Enabling Console control of the Sensor

Requirements

• Capsule8 Sensor version 4.1.1 or later
• Capsule8 Console version 4.1.0 or later

How to enable

1. If the Capsule8 Console version is less than 4.5.0 enable the feature in the console configuration file. For example:

   console:
     policy_config_enabled: true

   For Capsule8 Console version 4.5.0 and later this is enabled by default.

2. Get an API token from the console. There are two ways to do this:

   • Generate a token on the command line capsule8-console generate-token --host. In containerized environments, the command is /capsule8-console generate-token --host.
   • Click the "Add Resource" button on <console-url>/app/hosts and navigate to Manual Install.

3. Edit /etc/capsule8/capsule8-sensor.yaml

   policy_input:
     url: https://console.mycompany.com/policy/via-metadata
     headers:
       Authorization: "BEARER $token"

4. Restart the sensor.

Once the above configuration is complete, the sensor periodically requests the most up-to-date policy set from the Console. Initially, there are no user configurations, so a default configuration is returned.

When this feature is enabled, users can Manage the Sensor from the Console and Deploy Detection Policy Sets on the Console.

Notes

Using policy_input in /etc/capsule8/capsule8-sensor.yaml will ignore any configuration in /etc/capsule8/capsule8-analytics.yaml.