Agents

Case-Hub Agents

Case-Hub Agents are responsible for polling data produced by configured Inputs (see Inputs if you have not yet configured these). Agents will poll your Input for the necessary data before processing it into a format the Case-Hub API understands.

There are several roles that will allow Agents to perform a variety of different functions (see Agent Roles for these roles and their functions).

Creating Agents

To create new Agents in Case-Hub, the following steps can be used:

Navigate to the System -> Agents page from Dashboard
Click "New Agent", copy the generated command with the agent pairing token, and execute it on the Case-Hub Server.
Note: Agent creation and deployment require Administrative privileges

Agent Roles

Agents must take on at least one of the following roles in order to be functional:

Agent Roles

Description

poller

Pulls data from defined Inputs and pushes it to Case-Hub in the form of an Event

detector

Runs Detection Rules against defined Inputs

runner (beta)

Executes ad-hoc and playbook actions against defined resources

PreviousCredentials NextField Templates

Last updated 1 year ago