Requirements
- Capsule8 Sensor version 4.1.1 or later
- Capsule8 Console version 4.1.0 or later
How to enable
-
If the Capsule8 Console version is less than 4.5.0 enable the feature in the console configuration file. For example:
For Capsule8 Console version 4.5.0 and later this is enabled by default.console: policy_config_enabled: true
-
Get an API token from the console. There are two ways to do this:
- Generate a token on the command line
capsule8-console generate-token --host
. In containerized environments, the command is/capsule8-console generate-token --host
. - Click the "Add Resource" button on
<console-url>/app/hosts
and navigate to Manual Install.
- Generate a token on the command line
-
Edit
/etc/capsule8/capsule8-sensor.yaml
policy_input: url: https://console.mycompany.com/policy/via-metadata headers: Authorization: "BEARER $token"
-
Restart the sensor.
Once the above configuration is complete, the sensor periodically requests the most up-to-date policy set from the Console. Initially, there are no user configurations, so a default configuration is returned.
When this feature is enabled, users can Manage the Sensor from the Console and Deploy Detection Policy Sets on the Console.
Notes
Using policy_input
in /etc/capsule8/capsule8-sensor.yaml
will ignore any configuration in /etc/capsule8/capsule8-analytics.yaml
.
Comments
0 comments
Please sign in to leave a comment.