AgentX Manager is a security software component of AgentX responsible for managing and communicating with AgentX clients deployed across a network. It provides a centralized platform for monitoring and analyzing security events, enabling organizations to detect and respond to threats.
Release Date: October 21, 2024
Release Version: 1.4.5
Supported On: Logpoint v7.2.0 to v7.4.2
Download: AgentX_1.4.5.pak
SHA256: 1c6f69fd5e2133786fb01be07f6a8d09a53087a500cc1991dc33bbac6154df14
Documentation: AgentX guide, Version Compatibility Matrix
- AgentX Cluster can only be configured on a Distributed Logpoint set up using an IP address.
- When using AgentX, keep the IP address as the Logpoint server alias in System Settings. Don’t modify it. If you do, an "AgentX server is down" error is triggered when adding a device in AgentX.
-
If there are multiple network interfaces, AgentX configuration is applied only to the primary interface. To implement the configuration on the secondary interface, your network administrator must configure it within your routing protocol.
- Downgrading AgentX Server from v1.4.2 to v1.2.0 after installing AgentX Manager v1.4.5 may cause log loss and is not recommended. If a downgrade is necessary, contact support.
- If you are using AgentX in distributed mode, then upgrading it from previous versions to v1.4.5 will break the connection between all nodes in the distributed architecture, stopping log transmission across the entire setup. The workaround can be found here.
- AgentX Manager v1.2.1 is not compatible with AgentX Server v1.4.2. Go to version compatibility matrix for more information.
- When upgrading the AgentX Server, please note that the new version may take some time to reflect due to its file size exceeding 500MB
- The installation of Windows Installer v1.4.2 might take more than one minute.
- Find the known issues for AgentX here.
Enhancements:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
You can now provide custom configuration files of osquery when installing the AgentX client from the command line. |
EDR-1413 | 75471 |
| AgentX now supports multiline logs. Prior to this release, it could only parse logs that were newline separated. | EDR-1419 | 76868 |
| Users can now use the lp_baseline_windows_workstation template to enhance threat detection. | EDR-1482 | - |
|
Updating an agent's template in AgentX Manager triggered unnecessary restarts of other agents, leading to high CPU usage. |
EDR-2013 | 82143, 83537, 83938 |
Bug Fixes:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| There was a delay in log processing and collection because AgentX v1.4.2 was not able to process more than 10 logs per second. | EDR-2127 | 85319, 85324, 85580 |
|
LPAXSubscriber service crashed due to excessive looping when processing log files. This led to delayed log file handling, missed logs, and system instability. |
EDR-2128 | 85319 |
| Logs were forwarded at a very slow rate to ports 5502 and 5503 causing the UI to respond slowly during searches. | EDR-1570, EDR-1527, EDR-1497, EDR-1539 | - |
| When configuring Templates, users could not include or exclude more than 24 event IDs. | EDR-1524 | 78620 |
|
AgentX Manager did not send the template configuration to the agent after connecting to it. |
EDR-1126 | 77168, 77270, 77530, 77744, 78317 |
| Users could not configure devices using a hostname. |
EDR-1443 |
77509, 79464 |
|
If AgentX was configured via the Log Collection Policy, users could not view its Processing Policy and Template info on devices. |
EDR-1249, EDR-1614 | 75191, 75684, 79592, 79601 |
|
Configure Cluster was misspelled on the AgentX User Interface. |
EDR-1576 | 79529 |
| Users could not migrate devices with a Log Collection Policy from LPA to AgentX. | EDR-1114 | 74468, 74647, 77418, 77744, 79458 |
| There was a delay of 2 minutes for configuration to be pushed and updated to the agent from the AgentX Manager. | EDR-1173 | 74007 |
| AgentX was not displaying correct data in the collected_at and logpoint_name fields while collecting logs in distributed mode. | EDR-1299 | 74513, 79943 |
| Users could not import devices via a CSV file in AgentX when configured via the Log Collection Policy. | EDR-1494 | 77546, 78855 |
|
AgentX was not fetching Windows security logs with level Information and level code 0. Logs with level information provide details about successful operations and system activity of Windows and level code 0 represents the most severe or critical security events. |
EDR-1783 |
- |
|
If a device with no template was migrated from Logpoint Agent to AgentX, a new custom template with no configuration was generated and assigned to it, preventing log collection. |
EDR-1765 |
|
|
Custom certificates are generated in AgentX Manager and later uploaded to the Windows Installer to establish a connection between them. But if the AgentX Manager was subsequently upgraded, AgentX overwrote the custom certificate with the default one, breaking the connection. |
EDR-1632 |
- |
| Log collection was stopped because the rootCA.pem and sslagent.crt certificates expired after one month and one year instead of ten years. | EDR-1509 | 78838 |
| AgentX default templates had DHCP files path that consisted of the entire DHCP directory, causing the DHCP server to crash. | EDR-1252 | 75448, 75505, 75955, 75957, 76086, 76238 |
|
Updating an agent's template in AgentX Manager triggered unnecessary restarts of other agents, leading to high CPU usage. |
EDR-2013 | 82143, 83537, 83938 |
Previous Releases
AgentX Manager v1.2.1
Release Date: August 24, 2023
Release Version: 1.2.1
Supported On: Logpoint v7.1.0 and later
Download: AgentX_Manager_1.2.1.pak
SHA256: 9dca8d1ca57f7a9d9e130e3384151018934974dc4f314c2420741200e80fae8d
Documentation: AgentX guide
Key Information
- AgentX Manager 1.2.1 is compatible with AgentX Server 1.2.0.
- AgentX is not supported by Logpoint SaaS.
Bug Fix
The following issue is fixed:
| Description | Issue ID | Reference ID |
| Windows DHCP and DNS server logs were not normalized. | EDR-1401, KB-21576 |
76113 |
AgentX Manager v1.2.0
Release Date: August 16, 2023
Release Version: 1.2.0
Supported On: Logpoint v7.1.0 and later
Download: AgentX_Manager_1.2.0.pak
SHA256: d424d8eff3dee15343492e9969ba2b40f65bab45105c2cd44604b78d10d07868
Documentation: AgentX guide
Key Information
If you upgrade AgentX Manager to v1.2.0, you must upgrade AgentX Server, Debian Installer and Windows Installer to v1.2.0 too.
Enhancement
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| AgentX Manager now enables you to upload or generate SSL certificates for authentication and encrypt agent-to-manager communication. Go to AgentX Guide for details. | EDR-1148 | - |
Bug Fix
The following issue is fixed:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| Users could not access the Global Settings page at the first click. | EDR-1161 | 74180 |
Support
If you have any queries or require assistance, create a support ticket here.
Comments
Article is closed for comments.