Skip to main content
Version: GuardMode 2023.2

Agent CLI Reference

Tip.

Required parameters in the table below are marked with an asterisk (*).

CommandParametersDescriptionUsage
run

--enable-watcher - Enable filesystem watcher, default: True

-h/--help - Show help text

Start Catalogic GuardMode Agent.Catalogic.GuardMode.Agent.exe run
register dpx

-u/--username* - Agent REST API username

-p/--password* - Agent REST API password

--operating-system - Current OS

--group-name - DPX node group name, default: DefaultGroup

-h/--help - Show help text

Register current agent as a DPX security node. You have to add a DPX instance as notification provider before using this command.Catalogic.GuardMode.Agent.exe register dpx --username <value> --password <value> [options]
deregister dpx

--id - DPX notification provider ID

-h/--help - Show help text

Deregister current agent as DPX security node.Catalogic.GuardMode.Agent deregister dpx [options]
config list notification-provider dpx

--id - DPX notification provider id

-h/--help - Show help text

List registered DPX notification providers.Catalogic.GuardMode.Agent.exe config list notification-provider dpx [options]
config add notification-provider dpx

-u/--username* - DPX username

-p/--password - DPX password, ENV variable: GMA_DPX_PASSWORD

--hostname* - DPX hostname

--batch-size - Maximum events batch size, default: 200

--enabled - Enable DPX notification provider, default: True

--send-frequency - Notification sending frequency in seconds, default: 5

-h/--help - Show help text

Add a DPX instance as a notification provider.Catalogic.GuardMode.Agent.exe config add notification-provider dpx --username <value> --password <value> --hostname <value> [options]
config update notification-provider dpx

--id* - DPX notification provider id

-u/--username - DPX username

-p/--password - DPX password

--hostname - DPX hostname

--batch-size - Maximum events batch size, default: 200

--enabled - Enable DPX notification provider, default: True

--send-frequency - Notification sending frequency in seconds, default: 5

-h/--help - Show help text

Update DPX notification provider configuration.Catalogic.GuardMode.Agent.exe config update notification-provider dpx --id <value> [options]
config remove notification-provider dpx

--id* - DPX notification provider id

-h/--help - Show help text

Remove a DPX instance from the notification provider configuration.Catalogic.GuardMode.Agent.exe config remove notification-provider dpx --id <value> [options]
config list notification-provider syslog

--id - Syslog notification provider ID

-h/--help - Show help text

List Syslog notification providers.Catalogic.GuardMode.Agent.exe config list notification-provider syslog [options]
config add notification-provider syslog

--hostname* - Syslog hostname or IP address

--port - Syslog port, default: 514

--tls-enabled - Enable TLS communication, default: False

--validate-tls-certificate - Enable TLS certificate validation, default: True

--tls-certificate-path - Path to certificate file

--application-name Application name which will be included in Syslog messages, default: Catalogic-Guard-Mode-Agent

--output-template - Serilog message format, default: "[{Level:u3}]: {Message:l}{Exception}"

--protocol Syslog communication protocol, default: TCP, available: TCP, UDP

--batch-size - Maximum events batch size, default: 200

--enabled - Enable DPX notification provider, default: True

--send-frequency - Notification send frequency, default: 5

-h/--help - Show help text

Add a Syslog server as a notification provider.Catalogic.GuardMode.Agent.exe config add notification-provider syslog --hostname <value> [options]
config update notification-provider syslog

--id* - Syslog notification provider ID

--hostname - Syslog hostname or IP address

--port - Syslog port, default: 514

--tls-enabled - Enable TLS communication, default: False

--validate-tls-certificate - Enable TLS certificate validation, default: True

--tls-certificate-path - Path to certificate file

--application-name Application name which will be included in Syslog messages, default: Catalogic-Guard-Mode-Agent

--output-template - Serilog message format, default: [{Level:u3}]: {Message:l}{Exception}

--protocol Syslog communication protocol. default: TCP, available: TCP, UDP

--batch-size - Maximum events batch size, default: 200

--enabled - Enable DPX notification provider, default: True

--send-frequency - Notification sending frequency in seconds, default: 5

-h/--help - Show help text

Update Syslog notification provider configuration.Catalogic.GuardMode.Agent.exe config update notification-provider syslog --id <value> [options]
config remove notification-provider syslog

--id* - Syslog notification provider ID

-h/--help - Show help text

Remove a Syslog server from the notification provider configuration.Catalogic.GuardMode.Agent.exe config remove notification-provider syslog --id <value> [options]
config update notification-provider log

--batch-size - Maximum event batch size

--enabled - Enables log notification provider

--send-frequency-seconds - Interval, in seconds, between each batch of sent notifications

-f|--file - Path to the configuration file, default: appsettings.json

-h/--help - Show help text

Update log notification provider configuration.

Catalogic.GuardMode.Agent config update notification-provider log [options]
registration-token set

-t|--token - Token value. If not set, a random string will be used instead, ENV variable: GM_REGISTRATION_TOKEN.

-h/--help - Show help text

Sets registration token used to authenticate registration with management server.Catalogic.GuardMode.Agent registration-token set [options]
config update basic-authentication

-u/--username - Username for REST API basic authentication, default: sysadmin

-p/--password* - Password for REST API basic authentication

-f/--file - Path to file where credentials will be saved, default: appsettings.json

-h/--help - Show help text

Save basic authentication credentials into appsettings.json file.Catalogic.GuardMode.Agent.exe config update basic-authentication --password <value> --username <value> [options]
config merge

--file* - Path to the configuration file that will be merged the current configuration

-h/--help - Show help text

Merge provided configuration file with current configuration.Catalogic.GuardMode.Agent.exe config merge --file <PathToOldConfigurationFile>
config update smb

--enabled - Enables the SMB TCP listener

-p|--port - A port on which agent will listen to SMB rsyslog messages through TCP

-t|--template - SMB message template. It has to match the full_audit:prefix value from smb.conf file

--end - End marker of rsyslog message

-h/--help - Show help text

Update SMB monitoring configuration. SMB monitoring is only supported on Linux.Catalogic.GuardMode.Agent config update smb [options]
scan execute

directorypaths* - Paths to the scanned directories

--update-interval - Interval, in seconds, between scan diagnostic information prompts, default: 5

--check-blocklist - If true, file names will be analyzed during scan to find files with suspicious names often used by ransomware, default: False

--send-alert-notifications - If true, send out alerts on suspicious file found, default: True

-h/--help - Show help text

Execute a file scan on specific directories.Catalogic.GuardMode.Agent scan execute <directorypaths...> [options]
scan list-h/--help - Show help textList information about all scans.Catalogic.GuardMode.Agent.exe scan list [options]
scan show

id* - ID of a scan

-h/--help - Show help text

Shows scan details.Catalogic.GuardMode.Agent.exe scan show [options]