Managing the Agent Configuration

Owned by Mirza Baig (Unlicensed)
Last updated: Sept 13, 2018
2 min read

Agent Management Console

The most effective and simplest way to configure the Epilog service is to use the Snare web based Remote Control Interface. If remote control is enabled, the process of configuring large numbers of agents can be further simplified by taking advantage of the Snare Server Agent Management Console. See User Guide to the Snare Agent Management Console on the Intersect Alliance website.

Group Policy

The configuration of the agents can be managed using Group Policy Objects. As discussed in Appendix B, the Snare Agent policy key is located at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Intersect Alliance\Epilog and uses exactly the same settings and structure as the standard registry location. The agent gives the policy location the highest precedence when loading the configuration (that is, any policy settings will override local settings) and as long as there is a complete set of configuration options between the policy and standard registry locations, the agent will operate as expected.

At the end of each setting on the configuration pages, one of these characters may be displayed: (SGP), (AGP), (LR), (D). These are sources from where the setting came as explained below:

  • SGP (Super Group Policy): If different types of Snare agents (Snare for Windows, Epilog for Windows, Snare for MSSQL) are running on a network then super group policy can be applied and all the agents will adhere to this policy. The registry path of SGP is SOFTWARE\Policies\InterSect Alliance\Super Group Policy.
  • AGP (Agent Group Policy: This is the regular group policy applied to all Epilog agents. The registry path is SOFTWARE\Policies\Intersect Alliance\Epilog.
  • LR (Local Registry): This is the setting assigned to the agent during installation and applied to the agent when neither of the SGP and AGP are applied to the agent.
  • D (Default): If due to any reason the agent cannot read either of SGP, AGP or LR registry values then it assigns the default settings referred to as (D).

Below is a sample of an Administrative Template (ADM) file that can be loaded into a Group Policy Object to assist with selecting and setting configuration options.

CLASS MACHINE

CATEGORY !!"InterSect Alliance Snare Epilog Settings"
#if version >= 4
EXPLAIN !! "Contains examples of different policy types.\n\nShould display policy settings the same as \nADMX File - Example Policy settings category."
#endif
CATEGORY !!"Config"
;sets policy under "Software\Policies\InterSect Alliance\Epilog\Config"
POLICY !!"Override detected DNS Name"
#if version >= 4
SUPPORTED !!"This setting works with all agents"
#endif
EXPLAIN !!"This setting specifies the Hostname of the client.\n\n Must be not more than 100 chars, otherwise will be truncated."
KEYNAME "Software\Policies\InterSect Alliance\Epilog\Config"
PART !!"Override detected DNS Name with:" EDITTEXT EXPANDABLETEXT
VALUENAME "Clientname"
END PART
END POLICY
END CATEGORY;CONFIG_CATEGORY