provider, default: True
--send-frequency - Notification sending frequency in seconds, default: 5
-h/--help - Show help text
Add a DPX instance as a notification provider.
Catalogic.GuardMode.Agent.exe config add notification-provider dpx --username <value> --password <value> --hostname <value> [options]
config update notification-provider dpx
--id* - DPX notification provider id
-u/--username - DPX username
-p/--password - DPX password
--hostname - DPX hostname
--batch-size - Maximum events batch size, default: 200
--enabled - Enable DPX notification provider, default: True
--send-frequency - Notification sending frequency in seconds, default: 5
-h/--help - Show help text
Update DPX notification provider configuration.
Catalogic.GuardMode.Agent.exe config update notification-provider dpx --id <value> [options]
config remove notification-provider dpx
--id* - DPX notification provider id
-h/--help - Show help text
Remove a DPX instance from the notification provider configuration.
Catalogic.GuardMode.Agent.exe config remove notification-provider dpx --id <value> [options]
config list notification-provider syslog
--id - Syslog notification provider ID
-h/--help - Show help text
List Syslog notification providers.
Catalogic.GuardMode.Agent.exe config list notification-provider syslog [options]
config add notification-provider syslog
--hostname* - Syslog hostname or IP address
--port - Syslog port, default: 514
--tls-enabled - Enable TLS communication, default: False
--validate-tls-certificate - Enable TLS certificate validation, default: True
--tls-certificate-path - Path to certificate file
--application-name Application name which will be included in Syslog messages, default: Catalogic-Guard-Mode-Agent
--output-template - Serilog message format, default: "[{Level:u3}]: {Message:l}{Exception}"
--protocol Syslog communication protocol, default: TCP, available: TCP, UDP
--batch-size - Maximum events batch size, default: 200
--enabled - Enable DPX notification provider, default: True
--send-frequency - Notification send frequency, default: 5
-h/--help - Show help text
Add a Syslog server as a notification provider.
Catalogic.GuardMode.Agent.exe config add notification-provider syslog --hostname <value> [options]
config update notification-provider syslog
--id* - Syslog notification provider ID
--hostname - Syslog hostname or IP address
--port - Syslog port, default: 514
--tls-enabled - Enable TLS communication, default: False
--validate-tls-certificate - Enable TLS certificate validation, default: True
--tls-certificate-path - Path to certificate file
--application-name Application name which will be included in Syslog messages, default: Catalogic-Guard-Mode-Agent
--output-template - Serilog message format, default: [{Level:u3}]: {Message:l}{Exception}
--protocol Syslog communication protocol. default: TCP, available: TCP, UDP
--batch-size - Maximum events batch size, default: 200
--enabled - Enable DPX notification provider, default: True
--send-frequency - Notification sending frequency in seconds, default: 5
-h/--help - Show help text
Update Syslog notification provider configuration.
Catalogic.GuardMode.Agent.exe config update notification-provider syslog --id <value> [options]
config remove notification-provider syslog
--id* - Syslog notification provider ID
-h/--help - Show help text
Remove a Syslog server from the notification provider configuration.
Catalogic.GuardMode.Agent.exe config remove notification-provider syslog --id <value> [options]
config update notification-provider log
--batch-size - Maximum event batch size
--enabled - Enables log notification provider
--send-frequency-seconds - Interval, in seconds, between each batch of sent notifications
-f|--file - Path to the configuration file, default: appsettings.json
-h/--help - Show help text
Update log notification provider configuration.
Catalogic.GuardMode.Agent config update notification-provider log [options]
registration-token set
-t|--token - Token value. If not set, a random string will be used instead, ENV variable: GM_REGISTRATION_TOKEN.
-h/--help - Show help text
Sets registration token used to authenticate registration with management server.
Catalogic.GuardMode.Agent registration-token set [options]
config update basic-authentication
-u/--username - Username for REST API basic authentication, default: sysadmin
-p/--password* - Password for REST API basic authentication
-f/--file - Path to file where credentials will be saved, default: appsettings.json
-h/--help - Show help text
Save basic authentication credentials into appsettings.json file.
Catalogic.GuardMode.Agent.exe config update basic-authentication --password <value> --username <value> [options]
config merge
--file* - Path to the configuration file that will be merged the current configuration
-h/--help - Show help text
Merge provided configuration file with current configuration.
Catalogic.GuardMode.Agent.exe config merge --file <PathToOldConfigurationFile>
config update smb
--enabled - Enables the SMB TCP listener
-p|--port - A port on which agent will listen to SMB rsyslog messages through TCP
-t|--template - SMB message template. It has to match the
full_audit:prefixvalue fromsmb.conffile--end - End marker of rsyslog message
-h/--help - Show help text
Update SMB monitoring configuration. SMB monitoring is only supported on Linux.
Catalogic.GuardMode.Agent config update smb [options]
scan execute
directorypaths* - Paths to the scanned directories
--update-interval - Interval, in seconds, between scan diagnostic information prompts, default: 5
--check-blocklist - If true, file names will be analyzed during scan to find files with suspicious names often used by ransomware, default: False
--send-alert-notifications - If true, send out alerts on suspicious file found, default: True
-h/--help - Show help text
Execute a file scan on specific directories.
Catalogic.GuardMode.Agent scan execute <directorypaths...> [options]
scan list
-h/--help - Show help text
List information about all scans.
Catalogic.GuardMode.Agent.exe scan list [options]
scan show
id* - ID of a scan
-h/--help - Show help text
Shows scan details.
Catalogic.GuardMode.Agend.exe scan show [options]