Release Version: 1.5.0
Supported On: Logpoint v7.5.0 and Later
Download: AgentX_1.5.0.pak
SHA256: 42bb4f469cdfebe837ec0f1c6d66782ef20933120ffa223ae4109139ff636c6f
Documentation: AgentX guide
Key Information
- Don't change the Osquery path while installing AgentX Client as it causes a path not recognized error and interrupts installation. Go here to learn more about this issue.
- AgentX Client installation may occasionally pause and display a command prompt. In this case, press Enter to continue the installation.
Vulnerability Fixes:
The following vulnerabilities are fixed:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| CVE-2023-42463 | - | - |
| CVE-2023-50260 | - | - |
| CVE-2022-40497 | - | - |
| A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about Logpoint deployment. | EDR-2835 | #85678 |
Bug Fix:
The following bug is fixed:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| AgentX fails to collect Windows logs when wildcard patterns are used to match folder names in File Collection. | EDR-2023 | #83708 |
Previous Releases
AgentX Manager v1.4.6
AgentX Manager is a security software component of AgentX responsible for managing and communicating with AgentX clients deployed across a network. It provides a centralized platform for monitoring and analyzing security events, enabling organizations to detect and respond to threats.
Release Date: October 30, 2024
Release Version: 1.4.6
Supported On: Logpoint v7.5.0 and Later
Download: AgentX_1.4.6.pak
SHA256: cfc95e53cb366603faa770d3faacc90d8b12d5824510736d61adec02387beade
Documentation: AgentX guide
Key Information
- AgentX Cluster can only be configured on a Distributed Logpoint set up using an IP address.
- When using AgentX, keep the IP address as the Logpoint server alias in System Settings. Don’t modify it. If you do, an "AgentX server is down" error is triggered when adding a device in AgentX.
- If there are multiple network interfaces, AgentX configuration is applied only to the primary interface. To implement the configuration on the secondary interface, your network administrator must configure it within your routing protocol.
- Downgrading AgentX Server from v1.4.2 to v1.2.0 after installing AgentX Manager v1.4.6 may cause log loss and is not recommended. If a downgrade is necessary, contact support.
If you are using AgentX in distributed mode, then upgrading it from previous versions to v1.4.6 will break the connection between all nodes in the distributed architecture, stopping log transmission across the entire setup. The workaround can be found here. - AgentX Manager v1.2.1 is not compatible with AgentX Server v1.4.2. Go to version compatibility matrix for more information.
- When upgrading the AgentX Server, please note that the new version may take some time to reflect due to its file size exceeding 500MB.
- The installation of Windows Installer v1.4.2 might take more than one minute.
- Find the known issues for AgentX here.
Enhancement:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| AgentX v1.4.6 is now compatible with Logpoint v7.5.0. | - | - |
AgentX Manager v1.4.5
Release Date: October 21, 2024
Release Version: 1.4.5
Supported On: Logpoint v7.4.0 - v7.4.2
Download: AgentX_1.4.5.pak
SHA256: 1c6f69fd5e2133786fb01be07f6a8d09a53087a500cc1991dc33bbac6154df14
Documentation: AgentX guide, Version Compatibility Matrix
- AgentX Cluster can only be configured on a Distributed Logpoint set up using an IP address.
- When using AgentX, keep the IP address as the Logpoint server alias in System Settings. Don’t modify it. If you do, an "AgentX server is down" error is triggered when adding a device in AgentX.
-
If there are multiple network interfaces, AgentX configuration is applied only to the primary interface. To implement the configuration on the secondary interface, your network administrator must configure it within your routing protocol.
- Downgrading AgentX Server from v1.4.2 to v1.2.0 after installing AgentX Manager v1.4.5 may cause log loss and is not recommended. If a downgrade is necessary, contact support.
- If you are using AgentX in distributed mode, then upgrading it from previous versions to v1.4.5 will break the connection between all nodes in the distributed architecture, stopping log transmission across the entire setup. The workaround can be found here.
- AgentX Manager v1.2.1 is not compatible with AgentX Server v1.4.2. Go to version compatibility matrix for more information.
- When upgrading the AgentX Server, please note that the new version may take some time to reflect due to its file size exceeding 500MB
- The installation of Windows Installer v1.4.2 might take more than one minute.
- Find the known issues for AgentX here.
Enhancements:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
You can now provide custom configuration files of osquery when installing the AgentX client from the command line. |
EDR-1413 | 75471 |
| AgentX now supports multiline logs. Prior to this release, it could only parse logs that were newline separated. | EDR-1419 | 76868 |
| Users can now use the lp_baseline_windows_workstation template to enhance threat detection. | EDR-1482 | - |
|
Updating an agent's template in AgentX Manager triggered unnecessary restarts of other agents, leading to high CPU usage. |
EDR-2013 | 82143, 83537, 83938 |
Bug Fixes:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| There was a delay in log processing and collection because AgentX v1.4.2 was not able to process more than 10 logs per second. | EDR-2127 | 85319, 85324, 85580 |
|
LPAXSubscriber service crashed due to excessive looping when processing log files. This led to delayed log file handling, missed logs, and system instability. |
EDR-2128 | 85319 |
| Logs were forwarded at a very slow rate to ports 5502 and 5503 causing the UI to respond slowly during searches. | EDR-1570, EDR-1527, EDR-1497, EDR-1539 | - |
| When configuring Templates, users could not include or exclude more than 24 event IDs. | EDR-1524 | 78620 |
|
AgentX Manager did not send the template configuration to the agent after connecting to it. |
EDR-1126 | 77168, 77270, 77530, 77744, 78317 |
| Users could not configure devices using a hostname. |
EDR-1443 |
77509, 79464 |
|
If AgentX was configured via the Log Collection Policy, users could not view its Processing Policy and Template info on devices. |
EDR-1249, EDR-1614 | 75191, 75684, 79592, 79601 |
|
Configure Cluster was misspelled on the AgentX User Interface. |
EDR-1576 | 79529 |
| Users could not migrate devices with a Log Collection Policy from LPA to AgentX. | EDR-1114 | 74468, 74647, 77418, 77744, 79458 |
| There was a delay of 2 minutes for configuration to be pushed and updated to the agent from the AgentX Manager. | EDR-1173 | 74007 |
| AgentX was not displaying correct data in the collected_at and logpoint_name fields while collecting logs in distributed mode. | EDR-1299 | 74513, 79943 |
| Users could not import devices via a CSV file in AgentX when configured via the Log Collection Policy. | EDR-1494 | 77546, 78855 |
|
AgentX was not fetching Windows security logs with level Information and level code 0. Logs with level information provide details about successful operations and system activity of Windows and level code 0 represents the most severe or critical security events. |
EDR-1783 |
- |
|
If a device with no template was migrated from Logpoint Agent to AgentX, a new custom template with no configuration was generated and assigned to it, preventing log collection. |
EDR-1765 |
|
|
Custom certificates are generated in AgentX Manager and later uploaded to the Windows Installer to establish a connection between them. But if the AgentX Manager was subsequently upgraded, AgentX overwrote the custom certificate with the default one, breaking the connection. |
EDR-1632 |
- |
| Log collection was stopped because the rootCA.pem and sslagent.crt certificates expired after one month and one year instead of ten years. | EDR-1509 | 78838 |
| AgentX default templates had DHCP files path that consisted of the entire DHCP directory, causing the DHCP server to crash. | EDR-1252 | 75448, 75505, 75955, 75957, 76086, 76238 |
|
Updating an agent's template in AgentX Manager triggered unnecessary restarts of other agents, leading to high CPU usage. |
EDR-2013 | 82143, 83537, 83938 |
Comments
Article is closed for comments.