Skip to main content

Agents

A Waratek Agent is a lightweight plugin for both Java and .NET based applications. It connects to the Portal where you can monitor and attach security Rules to it.

Overview

A Waratek Agent runs on the machine to be protected and is assigned to an application on that machine or server, such as WebSphere. When the application (WebSphere in this example) starts, it loads the Waratek Agent into memory as it starts up. The Waratek Agent then reads its rules and protects that application as dictated by the policy and its rules.

The Agent connects to the Portal to report security events. Within the Portal, Agents are aggregated into groups called Applications. Security policies that are applied to these Applications are inherited by each Agent that is part of that Application. For more information on Policies, Mods, and Rules, see the Policies section of the User Guide.

Onboarding & Agent Credentials

Before you can interact with an Agent on the Portal interface, you must first onboard an Agent to the Portal. To onboard an agent to the Portal, you will need to configure the Agent to connect to the Portal Host using an access key and secret key. The Portal Host is: agent-api-2.waratek.com.

To create an access key and secret key, open the Agents Tab in the side navigation bar, select the Credentials tab at the top of the page to open the Credentials Page. For more details about this process, please refer to the Waratek Agent’s Installation Guide.

The Credentials Page will allow any administrator profile to create a new key using the Create Access Key button in the top right of the screen. Once a secret key is generated, it must be copied to a safe location before closing the key window. On the Credentials page, keys can be activated, deactivated, or deleted on this page. You can generate as many access keys as you need. You can also use one access key for multiple agents if you wish. Once the agent configuration is completed, the Agent will register with the Portal and will appear under the Overview Tab, next to the Credentials.

Automatic Agent Onboarding: This process assigns your Agent to an Application for you. You will need to provide a controller key found on the Portal interface to facilitate this process. Open the Applications tab in the Portal and click on the Application of your choice to open the specific Application page. Next select the Configure tab to find the key that you need. You can copy or regenerate the key as required.

For more details, refer to the Waratek Agent’s Installation Guide.

Managing Agents in the Portal

Once you log into the Portal, you can click on the Agents tab in the main navigation at the top of the screen to access the Agent management interface.

In the Agent management interface, you can access the dropdown menu in the top left of the screen to filter the table by agent state (Assigned Agents, Unassigned Agents, and Deleted Agents). These filtered views provide a row of information for each agent. For the Assigned Agents and Unassigned Agents views, there is an option to select any agent and delete it. All deleted agents will appear in the Deleted Agents view for future reference.

Events listed on this table can have one of four different status values:

For more details about any agent, you can click on an icon shield icon beside the Agent Name and open the Agent Details page. This page provides an overview of that agent’s activity and a series of cards detailing specific properties for that agent. From here, you can change the API Discovery settings for the agent if desired. The agent can be set to inherit the discovery settings of the application it is attached to or it can be turned on/off as a standalone action.

Searching an Agent

  1. Click the Agents tab in the main navigation at the top of the screen.
  2. Type the agent details in the search box. These details can be any one of the fields available across the table
  3. The table view will update in realtime as you type your search entry

Viewing the Details of an Agent

  1. Click on the Agents tab in the main navigation at the top of the screen.
  2. Click on the icon shield icon beside the specific Agent Name within the table.
  3. The agent details page will open with the Overview tab displayed by default.

Renaming an Agent

  1. Click the Agents tab in the main navigation at the top of the screen.
  2. Click on the icon shield icon beside the Agent Name you want to change and the agent details page will open.
  3. Click the icon button edit icon to enter a new name in the pop-up dialog and then click the button Rename to confirm.

An agent name given in the portal takes priority over the name set in the waratek.properties file.

Deleting an Agent

  1. Click the Agents tab in the main navigation at the top of the screen.
  2. Click on the icon shield icon beside the Agent name you want to delete and the agent details page will open.
  3. Click the icon button delete icon and then click the button Delete Agent in the pop-up dialog to confirm the deletion.

Agent Lifecycle Events

Agent lifecycle events are listed under the Events tab on the Agent Details page:

These events include Link Rule and Syntax Error events. The status column indicates whether the rule was successfully applied by the agent. When a Link Rule error or Syntax Error occurs, the rule or mod is not applied by the agent, and therefore the application is not protected by that rule or mod.

Syntax Error events can occur when the Agent does not support the mod ARMR version. In this scenario, the mod ARMR version should be changed to the appropriate version which is supported by the agent. The agent’s supported ARMR versions are listed on the Agent Details page. The mod ARMR version can be upgraded on the Mod details page, but it cannot be downgraded - a new mod must be created to downgrade.

Link Rule error events can occur when the mod contains configurations of rules which the agent does not support. A reason field is provided that explains why the error occurred. In this scenario, the rules should be modified to prevent this error from occurring. Refer to this User Guide’s Rules Wizard documentation for the rule type to determine which changes are necessary.

Automatic Agent Purging

The agent purging feature is mainly geared toward environments with high agent volatility, such as cloud or other on-demand services where new agents and the services that they are protecting may be created, spun up, and subsequently spun down with regularity. It is configured at the Application level, therefore for more information on Automatic Agent Purging, see the Application section of the User Guide.