Contents x
Sensor Install
  • 22 Nov 2021
  • Dark
    Light
Contents

Sensor Install

  • Updated on 22 Nov 2021
  • Dark
    Light

Requirements

  • Port 443 from client to Endgame console

Deploy Sensor to Windows

1. On the Left Navigation toolbar, click the ADMINISTRATION button, then select the SENSOR tab.  

2. Locate the appropriate sensor profile to use and take note of or copy the API key, which is needed to run the install command.

3. Click Download Profile in the corresponding INSTALLER/UNINSTALLER column.

4. Unzip the SensorInstaller folder.

5. Using your preferred management tool, copy the SensorWindowsInstaller file to the endpoint(s).

NOTE: The name of the sensor profile is appended to the end of the installer filename. Be sure to include it in the command specified in the following step.

SensorWindowsInstaller-<profile name>.exe -c SensorWindowsInstaller-<profile name>.cfg -k <API key> -l install.log
The -c option uses the specified configuration, and the -k option, which is mandatory, authenticates the API key. While optional, it is recommended to include the -l option to create a log fil

 

7. On the Left Navigation toolbar in the Endgame platform, click the ENDPOINTS button .

8. At the top of the page, select the Sensors Active tab to filter the Endpoints list to endpoints with active sensors.

9. Verify that the endpoint(s) on which the sensor was installed on appears in the list. If it does not appear in the list, review the log file to troubleshoot the problem.


Deploy Sensor to Linux 

On the Left Navigation toolbar, click the ADMINISTRATION button  , then select the SENSOR tab.

 2. Locate the appropriate sensor profile to use and take note of or copy the API key, which is needed to run the install command.

3. Click Download Profile in the corresponding INSTALLER/UNINSTALLER column.

4. Unzip the SensorInstaller folder.

5. Using your preferred management tool, copy the SensoLinuxInstaller file to the endpoint(s).

NOTE: The name of the sensor profile is appended to the end of the installer filename. Be sure to include it in the command specified in the following step.

6. Run the following command to configure the executable to push the sensor to the endpoint:

chmod +x SensorLinuxInstaller-<profile name>
sudo ./SensorLinuxInstaller-<profile name> -c SensorLinuxInstaller-<profile name>.cfg -k <API key> -l install.log
On the Left Navigation toolbar in the Endgame platform, click the ENDPOINTS button .

7. At the top of the page, select the Linux OS tab, and then select the Active tab to filter the Endpoints list to Linux endpoints with active sensors.

8. Verify that the endpoint(s) on which the sensor was installed on appears in the list. If it does not appear in the list, review the log file to troubleshoot the problem.

 

Deploy Sensor to Mac Endpoints 

1. On the Left Navigation toolbar, click the ADMINISTRATION button  , then select the SENSOR tab.

2. Locate the appropriate sensor profile to use and take note of or copy the API key, which is needed to run the install command.

3. Click Download Profile in the corresponding INSTALLER/UNINSTALLER column.

IMPORTANT! If you are installing a sensor on endpoints running Catalina (10.15), run the following command to allow the installer program to run: 


   xattr -c SensorInstaller.zip

4. Unzip the SensorInstaller folder.

5. Using your preferred management tool, copy the SensorMacOSInstaller file to the endpoint(s).

6. Run the following command to configure the executable to push the sensor to the endpoint:

chmod +x SensorMacOSInstaller-<profile name>sudo ./SensorMacOSInstaller-<profile name> -c SensorMacOSInstaller-<profile name>.cfg -k <API key> -l install.log
The -c option uses the specified configuration, and the -k option, which is mandatory, authenticates the API key. While optional, it is recommended to include the -l option to create a log file.

 

NOTE: If you do not use macOS MDM and want to use other out-of- band tools to deploy a sensor for macOS Mojave (10.14) or Catalina (10.15), you will receive a pop-up message from Apple that informs the sensor kernel module (kext) is blocked, and a button to go to System Preferences to allow it next time, which you need to do before proceeding. For Catalina (10.15), you must also reboot the system after approving the sensor text in System Preferences. After approving the kext, rerun the out-of-band command to successfully deploy the sensor.

 


 For Catalina (10.15), after installing the sensor, you must grant the sensor full disk access via the Privacy tab in System Preferences > Security & Privacy. Alternatively, this can be granted via macOS MDM.

7. On the Left Navigation toolbar in the Endgame platform, click the ENDPOINTS button .

8. At the top of the page, select the Mac  tab, and then select the Active tab to filter the Endpoints list to Linux endpoints with active sensors.

8. Verify that the endpoint(s) on which the sensor was installed on appears in the list. If it does not appear in the list, review the log file to troubleshoot the problem.



Current Install Commands per OS

 Windows 

SensorWindowsInstaller-Expedient-Public-DNS-Name.exe -c SensorWindowsInstaller-Expedient-Public-DNS-Name.cfg -k 8BEC967876EA8DA7BEA9 -l install.log

Mac 

SensorMacOSInstaller-Expedient-Public-DNS-Name -c SensorMacOSInstaller-Expedient-Public-DNS-Name.cfg -k 8BEC967876EA8DA7BEA9 -l install.log

Linux 

SensorLinuxInstaller-Expedient-Public-DNS-Name -c SensorLinuxInstaller-Expedient-Public-DNS-Name.cfg -k 8BEC967876EA8DA7BEA9 -l install.log

 

Was this article helpful?
What's Next
Expedient Homepage

To open a Support Ticket please visit the Support Management Console