Agents Commands¶
agents¶
View and manage Incydr agents.
Incydr agents run on the endpoints in your environment and monitor for insider risk activity.
Usage:
agents [OPTIONS] COMMAND [ARGS]...
Options:
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
agents bulk-activate¶
Activate a group of agents from a file (CSV or JSON-LINES formatted).
Use - as filename to read from stdin.
Input files require a header (for CSV input) or JSON key for each object (for JSON-LINES input) to identify which agent ID to activate.
Header and JSON key values that are accepted are: agentGuid, agent_id, agentId, or guid
Usage:
agents bulk-activate [OPTIONS] FILE
Options:
-f, --format [csv|json-lines] Specify format of input file: 'csv' or 'json-
lines'. Defaults to 'csv'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
agents bulk-deactivate¶
Deactivate a group of agents from a file (CSV or JSON-LINES formatted).
Use - as filename to read from stdin.
Input files require a header (for CSV input) or JSON key for each object (for JSON-LINES input) to identify which agent ID to deactivate.
Header and JSON key values that are accepted are: agentGuid, agent_id, agentId, or guid
Usage:
agents bulk-deactivate [OPTIONS] FILE
Options:
-f, --format [csv|json-lines] Specify format of input file: 'csv' or 'json-
lines'. Defaults to 'csv'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
agents list¶
List agents.
Usage:
agents list [OPTIONS]
Options:
--active / --inactive Filter by active or inactive agents.
Defaults to returning both when when neither
option is passed.
--healthy Filter by healthy agents. Agents that have
no health issue types are considered
healthy.
--unhealthy TEXT Filter by unhealthy agents. Defaults to
returning all unhealthy agents. Pass a comma
delimited list of health issue types to
filter by unhealthy agents that have (at
least) any of the given health issue
type(s). Health issue types include the
following: NOT_CONNECTING,
NOT_SENDING_SECURITY_EVENTS,
SECURITY_INGEST_REJECTED,
MISSING_MACOS_PERMISSION_FULL_DISK_ACCESS,
MISSING_MACOS_PERMISSION_ACCESSIBILITY.
--agent-health-modified-within-days INTEGER
Filter agents that have had agent health
modified in the last N days (starting from
midnight this morning), where N is the value
of the parameter.
--connected-in-last-days INTEGER
When specified, agents are filtered to
include only those that have connected in
the last N days (starting from midnight this
morning), where N is the value of the
parameter.
--not-connected-in-last-days INTEGER
When specified, agents are filtered to
include only those that have not connected
in the last N days (starting from midnight
this morning), where N is the value of the
parameter.
--serial-number TEXT When specified, returns agents that have
this serial number.
--agent-os-types TEXT When specified, agents are filtered to
include only those of the given OS types.
Pass a comma-delimited list of the OS types
you wish to search. OS types include the
following: WINDOWS, MAC, LINUX.
-f, --format TABLEFORMAT Format to print result. One of 'table',
'json-pretty', 'json-lines', or 'csv. If
environment has INCYDR_USE_RICH=false set,
defaults to 'json-lines', else defaults to
'table'.
--columns TEXT Comma-delimited string of column names.
Nested values should be specified in dot-
notation. Limits output to contain only the
specified columns in CSV or Table format.
Ignored for JSON output formats.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
agents show¶
Show details for a single agent.
Usage:
agents show [OPTIONS] AGENT_ID
Options:
-f, --format SINGLEFORMAT Format to print result. One of 'rich', 'json-
pretty', or 'json-lines'. If environment has
INCYDR_USE_RICH=false set, defaults to 'json-
lines', else defaults to 'rich'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.