11.4 EP Agent Install: Generate an Endpoint Agent Packager

Document created by RSA Information Design and Development Employee on Apr 11, 2019Last modified by RSA Product Team on Sep 8, 2020
Version 9Show Document
  • View in full screen mode

To generate an agent packager to collect endpoint data from hosts:

  1. Log in to NetWitness Platform.

    Type https://<NW-Server-IP-Address>/login in your browser to get to the NetWitness Platform Login screen.

  2. Click (Admin) > Services.

  3. Select the Endpoint Server service and click Settings menu > View > Config > Agent Packager tab.
    The Agent Packager tab is displayed.


  1. Enter the values in the following fields:


    Endpoint Server

    Displays all the available Endpoint servers in the deployed.
    Endpoint Server Forwarder (Optional)The optional Endpoint Server Forwarder allows you to enter an alternative Fully Qualified Domain Name (FQDN) or IP address on which the sever can be reached in the case that agents need to go through a NAT or similar in order to reach the Endpoint Server. If specified forwarder is not available, agent will eventually fall back to the packaged address.
    HTTPS PortPort number. For example, 443.

    Server Validation

    Determines how the agent validates the Endpoint Server certificate:

    • None – The agent will not validate the server certificate.
    • Certificate Thumbprint – default selection. The agent identifies the server by validating the thumbprint of the Root CA of the server certificate.
    Certificate PasswordPassword used to download the packager. The same password is used while generating the agent installer. For example, netwitness.
    Auto UninstallDate and time the agent automatically uninstalls. You can leave it blank if not required.

    Force Overwrite

    Overwrites the installed Windows agent regardless of the version. If this option is not selected, the same installer can be run multiple times on a system, but installs the agent only once.

    If you enable this option, make sure that you provide the same service name and driver service name as the previously installed agent, while creating a new agent.

    Note: If you want to force overwrite with MSI, run the following command:
    msiexec /fvam <msifilename.msi>

    After you move an agent from one deployment to another, using Force Overwrite to change the agent incurs an 8-hour delay in communication between the agent and its Endpoint Server on the new deployment. To eliminate the delay, uninstall the agent from the old deployment, and reinstall the agent on the new deployment.

    Agent Configuration

    Note: The following Service and Driver fields are applicable only for Windows.


    Service NameName of the agent service. For example, NWEAgent.

    Display Name

    Display name of the agent service. For example, RSA NWE Agent.

    DescriptionDescription of the agent service. For example, RSA NetWitness Endpoint.



    Driver Service Name

    Name of the driver service. For example, NWEDriver.

    Driver Display NameDisplay name of the driver service. For example, RSA NWE Driver.
    Driver DescriptionDescription of the driver service. For example, RSA NetWitness Endpoint Driver.
    Generate AgentGenerates an agent packager.
  2. Click Generate Agent.

    This downloads an agent packager (AgentPackager.zip) on the host where you are accessing the NetWitness Platform user interface.


Previous Topic:Prerequisites
You are here

Table of Contents > Generate an Agent Packager