Skip to content

Deploy AgentCQ from GPO

  1. Create a share accessible from all clients where the AgentCQ will be Deployed.

  2. Copy the the following files:

    file *
    WindowsAgents_*.msi Alt text
    Copy config.ps1 Alt text
    Agent.exe.Config Alt text
  3. Edit file “Copy config.ps1”

    powershell Copy-Item -Path \\FS_server\CQDeployShare\Agent.exe.Config -Destination "C:\Program Files\CyberQuestAgent" Stop-Service -Name CyberQuestAgent Start-Sleep -s 30 Start-Service -Name CyberQuestAgent

    Where \FS_server\CQDeployShare\ is the path for the copyed files in step 2.

  4. Edit “Agent.exe.Config” file

    xml <appSettings> <add key="connectorType" value="SIEM" /> <add key="server" value="" /> <!-- CQ Server IP Address --> <add key="serverProtocol" value="mq" /> <add key="ClientSettingsProvider.ServiceUri" value="" /> <add key="tenant" value="" /> <add key="compressData" value="false" /> <!-- Compress data true/false --> <add key="encryptData" value="false" /> <!-- Encrypt data true/false --> <add key="eventSyncQueueSize" value="10000" /> <add key="cleanupOlderLogsDays" value="7" /> <add key="throttleCollection" value="10000" /> <add key="mqUserName" value="cq" /> <add key="mqPassword" value="VRW7Zl7RreWg9Q==" /> <add key="mqHost" value="" /> <!-- CQ Server IP Address --> <add key="mqPort" value="5672" /> <add key="mqExchangeName" value="eventsExchange" /> <add key="mqQueueName" value="events" /> <add key="mqRouting" value="agents" /> <add key="AgentUUID" value="25c8c56b-b1a9-47c3-905d-cc2004701f3f" /> <add key="serverPort" value="8090" /> <add key="EventsThrottleQueueMaxSize" value="100000" /> </appSettings>

  5. Go to Domain Controller and open “Group Policy Management”

  6. Right click on the “Organization Unit” where the Policy will be applied (Ex. “Computers” OU) and select “Create a GPO in this domain, and Link it here…”

  7. Name the new GPO “CQ Deploy GPO” and click “OK” button

    Alt text

  8. Right click on the new created GPO and select “Edit” option

  9. Navigate to “Computer Configuration > Policies > Software Settings > Software Installation”

  10. Right click on “Software Installation” and select “New > Package…”

  11. Browse to the share location created in step 1 and configured in step 3 (\FS_server\CQDeployShare), select the MSI file and click “Open” button

  12. Select “Assigned” option and click “OK” button

    Alt text

  13. Navigate to “Computer Configuration > Policies > Windows Settings > Scripts (Startuo/Shutdown)”, right click on “Startup” and select “Proprieties”

  14. Go to “PowerShell Scripts” tab and press on “Show Files…” button

  15. In the new File Explorer window copy the PowerShell script file (Copy config.ps1) from the shared folder created on step 1

    Alt text

  16. Click on “Add…” button, click on “Browse” button, select the PowerShell Script “Copy config.ps1” and click “Open” and then “OK” > ”Apply” > “OK”

    Alt text

  17. Close “Group Policy Management Editor”, right click on the new GPO and select “Enforced” option

    Alt text