{"id":604,"date":"2018-09-03T20:41:37","date_gmt":"2018-09-03T17:41:37","guid":{"rendered":"http:\/\/kifarunix.com\/?p=604"},"modified":"2024-03-11T19:45:39","modified_gmt":"2024-03-11T16:45:39","slug":"how-to-install-and-configure-alienvault-hids-agent-on-a-windows-host","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/how-to-install-and-configure-alienvault-hids-agent-on-a-windows-host\/","title":{"rendered":"How to Install and Setup AlienVault HIDS Agent on a Windows  Host"},"content":{"rendered":"\n<p>Follow through this guide to learn how to install and setup AlienVault HIDS Agent on a Windows  Host.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#install-alien-vault-hids-agent-on-a-windows-host\">Install AlienVault HIDS Agent on a Windows  Host<\/a><ul><li><a href=\"#installing-hids-agent-using-a-pre-configured-binary-installer\">Installing HIDS agent using a Pre-configured Binary Installer<\/a><ul><li><a href=\"#download-pre-configured-hids-agent-binary-installer-from-alien-vault\">Download Pre-configured HIDS agent Binary Installer from AlienVault<\/a><\/li><li><a href=\"#install-pre-configured-hids-agent-binary-installer-on-windows\">Install Pre-configured HIDS agent Binary Installer on Windows<\/a><\/li><li><a href=\"#check-agent-status-on-windows\">Check Agent Status on Windows<\/a><\/li><\/ul><\/li><li><a href=\"#installing-and-configuring-windows-agent-manually\">Installing and configuring Windows agent manually<\/a><ul><li><a href=\"#download-ossec-hids-agent-for-windows\">Download OSSEC HIDS Agent for Windows<\/a><\/li><li><a href=\"#install-and-register-ossec-agent-on-windows\">Install and Register OSSEC Agent on Windows<\/a><\/li><li><a href=\"#start-the-ossec-hids-agent\">Start the OSSEC HIDS Agent<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"install-alien-vault-hids-agent-on-a-windows-host\">Install AlienVault HIDS Agent on a Windows  Host<\/h2>\n\n\n\n<p>There are two ways in which AlienVault HIDS agent can be installed on a Microsoft Windows system.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Automatically install a pre-configured agent on the host from the AV server or download it and install it on the host yourself. The pre-configured installer has the server IP and authentication key configured automatically.<\/li>\n\n\n\n<li>Download a binary installer and manually install and configure it on the host yourself.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"installing-hids-agent-using-a-pre-configured-binary-installer\">Installing HIDS agent using a Pre-configured Binary Installer<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-pre-configured-hids-agent-binary-installer-from-alien-vault\">Download Pre-configured HIDS agent Binary Installer from AlienVault<\/h4>\n\n\n\n<p>To install AlienVault HIDS agent using a pre-configured binary installer, login to AV and navigate to <strong>Environment<\/strong> &gt; <strong>Detection<\/strong> &gt; <strong>HIDS<\/strong> &gt; <strong>AGENTS.<\/strong><\/p>\n\n\n\n<p>Under <strong>AGENT INFORMATION<\/strong> page, select an agent for a specific Windows host you want to monitor (only if the agent has been added). As an example, my Windows host IP address is 192.168.43.143. See the screenshot below.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1467\" height=\"500\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/agent-information.png\" alt=\"Install and Setup AlienVault HIDS Agent on a Windows  Host\" class=\"wp-image-605\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/agent-information.png 1467w, https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/agent-information-768x262.png 768w\" sizes=\"(max-width: 1467px) 100vw, 1467px\" \/><\/figure>\n\n\n\n<p>Click on the <img loading=\"lazy\" decoding=\"async\" width=\"18\" height=\"22\" class=\"alignnone wp-image-606\" src=\"http:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/down_preconfigured-exe.png\" alt=\"\" title=\"\"> button for the specific Windows host under the actions column to generate and download the pre-configured agent installer. The installer will be named as&nbsp;<strong>ossec_installer_ID.exe <\/strong>where ID is the ID number of the host agent on the server.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-pre-configured-hids-agent-binary-installer-on-windows\">Install Pre-configured HIDS agent Binary Installer on Windows<\/h4>\n\n\n\n<p>Once downloaded, copy the installer to the host, right click it and run it as administrator to install it. When installation is complete, you should see a screen like the one shown in screenshot below.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"589\" height=\"478\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/winhost-agent.png\" alt=\"\" class=\"wp-image-607\" title=\"\"><\/figure><\/div>\n\n\n<h4 class=\"wp-block-heading\" id=\"check-agent-status-on-windows\">Check Agent Status on Windows<\/h4>\n\n\n\n<p>Click Close button to exit the installer. The agent is installed at <strong>C:\\Program Files (x86)\\ossec-agent<\/strong>.<\/p>\n\n\n\n<p>To check the status of the agent, navigate to install folder and run the <strong>win32ui.exe<\/strong> application to launch the agent manager from where you can check that status, restart, or view agent logs, view server IP and authentication code.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"436\" height=\"349\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/agent-manager.png\" alt=\"\" class=\"wp-image-608\" title=\"\"><\/figure><\/div>\n\n\n<p>Alternatively, you can deploy the agent automatically from the server. Click on the <img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-609\" src=\"http:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/win-autodeploy.png\" alt=\"\" width=\"27\" height=\"24\" title=\"\"> button. This opens up Automatic Deployment Window where you need to enter the domain, the user and the password for remote host to perform deployment. The account used needs to have administrator rights.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"installing-and-configuring-windows-agent-manually\">Installing and configuring Windows agent manually<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-ossec-hids-agent-for-windows\">Download OSSEC HIDS Agent for Windows<\/h4>\n\n\n\n<p>Download the binary installer from <a href=\"https:\/\/updates.atomicorp.com\/channels\/atomic\/windows\/ossec-agent-win32-3.0.0-5505.exe\" target=\"_blank\" rel=\"noopener\">here<\/a>, copy it to the host.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-and-register-ossec-agent-on-windows\">Install and Register OSSEC Agent on Windows<\/h4>\n\n\n\n<p>Run the installer&nbsp; as administrator to install it. When installation completes, click <strong>Next<\/strong> and then the <strong>Finish<\/strong> button to start Agent Manager.<\/p>\n\n\n\n<p>On OSSEC Agent Manager window, enter the IP address of the server and extract the agent authentication key from the server and paste in on the agent manager. After that save the configurations. When configurations are saved, the agent ID, Name and IP address is displayed. This should match with the details of the agent on the server.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"729\" height=\"361\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/agentinfo.png\" alt=\"\" class=\"wp-image-610\" title=\"\"><\/figure><\/div>\n\n\n<h4 class=\"wp-block-heading\" id=\"start-the-ossec-hids-agent\">Start the OSSEC HIDS Agent<\/h4>\n\n\n\n<p>Once the agent is added, click on the <strong>Manage<\/strong> Tab and start OSSEC agent.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"441\" height=\"354\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/agent-started.png\" alt=\"\" class=\"wp-image-611\" title=\"\"><\/figure><\/div>\n\n\n<p>The agent is now running. You can click on the <strong>View &gt; View logs<\/strong> to view the agent logs.<\/p>\n\n\n\n<p>If you login back to the server, the agent status must have changed from disconnected to active state.<\/p>\n\n\n\n<p>That is all it takes to install and setup AlienVault HIDS&nbsp; agent on a Windows host.<\/p>\n\n\n\n<p>You may also be interested in checking our previous article on <a href=\"http:\/\/kifarunix.com\/index.php\/security\/how-to-install-and-configure-ossec-agent-on-linux-host\/\" target=\"_blank\" rel=\"noopener\">Installing AlienVault HIDS agent on a Linux host<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Follow through this guide to learn how to install and setup AlienVault HIDS Agent on a Windows Host. Install AlienVault HIDS Agent on a Windows<\/p>\n","protected":false},"author":1,"featured_media":16657,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,103,42],"tags":[119,118,120],"class_list":["post-604","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-alienvault","category-siem","tag-alienvault-hids","tag-ossec-agent","tag-windows-ossec-agent","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/604"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=604"}],"version-history":[{"count":8,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/604\/revisions"}],"predecessor-version":[{"id":20997,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/604\/revisions\/20997"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/16657"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=604"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}