It provides the SSH authentication to the host you want to access. For Cisco devices (PIX, routers, etc), you need to provide an additional parameter for the enable password. The same thing applies if you want to add support for “su”, it must be the additional parameter.
1. Log into AlienVault USM.
2. Navigate to environment -> detection -> hids -> agentless
3. Click on 'New' and add new HIDS in agentless
You will notice Agentless is not running in red text.
Agentless daemon is running after adding device
4. Go to HIDS control center to enable agentless process if not started
5. If web interface did not work then you have to check in console and log
Here is log for agentless
grep agentless /var/ossec/logs/ossec.log
2016/06/29 15:08:01 ossec-agentlessd: INFO: Not configured. Exiting.
Let work with terminal
Getting started with agentless
6. You need to enable the agentless monitoring:
# /var/ossec/bin/ossec-control enable agentless
7. Listing agentless host in the system. It should list which we just added as below
/var/ossec/agentless/register_host.sh list
8. Update the configuration files by adding <agentless> to </ossec_config>
vi var/ossec/etc/ossec.conf
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>36000</frequency>
<host>host@192.168.100.xxx</host>
<state>periodic_diff</state>
</agentless>
9. Check ossec status by
/var/ossec/bin/ossec-control status
10. Restart the ossec by below command and check again the status.
/var/ossec/bin/ossec-control restart
Here it is active
