Agent settings

Agent settings are located on Administration > System Settings > Agents.

Hostnames

Update the "Hostname" entry if an IP is used as a hostname and a change in IP is detected on the computer after Agent/Appliance-initiated communication or discovery: Updates the IP address displayed in the computer's "Hostname" property field if an IP change is detected.

The Deep Security Manager always identifies computers by using a unique fingerprint, not their IP addresses or hostnames.

Agent-Initiated Activation

For more information on Agent-Initiated Activation, see Command-Line Utilities and Use deployment scripts to add and protect computers.

Allow Agent-Initiated Activation

  • For Any Computers: Any computers, whether they are already listed on the Deep Security Manager's Computers page or not.
  • For Existing Computers: Only computers already listed on the Computers page.
  • For Computers on the following IP List: Only computers whose IP address has a match on the specified IP List.

Policy to assign (if Policy not assigned by activation script): The security policy to assign to the computer if no policy has been specified in the activation script.

If an event-based task exists which assigns policies to computers where activation is agent-initiated, the policy specified in the event-based task will override the policy assigned here or in the activation script.

Allow Agent to specify hostname: Select this option to allow the agent to specify the hostname by providing it to the Deep Security Manager during the agent activation process.

If a computer with the same name already exists: If a computer, VMware virtual machine, AWS instance, or Azure VM with the same Agent GUID or certificate is already listed on the Computers page, you can configure the Deep Security Manager to take the following actions:

  • Do not allow activation: The computer object will not be activated.
  • Activate a new Computer with the same name: The Deep Security Manager will create a new computer object with a new name.
  • Re-activate the existing Computer: The existing computer object will be re-activated.

Reactivate cloned Agents: When a new computer (computer, VMware virtual machine, AWS instance, or Azure VM) that is running an already activated Deep Security Agent sends a heartbeat to the Deep Security Manager, the Deep Security Manager will recognize it as a clone. It will be reactivated as a new computer without the policies or rules of the original computer .

Reactivate unknown Agents: Select this setting to allow activated computers that were deleted from Deep Security Manager to reactivate if they reconnect.

This setting is often enabled together with Inactive Agent Cleanup to ensure that certain computers can still reconnect if they are deleted. To learn more, see Automate offline computer removal with inactive agent cleanup.

When a removed computer reconnects, it will not have a policy, and will be added as a new computer. Any direct links to the computer will be removed from the Deep Security Manager event data.

Agent activation token: When a value is specified here, the same value must be provided when agents activate themselves in the Deep Security Manager. You can provide this agent activation secret in the token parameter in the agent activation script. For example, the script for agent-initiated activation on a Linux machine might look like this:

/opt/ds_agent/dsa_control -a dsm://172.31.2.247:4120/ "token:secret"

In a multi-tenant environment, the Agent activation token setting applies only to the primary tenant.

Inactive Agent Cleanup

If your Deep Security deployment has a large number of offline computers not communicating with the Deep Security Manager that no longer need to be managed, you can automatically remove them with inactive agent cleanup.

Delete Agents that have been inactive for: The period that a computer must be inactive for before being removed.

For more information on configuring inactive agent cleanup, see Automate offline computer removal with inactive agent cleanup.

Data Privacy

Allow packet data capture on encrypted traffic (SSL): The Intrusion Prevention module allows you to record the packet data that triggers Intrusion Prevention Rules. This setting lets you turn on data capture when Intrusion Prevention rules are being applied to encrypted traffic.

Agentless vCloud Protection

Allow Appliance protection of vCloud VMs: Allow virtual machines in a vCloud environment to be protected by a Deep Security Virtual Appliance and let the security of those virtual machines be managed by tenants in a multi-tenancy Deep Security environment.