There are two ways in which AlienVault HIDS agent can be installed on a Microsoft Windows system.
- Automatically install a pre-configured agent on the host from the AV server or download it and install it on the host yourself. The pre-configured installer has the server IP and authentication key configured automatically.
- Download a binary installer and manually install and configure it on the host yourself.
Installing HIDS agent using a Pre-configured Binary Installer
To install AlienVault HIDS agent using a pre-configured binary installer, login to AV and navigate to Environment > Detection > HIDS > AGENTS.
Under AGENT INFORMATION page, select an agent for a specific Windows host you want to monitor (only if the agent has been added). As an example, my Windows host IP address is 192.168.43.143. See the screenshot below.
Click on the button for the specific Windows host under the actions column to generate and download the pre-configured agent installer. The installer will be named as ossec_installer_ID.exe where ID is the ID number of the host agent on the server.
Once downloaded, copy the installer to the host, right click it and run it as administrator to install it. When installation is complete, you should see a screen like the one shown in screenshot below.
Click Close button to exit the installer. The agent is installed at C:\Program Files (x86)\ossec-agent.
To check the status of the agent, navigate to install folder and run the win32ui.exe application to launch the agent manager from where you can check that status, restart, or view agent logs, view server IP and authentication code.
Alternatively, you can deploy the agent automatically from the server. Click on the button. This opens up Automatic Deployment Window where you need to enter the domain, the user and the password for remote host to perform deployment. The account used needs to have administrator rights.
Installing and configuring Windows agent manually
Download the binary installer from here, copy it to the host, and run the installer as administrator to install it. When installation completes, click Next and then the Finish button to start Agent Manager.
On OSSEC Agent Manager window, enter the IP address of the server and extract the agent authentication key from the server and paste in on the agent manager. After that save the configurations. When configurations are saved, the agent ID, Name and IP address is displayed. This should match with the details of the agent on the server.
Once the agent is added, click on the Manage Tab and start OSSEC agent.
The agent is now running. You can click on the View > View logs to view the agent logs.
If you login back to the server, the agent status must have changed from disconnected to active state.
That is all it takes to install and setup AlienVault HIDS agent on a Windows host.
You may also be interested in checking our previous article on Installing AlienVault HIDS agent on a LInux host.