USM Anywhere™

The AlienVault Agent Command Script and Agent Updates

The AlienVault Agent script enables you to run a number of commands for the installed agent. Each operating system (OS) has its own script, but the commands function the same across all systems. To use the command script, locate and run the file listed in the following table and follow any additional instructions that are noted.

Location and Notes for the AlienVault Agent Scripts
System Script Location Notes
Windows alienvault-agent.ps1 C:\Program Files\osquery This is not part of the default Microsoft Windows path, so you must either use cd commands to point to the path, or input the path directly to run the script.
Linux alienvault-agent.sh /usr/bin Opened from the command line.
macOS alienvault-agent.sh /usr/local/bin Opened in Terminal.

Complete AlienVault Agent Command List

The following table contains the complete list of commands for the AlienVault Agent script. The agent configuration, which includes information such as osquery data point checks and file integrity monitoring (FIM) paths, is checked and updated independently.

Commands Available for the AlienVault Agent Script

Command Explaination
start Start the agent service.
stop Stop the agent service.
restart Restart the agent service.
update Update the agent version.
enable-auto-update [time]

Enable auto-update to check daily for new version.

Time can optionally be designated for the check (24-hour format HH:MM).

If no time is supplied, the daily check will occur between 09:00 and 17:00.

disable-auto-update Disable agent auto-update.
force-update

Reinstall the agent service with the newest version.

(This reinstalls the agent even if you are running the most recent version.)

uninstall Uninstall the agent.
version Print the agent version number.
help Print help.
config Connect to the agent API server to print or download your agent configuration.
osqueryi

Start an interactive osqueryi shell within your agent's configuration.

(Typically used for prototyping and troubleshooting queries against your current configuration.)

report

Print a report containing pertinent information regarding agent information, including whether or not the auto-update feature is active.

(Contains version, platform information, host identification, and other information, and is most useful for relaying information to AT&T Cybersecurity support.)

AlienVault Agent Auto-Update

The AlienVault Agent can be configured to automatically update using your system's task scheduler, provided that your system is online at the time the update is scheduled and there are no local configurations preventing the scheduled task from being enacted. The agent script's report command can be used to verify that the auto-update function is active. The following information provides the steps for enabling the gent's auto-update function for each OS.

Note: The auto-update feature only exists in agent version 20.07.0003.0301 and later. If you are on an earlier version of the agent, you need to manually update the agent to access the auto-update feature.