How do we monitor Insight Agent health/functionality on servers. Not only if it is (still) running, unavailable, but also if it is able to send it's data to the collector without issues? This has to be done with external monitoring tooling (something other than Rapid 7 GUI itself), like PRTG for instance
Posted by Amnon Hoppe 6 days ago
I have been trying to deploy the IDR agent using GPO with no luck. I turned on debugging and the installer cannot find the configuration files. I have followed the guide here: https://insightagent.help.rapid7.com/docs/mass-deployments#section-microsoft-group-policy Here is the error: Failure: One or more of the following files were not found: config.json, cafile.pem, client.crt, client.key. Make sure you locate these files in the same directory as the installer. I also used ADSI edit to add the additional files as follows to the msiFileList variable : 0:\\fs01\Software Deployment\agentInstaller-x86_64.msi 1:\\fs01\Software Deployment\config.json 2:\\fs01\Software Deployment\client.key 3:\\fs01\Software Deployment\client.crt 4:\\fs01\Software Deployment\cafile.pem Has anyone deployed this successfully with a GPO? Thanks!
Posted by Phil 14 days ago
So, we have deployed agents to all of our datacenter servers. Some of them show up in the console checking in, but there is about 300+ that don't show up. When we go to the online cloud for insight is shows all of them checking in but only some make it on prem. Any suggestions?
Posted by Chris H. about a month ago
Is there any way to know what it is scanning, when it scans, and can you run a manual scan? Trying to see if the remediation makes a difference on remote systems, but not seeing updates in the console for a long time. Wondering if there is a way to get a scan done manually? What about remotely starting the agent? Would that kick off a scan?
Posted by Kerry LeBlanc 2 months ago
We are scanning K8s nodes using the agent to detect container usage. It turns out that the churn of hosts in the QA environment is causing my licensed endpoint count to inflate. At any one time, I have about 200 nodes, however I have thousands in my agent counts. Can I do something on the host during tear down to tell Rapid7 that agent is going away?
Posted by ekelson 3 months ago
Hi, I am faced with this conundrum where Vormetric (LSOF utility) is blocking Rapid7 agents installed on our mysql servers. This tends to generate a lot of noise and has forced us to disable the agents on the servers. However, we need to have these agents running to scan for vulnerabilities. Is there a way to configure the agents to ignore accessing specific directories/filesystems? Has anyone come across is this issue and how was it resolved? Eagerly anticipating help. Cheers, Michael
Posted by Michael Damanka 3 months ago
We did a mass deployment of the insight agent, but none of the machines are checking in. I checked a few logs and show there was proxy error, and the client is stopped and will not start. How do we get the client started on the machines? I believe I may have resolved the proxy error.
Posted by Aaron Couts 5 months ago