Skip to main content
Version: GuardMode 2022.1

Agent CLI Reference

CategoryCommandParametersDescription
Run agentrun
  • -h/--help - Shows help text.

Start Catalogic ransomware detection agent.

USAGE:
Catalogic.GuardMode.Agent.exe run

Register agent as DPX noderegister dpx
  • -u/--username* - Agent REST API username
  • -p/--password* - Agent REST API password
  • --operating-system - Current OS name
  • --group-name - DPX node group name, default: DefaultGroup
  • -n/--name - DPX node name, default: Ransomware Detection Agent
  • -h/--help - Shows help text.

Register current agent as DPX security node. To run this command you need to add DPX notification provider first.

USAGE:
Catalogic.GuardMode.Agent.exe register dpx --username <value> --password <value> [options]

Manage notification providers configurationconfig add notification-provider dpx
  • -u/--username* - DPX username
  • -p/--password* - DPX password
  • --hostname* - DPX hostname
  • --batch-size - Maximum events batch size, default: 200
  • --enabled - Enable DPX notification provider, default: True
  • --send-frequency - Notification send frequency in seconds, default: 5
  • -h/--help - Shows help text

Add a DPX instance as notification provider.

USAGE:
Catalogic.GuardMode.Agent.exe config add notification-provider dpx --username <value> --password <value> --hostname <value> [options]

config list notification-provider dpx
  • --id - DPX notification provider id
  • -h/--help - Shows help text

List registered DPX notification providers.

USAGE:
Catalogic.GuardMode.Agent.exe config list notification-provider dpx [options]

config remove notification-provider dpx
  • --id* - DPX notification provider id
  • -h/--help - Shows help text

Remove a DPX instance from notification provider configuration.

USAGE:
Catalogic.GuardMode.Agent.exe config remove notification-provider dpx --id <value> [options]

config update notification-provider dpx
  • --id* - DPX notification provider id
  • -u/--username - DPX username
  • -p/--password - DPX password
  • --hostname - DPX hostname
  • --batch-size - Maximum events batch size
  • --enabled - Enable DPX notification provider
  • --send-frequency - Notification send frequency
  • -h/--help - Shows help text

Update DPX notification provider configuration.

USAGE:
Catalogic.GuardMode.Agent.exe config update notification-provider dpx --id <value> [options]

config add notification-provider syslog
  • --hostname* - Syslog hostname or IP address
  • --port - Syslog port. Default is 514 Default: "514".
  • --tls-enabled - Enable TLS communication. Default is false Default: "False".
  • --validate-tls-certificate - Enable TLS certificate validation Default: "True".
  • --tls-certificate-path - Path to certificate file
  • --application-name Application name which will be included in Syslog messages. Default is 'Catalogic-Guard-Mode-Agent' Default: "Catalogic-Guard-Mode-Agent".
  • --output-template - Serilog message format Default: "[{Level:u3}]: {Message:l}{Exception}".
  • --protocol Syslog communication protocol. Default is TCP. Choices: "Tcp", "Udp". Default: "Tcp".
  • --batch-size - Maximum events batch size. Default: "200".
  • --enabled - Enable DPX notification provider. Default: "True".
  • --send-frequency - Notification send frequency. Default: "5".

Add a Syslog server as notification provider

USAGE:

Catalogic.GuardMode.Agent.exe config add notification-provider syslog --hostname <value> [options]

config list notification-provider syslog
  • --id - Syslog notification provider ID

List Syslog notification providers

USAGE:

Catalogic.GuardMode.Agent.exe config list notification-provider syslog [options]

config remove notification-provider syslog
  • --id* - Syslog notification provider ID

Remove a Syslog server from notification provider configuration.

USAGE:

Catalogic.GuardMode.Agent.exe config remove notification-provider syslog --id <value> [options]

config update notification-provider syslog
  • --id* - Syslog notification provider ID
  • --hostname - Syslog hostname or IP address
  • --port - Syslog port. Default is 514 Default: "514".
  • --tls-enabled - Enable TLS communication. Default is false Default: "False".
  • --validate-tls-certificate - Enable TLS certificate validation Default: "True".
  • --tls-certificate-path - Path to certificate file
  • --application-name Application name which will be included in Syslog messages. Default is 'Catalogic-Guard-Mode-Agent' Default: "Catalogic-Guard-Mode-Agent".
  • --output-template - Serilog message format Default: "[{Level:u3}]: {Message:l}{Exception}".
  • --protocol Syslog communication protocol. Default is TCP. Choices: "Tcp", "Udp". Default: "Tcp".
  • --batch-size - Maximum events batch size. Default: "200".
  • --enabled - Enable DPX notification provider. Default: "True".
  • --send-frequency - Notification send frequency. Default: "5".

Update Syslog notification provider configuration

USAGE:

Catalogic.GuardMode.Agent.exe config update notification-provider syslog --id <value> [options]

Manage REST API basic authentication configurationconfig update basic-authentication
  • -u/--username - Username which will be used for rest api basic authentication
  • -p/--password - Password which will be used for rest api basic authentication
  • -f/--file - Path to file where credentials will be saved, default: appsettings.json
  • -h/--help - Shows help text

Save basic authentication credentials into appsettings.json file.

USAGE:
Catalogic.GuardMode.Agent.exe config update basic-authentication --password <value> --username <value> [options]

Merge configuration sections, this command is using during agent update to save configuration from previous version.config merge
  • --file - Path to the configuration file that should be merge to the current configuration

Merge provided configuration file with current configuration

USAGE:
Catalogic.GuardMode.Agent.exe config merge --file <PathToOldConfigurationFile>


\