立即与支持人员聊天
与支持团队交流

InTrust 11.6.1 - Technical Insight

Quest InTrust Agent Service

This service runs in the adcscm.nt_intel.exe executable (for Windows platform; executable name varies depending on the platform). Actually, the same service runs on the InTrust Servers and the clients (that is, they share the code base).

The agent that runs on the clients is known as the remote agent; it performs the following operations:

  1. Establishing a communication channel to the InTrust Server(s)
  2. Sending a keep-alive packet to the InTrust Server(s) every 2 minutes (configurable), so that agent status can be tracked
  3. Real-time monitoring:
    • Processing of agent-side rules using real-time monitoring data providers
    • Execution of agent-side response actions
    • Pre-filtering server-side rules and forwarding matched events to the InTrust Real-Time Monitoring Service
  1. Maintaining the event cache (agent-side log backup) if it is enabled
  2. Collecting events (either from the log or the cache) and sending the data to the InTrust server
  3. Deployment of distributable modules (they appear on the corresponding tab of monitoring rules’ and data sources’ Properties) on target computers

The agent that runs on the InTrust Servers is known as the local agent. This agent performs the same operations as remote agent; besides, it provides communication between remote agents and all other InTrust services/components

Note: Remote agents only communicate with the local agent, they do not communicate directly with other InTrust services/components.

Quest InTrust Agent Installer Service

This service only runs on the Windows platform in the adcscm.nt_intel.exe executable. It provides for agent installation, checking and removal.

The InTrust Server Service communicates with the Agent Installer service using remote Service Control Manager (SCM) commands (with special parameters to control Agent Installer behavior). It installs agents by:

  • Unpacking the agent files (copied by the InTrust Server Service)
  • Installing the agent to the \\<agent_host_name>\Admin$\ADCAgent directory (configurable)

Remote Agents

  • Remote Agents Installation
  • Connection Between Remote Agents
  • Tracking Remote Agent State
  • Remote Agents Uninstallation

Remote Agent Installation

Remote agents can be installed on the client computers (those from which event data should be gathered); installation procedure can be performed manually, semi-automatically or automatically.

When performing automatic or semi-automatic installation, Agent_InstallFolderInShare configuration parameter is used together with the Agent_InstallShare parameter to set the agent installation folder. Agent_InstallFolderInShare specifies the local folder where the agent is installed, relative to the shared folder set by Agent_InstallShare parameter. Changes to this parameter affect subsequently installed agents. The default location is the ADCAgent folder in the ADMIN$ share. To change the values:

  1. Under InTrust Manager Configuration node, select the InTrust Server the agents will report to.
  2. From its shortcut menu, select Properties.
  3. Go to the Parameters tab, select the parameter and click Edit.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级