Installing GuardMode Agent on Windows
Last updated
Last updated
You can select a custom installation path by clicking on the folder icon next to the default installation path or continue with the default path.
Next, you will be prompted to create a password for accessing GuardMode Agent via its REST API.
See also. To learn more about GuardMode Agent's REST API, see REST API documentation.
You can also configure GuardMode Agent REST API authentication using CLI in the project's root directory:
The Setup DPX Notification checkbox (checked by default) guides you through the following configurations:
Setting up DPX Notification Provider to send events and logs to the DPX panel
Adding Catalogic GuardMode Agent to DPX Master Server (registering it as a Node, which allows you to configure the Agent through DPX WebUI)
The Setup Syslog notifications option (unchecked by default) guides you through the following configurations:
Setting up GuardMode Agent to send notifications to the Syslog server
Setting up communication using TLS
Tip. If you unchecked the Setup DPX notification box, this step will be skipped.
To configure your GuardMode Agent with DPX, you need to provide the following information:
Hostname is the address of their DPX Master Server
Username is DPX WebUI username
Password is DPX WebUI password
Validate DPX SSL certificate: Tick the checkbox if you want to validate the DPX Master Server's SSL certificate.
Note. When configuring notification providers or DPX authentication, you can specify a full hostname with the protocol (e.g. http://dpxserver.com) instead of just the hostname. If no protocol is provided, the default HTTP will be used.
Tip. You can enable or disable DPX SSL certificate validation using GuardMode CLI. For details, see: .\Catalogic.GuardMode.Agent.exe config update notification-provider dpx --help
You can also configure GuardMode Agent with DPX using CLI in the project's root directory:
Tip. Make sure you are using the same network as the Master Server.
Hint. If you want to configure GuardMode Agent with Syslog, make sure to check the Setup Syslog notifications checkbox during the additional configuration step.
To configure your GuardMode Agent with Syslog, you need to provide the following information:
Application Name is the name that will be displayed in Syslog message parameters
Hostname is the hostname or IP address of the Syslog server
You only need to modify the Port (514 by default) value if you want to use the TLS protocol to send your GuardMode Agent notifications.
To use TLS with GuardMode Agent, you will need a TLS certificate. You also need use to change the value of Port to 6514. In the TLS certificate field, you need to provide a path to the certificate. If your certificate is untrusted, you can check the Disable certificate validation checkbox.
You can also configure GuardMode Agent with Syslog using CLI in the project's root directory:
Tip. Make sure you are using the same network as the Master Server.
Now the installation wizard will start the deployment of GuardMode Agent to your machine.
Once the installation is complete, you can make sure the GuardMode Agent is running, by opening the Services tab of Windows Task Manager and finding a service named service named "CatalogicGuardModeAgent" with the status "Running".
See also. If you want to alter audit rules after installation, see Altering Audit Rules.
