[-]
  
  
[-]
  
  
  
  
  
  
  
 
 
[-]
  
  
  
  
[-]
  
 [+]
  
[-]
Monitoring
  
 [+]
 [+]
 [+]
  
[-]
Monitoring guides
  
  
[-]
Templates
 [+]
  
  
[-]
Cloud monitoring
 [+]
  
  
 [+]
Kubernetes
[-]
Network checks
 [+]
  
  
  
[-]
 [+]
  
  
  
  
  
  
 [+]
 [-]
   
   
   
 [+]
 [+]
[-]
CounterMeasures
  
 [+]
 [+]
  
  
[-]
Panopta OnSight
 [+]
 [+]
[-]
SNMP
 [+]
  
[-]
Alerting
 [+]
 [+]
 [+]
 [+]
 [+]
[-]
Reporting
  
  
  
[-]
Maintenance
  
  
[-]
API
  
  
  
  
[-]
Users, Groups, and Authentication
 [+]
  
  
  
[-]
Billing and Payments
  
  
  
  
  
  
 
[-]
  
  
  
  
  
  
  
  
  
  
  
  
Updated on 10/4/2019
Online Help
Use the Panopta Agent manifest file
Direct link to topic in this publication:

Using the Agent manifest file is a great way to further streamline configuration of servers in your Panopta account. If you opt to use the Agent manifest file, you can preset many of the configuration values and have the Agent automatically add the server into Panopta. This becomes an additional option for automation, especially for complex and large deployments.

Windows PowerShell or MSI

Create a manifest file in C:\, for example C:\SampleAgent.manifest. Once this is added, you can set the desired default values. At a minimum, you should add the customer key parameter like below:

Basic Agent Manifest File

JSON
[agent]
customer_key = xxxx-xxxx-xxxx-xxxx

If you are using PowerShell, run the following command from within the same directory as install.ps1. The Agent will install and add the server to your Panopta account.

Powershell Install Command

JSON
./install.ps1 -ManifestFile "[Full File Path]\SampleAgent.manifest"

If you are using MSI, run the following command from within the same directory as the MSI. The Agent will install and add the server to your Panopta account.

MSI Install Command

JSON
msiexec /i panopta-agent-[version number].msi MANIFESTFILE="[FULL FILE PATH]\SampleAgent.manifest"

Linux

Create the manifest file in /etc/panopta-agent-manifest. Then you can install the agent with either the python 2.xx or python3 command below:

Python

JSP (JavaServer Pages)
curl -s https://packages.panopta.com/install/linux_agent_install.py | python /dev/stdin

Python 3

JSP (JavaServer Pages)
curl -s https://packages.panopta.com/install/linux_agent_install.py | python3 /dev/stdin

Example Manifest file

The contents of the manifest file for both Windows and Linux are shown below. You do not need to specify values for everything. A detailed description of each parameter is explained below the sample contents:

INI (.ini files)
[agent]
customer_key = afsdyngoaeppmfqefa
server_key = ashe-pokf-bfhb-eabn
aggregator_url = myappliance.localsite.com
server_group = 3467
fqdn = www.panopta.com
server_name = Panopta
interface_mapping = private:10.100.100.2,private2:10.100.100.13
templates = 8
tags = tag, anothertag, anotherone
partner_server_ID = 828765
disable_server_match = true
custom_plugin_url = https://s3.amazonaws.com/custom-panopta-plugins/my-custom-plugins.zip
enable_countermeasures = true
countermeasures_remote_plugins = https://s3.amazonaws.com/some-s3-bucket/custom-plugins.zip
countermeasures_refresh_plugins = 6

Parameters

Parameter Description
customer_key                                                                        
This identifies you with your Panopta account. By setting this value, the agent will automatically add the server to the Panopta control panel. You can find this key in the control panel under My Account under your icon at the top right.
server_key

The server key is what allows the Agent to communicate with our servers securely. You have the option of setting this value, if you like. However, we highly recommend that you allow a key to be generated for you and linked to the server in Panopta accordingly.

Note: all server keys must be unique.

aggregator_url
This controls the API which the Agent communicates with to report its results. You should not enter an aggregator URL unless you are using Panopta Onsight as a proxy for servers which dont have outbound public internet access. If you are using Panopta Onsight as a proxy and don't know the aggregator URL, please contact support@panopta.com
server_group
This controls which group your server gets added to in the control panel. Any server template(s) that you have set to be applied to this group will be applied to this server as well. The value of the server group is identified by an ID or a name. If you go to an instance group in the control panel, you can see that group's ID number at the end of that page's URL.
FQDN
This field acts as an override for the hostname that is auto-detected by the Agent. If you do not include this field, your server will be given its natural FQDN in the control panel.
server_name
This field lets you set a logical name for this server. That name will identify the server in the control panel.
interface_mapping
This value is only used if:
  • A template will be auto applied to the server being created
  • that template has place holders for multiple network interfaces. 

If your server has multiple network interfaces and the template which is being applied has placeholders for multiple network interfaces, you have to provide a mapping of the IP for that network interface to the placeholder.

For example, if your server template has the network interface placeholder named Private, and your server has a network interface with the IP set to 10.100.100.2, you would configure it like this:

interface_mapping = private:10.100.100.2

templates
This field lets you choose which templates you would like to apply to this server. The value of the template is identified by an ID. If you go to a server template in the control panel, you can see that template's ID number at the end of that page's URL.
tags
This field would allow you to add tags to your server. This can be set to any value but would need to be comma-separated to indicate different tags.

tags = tag1, tag2, tag3

partner_server_id 
This value can be used by Panopta partners in order to store their own internal unique identifiers for that server. Setting the value in the manifest file sets it on the Server/Instance object which can then help in server lookups by the partner's ID (via API or within the control panel).
disable_server_match
The default behavior when customer_key is provided is to do some automatic server matching by hostname or IP. In some cases, this may be undesirable if you have overlapping private IP ranges across environments. This option allows you to disable the matching logic.
attributes
You can also add an additional field for attributes. This will need to go underneath the rest of the manifest file configurations, and you can set the attributes to any value.
custom_plugin_url

If you have written your own custom plugins, you can host them centrally and have the agent retrieve them during installation so that you do not have to manually manage them post install. The value of this variable can be a compressed archive (.zip, .tar or .tgz) or a single python file (with a .py extension).

New plugins are fetched from the URL defined in custom_plugin_url during metadata rebuilds. By default, metadata rebuilds occur once every hour. You also have the option to manually re-fetch new plugins by issuing a metadata rebuild command, either through the control panel or the command line. 

enable_countermeasures
This flag enables the CounterMeasures remediation feature in the Agent. Read more about this here.
countermeasures_remote_plugins
If you have written your own custom CounterMeasures plugins, you can host them centrally and have the Agent retrieve them during installation so that you do not have to manually manage them post install. The value of this variable can be a compressed archive (.zip, .tar or .tgz).
countermeasures_refresh_plugins
If you would like updates to your CounterMeasures plugins to automatically be applied, you can optionally set countermeasures_refresh_plugins to the number of hours for the refresh interval and the Agent will re-fetch the newest plugins from your remote plugin location.
plugin_configuration
To pass plugin configuration to a standard Panopta plugin or one of your own custom plugins, specify those at the bottom of the file. Examples for Linux and Windows are shown in the following sections.

Linux custom plugin configuration

Manifest file

INI (.ini files)
[agent]
customer_key = gfoadsvuhyadsflvhea
server_group = 3548

[attributes]
operating system = ubuntu
version = 14.04

[mysql]
username = USERNAME
password = PASSWORD

Windows custom plugin configuration

Manifest file

EJS (Embedded JavaScript)
[agent]
customer_key = gfoadsvuhyadsflvhea
server_group = 3548

[attributes]
operating system = ubuntu
version = 14.04

<agent>
<plugins>
<ntp>
<add key="ntp_host" value="pool.ntp.org">
<add key="ntp_port" value="123">
</add></add></ntp>
</plugins>
</agent>