Hosts can be laptops, workstations, servers, physical or virtual, where a supported operating system is installed. An Endpoint Agent can be deployed on a host with either a Windows, Mac, or Linux operating system. The installation process involves:
- (Optional) Configuring the Relay Server
Note: You must set up the default relay server before generating the Agent packager. Whenever the Relay server configuration is modified, agent policy is updated automatically. For more information on configuring the relay server, see Endpoint Configuration Guide.
- Generating an agent packager
- Generating the agent installer
You can run the agent installer specific to your operating system to deploy agents on the hosts. The agents collect endpoint data and tracking events from these hosts. It monitors key behaviors related to process, file, registry, console, and network, and forwards them as events to the Endpoint Server over HTTPs.
Note: The Endpoint agent can operate either in Insights or Advanced mode depending on the policy configuration. For more information, see the NetWitness Endpoint Configuration Guide.
Supported Operating Systems
Note: From version 12.0 and higher, NetWitness Endpoint agents run on ARM devices running on Windows 10 and 11.
| Windows | Linux (The agent software runs only on x86_64 architecture) | macOS |
|---|---|---|
| Windows 11 (up to version 22H2) |
CentOS 7.x and 8.x |
macOS Ventura (13) |
|
Windows 10 Kiosk Mode (64-bit) |
Red Hat Enterprise Linux 7.x and 8.x |
macOS Monterey (12) |
|
Windows 10 (32 and 64-bit) |
SUSE Linux Enterprise Server 12 SP3, 12 SP4, 12 SP5 and 15 SP1 |
macOS Big Sur (11 ) |
|
Windows 8.1 (32 and 64-bit) |
Ubuntu 16.04 LTS, 18.04 LTS, and 20.04 LTS |
macOS Catalina (10.15) |
|
Windows 8 (32 and 64-bit) |
|
macOS Mojave (10.14) |
|
Windows 7 (32 and 64-bit) |
macOS High Sierra (10.13) | |
|
Windows Server 2022 |
macOS Sierra (10.12) | |
|
Windows Server 2019 |
OS X El Capitan (10.11) | |
|
Windows Server 2016 |
OS X Yosemite (10.10) | |
|
Windows Server 2012 R2 |
OS X Mavericks (10.9) | |
|
Windows Server 2012 |
||
| Windows Server 2008 R2 (32 and 64-bit) |
Hardware Requirements
The following are the minimum hardware requirements to run an agent in a host (laptops, workstations, servers, physical or virtual):
-
256 MB RAM
-
300 MB disk space
-
Single-core CPU
Installation Flowchart
The following flowchart illustrates the Endpoint agent installation process:
