NetWitness Platform Online Documentation

Browse the official NetWitness Platform Online documentation for helpful tutorials, step-by-step instructions, and other valuable resources.

Options

Subscribe to RSS Feed

Bookmark

Subscribe

Printer Friendly Page

Report Inappropriate Content

Versions

Collections

All Downloads

Table of Contents

Generate an Endpoint Agent PackagerGenerate an Endpoint Agent Packager

To generate an agent packager to collect endpoint data from hosts:

Log in to NetWitness.

Type https://<NW-Server-IP-Address>/login in your browser to get to the NetWitness Login screen.
Click (Admin) > Services.
Select the Endpoint Server service and click > View > Config > Agent Packager tab.
The Agent Packager tab is displayed.

Enter the values in the following fields:

Field	Description
Endpoint Server	Displays all the available Endpoint servers in the deployed.
Endpoint Server Forwarder (Optional)	The optional Endpoint Server Forwarder allows you to enter an alternative Fully Qualified Domain Name (FQDN) or IP address on which the sever can be reached in the case that agents need to go through a NAT or similar in order to reach the Endpoint Server. If specified forwarder is not available, agent will eventually fall back to the packaged address.
HTTPS Port	Port number. For example, 443.
Server Validation	Determines how the agent validates the Endpoint Server certificate: None – The agent will not validate the server certificate. Certificate Thumbprint – default selection. The agent identifies the server by validating the thumbprint of the Root CA of the server certificate.
Certificate Password	Password used to download the packager. The same password is used while generating the agent installer. Note: The password must be minimum seven characters long and a combination of uppercase and lowercase letters, numbers, and special characters. For example, Admin@123.
Auto Uninstall	Date and time the agent automatically uninstalls. You can leave it blank if not required.
Tag Configuration	When you click Assign Tags under Tag Configuration, you can do any of the following: Create new tags and assign them to the hosts. Select already existing tags and assign them to the hosts. For more information, see Investigate Hosts.
Force Overwrite	Overwrites the installed Windows agent regardless of the version. If this option is not selected, the same installer can be run multiple times on a system, but installs the agent only once. If you enable this option, make sure that you provide the same service name and driver service name as the previously installed agent, while creating a new agent. Note: If you want to force overwrite with MSI, run the following command: msiexec /fvam <msifilename.msi> After you move an agent from one deployment to another, using Force Overwrite to change the agent incurs an 8-hour delay in communication between the agent and its Endpoint Server on the new deployment. To eliminate the delay, uninstall the agent from the old deployment, and reinstall the agent on the new deployment.
Agent Configuration Note: The following Service and Driver fields are applicable only for Windows.
Service
Service Name	Name of the agent service. For example, NWEAgent.
Display Name	Display name of the agent service. For example, NWE Agent.
Description	Description of the agent service. For example, NetWitness Endpoint.
Driver
Driver Service Name	Name of the driver service. For example, NWEDriver.
Driver Display Name	Display name of the driver service. For example, NWE Driver.
Driver Description	Description of the driver service. For example, NetWitness Endpoint Driver.
Generate Agent	Generates an agent packager.

Click Generate Agent.

This downloads an agent packager (AgentPackager.zip) on the host where you are accessing the NetWitness user interface.

On this page