Go to the Agents page, and click on the Download Agent button.
After you click the button, the following modal appears:
Select the group that you want the agent(s) you are installing to initially appear in.
If the group does not appear in the list, you either need to create the group, or ask the group administrator to add you to the existing group.
After installation, you can always change the group one agent is in, or multiple agents at a time. It is typically easier to configure group membership before mass deployment, than to organize the agents after they install.
Administrative access to a machine is required to install and load the Cyber Crucible service and driver.
The script installation specifically downloads and the configure installer to the default C:\ location. The script must be executed as a user or role that has permission to the download and execution location.
Thus, either a user with permission to use C:\ during installation is needed, or the script (detailed below) needs adjusted to download and execute a different location.
This installation method allows the user to manually configure and install an installation.
This installation method requires a user with permissions to install to the specified group, to be able to login.
It is best used for 1 or 2 installations, by a single user.
This is by far the most common installation method.
With this method, the Cyber Crucible web application automatically configures the installation process, and secure agent bootstrapping to the web application.
A Windows batch file is used. While there are other more complex installation methods possible, this method has the widest compatibility with Remote Management tools.
The batch file may be run as a user with the appropriate permissions (usually administrator), or copy/pasted into your preferred automatic deployment tool.
Below is a technical examination of the contents of the batch file, which may be configured to your needs.
Installation Script Detailed Examination
The group identifier selected during script creation is entered into the script, as is the oauth token required for agents to join the specific group.
Please note that this oAuth authentication token is not associated with the web application, nor any user. It cannot be used to make REST calls to the web application API.
In some environments, permissions may be gained automatically. This is typically in circumstances where a user is running the installation script by clicking on it, versus programmatic access. In enterprise environments or automated deployment tools, it likely is not executed.
At this next location in the script, the file location that the installer may be downloaded and executed from may be customized.
It is highly recommended to make this location local to the machine the tool is being installed on. Multiple machines downloading installers to the same location will cause failures and overwrites.
Please note that automatic restart via the installation script is not used by default. This is because automated reboot in this script lacks the management to schedule installs for a specific time, clean shutdown methods which check whether the user is currently logged in or running applications, or giving warning to the user of an impending reboot.
This next section performs the download and custom naming of the installer on the machine. Please note that the date and time is used to provide uniqueness to the installation file, in case it is downloaded multiple times with different settings or versions.
Bitsadmin is a Windows utility that attempts to download files without negatively impacting the machine if the Operating System is currently under heavy load.
In some environments the Bits protocol is disabled. Additionally, bits may be in a non-operational state due to a Windows error. In case the download via Bits fails, the next section uses an alternative method (.net JSC) to download the installer file. This code only executes is the previous bits downloader failed.
After the installer is downloaded, this final section of the script runs the installer. Please note that customization of the command line arguments should be tested, to ensure that installer.exe settings and protections align with the command line arguments provided here.
Please open a support ticket if additional settings are required, or for advanced environments such as SSL man in the middle settings.
Please notice that reboot is not required, and commented out from execution. Rarely, more commonly in older versions of Windows, drivers would not register & load in the operating system despite being instructed to by the installer. In those scenarios, the easiest method of ensuring the driver is loaded, is to export agents to an Excel document, and look for missing machine names from your list of assets. If all of the installations are in a new group, agent counts may also be used.
This section at the end of the installation script is the function used to download the installer using JSC if required. It is only executed if .net JSC is leveraged to download the installer, such as if bits fails.