Deployed on the Docker runtime
Note that the ThreatStryker sensor is not limited to observing only docker containers. The sensor can also scan and observe other processes on the host.
You can observe and manage a bare-metal or VM-based host by installing a docker runtime within, specifically to run the ThreatStryker sensor container.
ThreatStryker Agents (Linux)
The host or VM to be used for the Deepfence agents needs to have the docker runtime installed on it.
Download the following script: start-agent.sh 🔗
To authenticate to the docker image repository, run the following command:
docker login quay.io
When prompted, please provide the credentials sent by email.
Run the script in that directory as follows:
bash start-agent.sh -r <IP_ADDRESS_OF_UI_MACHINE> -k xxxxxxxx
ThreatStryker Agents (Windows)
Deepfence Agents on Windows are experimental. Thy have been tested (but are not supported) on Windows Server greater than 1709, and require virtualization support (Azure VMs with V3 family disks).
Open PowerShell command prompt
Execute the command
Go to the directory
Run the script
The above scripts checks and installs the dependencies, and if required, will restart the server for the new installations to reflect
Now, run the script
The above scripts checks and installs dependencies post restart.
To start the ThreatStryker agent, if the IP address of the VM or host that has the ThreatStryker management console is 192.168.1.10, use the following command:
/run-deepfence.ps1 -r 192.168.1.10 -cve_scan_dir "C:\Program Files"
Start/Stop/Restart ThreatStryker agent
run-deepfence.ps1 script stops any existing running ThreatStryker agent instance before it starts a new instance. This script can be used to restart ThreatStryker agent in case there is any change in the parameters passed to the agent.
To stop the ThreatStryker Agent, use
If Docker is already pre-installed, make sure the Docker server’s
daemon.json has experimental field set to true.
daemon.json can be found at its default location
Using a Proxy Server with Docker
If ThreatStryker management console is accessed through a proxy server, add the proxy server details to the docker configuration.
Edit the file:
~/.docker/config.json, and add the following content. Remember to change the proxy server ip address from 22.214.171.124 to your proxy server ip:
"User-Agent": "Docker-Client/19.03.1 (linux)"
Restart the docker daemon:
sudo systemctl restart docker
ThreatStryker agent VMs do not require any changes for proxy server.