Use the Cyberwatch agent

Add an asset in agent-based mode

  1. Click on Assets management > Assets
  2. Click on the “Add” button
  3. Select the platform on which the agent will be installed
  4. Follow the given procedure to complete the agent installation with the help of the right part of the page

Delete one or more agent(s)

  1. Click on Assets management > Assets
  2. Select the agents to be deleted
  3. Click on the “Bulk edit” button
  4. Click on the “Delete the selected agents” button and confirm the deletion

The default deletion mode deletes agents along with their assets, but keeps their API keys. If an agent starts communicating again with Cyberwatch, it will automatically be re-registered with a default configuration: its description and groups, among others, will have been reset. This deletion mode is mainly meant for agents that stopped communicating.

Agents can also be uninstalled by checking the “Uninstall the selected agents” box in the agent deletion confirmation dialog. In that case, agents will trigger the uninstallation process, and on success will be deleted from Cyberwatch along with their assets and API keys.

For more details on how the Cyberwatch agent works, consult documentation sections below:

List agent parameters and commands

List of Cyberwatch agent commands and parameters are detailed in its help and available by running following commands.

  • On Unix:
cyberwatch-agent --help
  • On Windows, from the agent installation directory (C:\Program Files\CYBERWATCH SAS\CyberwatchAgent by default):
./cyberwatch-agent.exe --help

As shown in the example output bellow, those commands will return a list containing available commands and parameters for the agent use:

> cyberwatch-agent --help
usage: cyberwatch-agent [-h] [-V] [-q] [-d] [--api-url URL] [--access-key-id KEY] [--secret-access-key KEY]
                        [--category CATEGORY] [--later] [--allow_selfsigned bool] [--proxy_enabled bool]
                        [--proxy_host URL] [--groups GROUPS]
                        [{check,register,get_tasks,set_config}]

positional arguments:
  {check,register,get_tasks,set_config}

options:
  -h, --help            show this help message and exit
  -V, --version         show program\'s version number and exit
  -q, --quiet           quiet output: print only errors
  -d, --debug           debug output
  --api-url URL         set api base url when registering
  --access-key-id KEY   set api access key id when registering
  --secret-access-key KEY
                        set api secret access key when registering
  --category CATEGORY   set the category of the computer when registering
  --later               Register only the next time the agent starts
  --allow_selfsigned bool
                        allow selfsigned certificates from the Cyberwatch server (default false)
  --proxy_enabled bool  enable proxy for Cyberwatch API requests (default false)
  --proxy_host URL      set the proxy for Cyberwatch API requests (https://username:password@host:port/ format)
  --groups GROUPS       set the server\'s groups by separating each one with a coma

Common errors during agent registration

Agent registration may fail by returning an HTTP 401 Unauthorized code.

You can check an agent’s error messages by reviewing the logs, available at /var/log/cyberwatch-agent on Linux systems, or C:\Program Files\CYBERWATCH SAS\CyberwatchAgent\logs\agent.log on Windows systems.

This section of the documentation describes the common causes of errors during registration.

Deleted or revoked API keys

When the agent uses credentials linked to a deleted or revoked API key, registration cannot be validated.

A user’s API key information is accessible from the “API Keys” section of their profile page, if it is the current user. You can quickly access it via the profile icon at the top right of the interface.

The profile page also allows you to check whether the user has sufficient permissions to install an agent.

API keys belonging to an inactive or deleted user cannot be used.

Time offset

A difference of at least two hours between the Cyberwatch server time and the host machine time can cause a communication error. Aligning the time zones on both systems is necessary to resolve this issue.

Vulnerability database not synchronized

A vulnerability database that is not synchronized will have an incomplete list of supported operating systems. This will prevent the agent from identifying operating systems and, therefore, from completing its registration.

You can check the list of supported OS on this page, or view the current synchronization status in the Administration page, at the top section labeled “Security Database.”

There is also a button to start synchronization or to manually import the database for offline users.

Back to top