Arctic Wolf Agent
Overview of Agent installation Direct link to this section
Arctic Wolf® Agent provides additional intelligence to the Arctic Wolf Managed Risk and Managed Detection and Response solutions, and is offered as an included component of either solution.
Tip: For customers using Arctic Wolf Managed Risk, see Arctic Wolf Agent Scans.
Supported operating systems Direct link to this section
Arctic Wolf Agent is compatible with these operating system (OS) versions:
- Windows:
- Windows 11 for 64-bit systems
- Windows 10 Pro, 8.1, 8, and 7 Enterprise for 64-bit and 32-bit systems
- Windows Server 2022, 2019, 2016, 2012 R2, 2012, and 2008 R2 for 64-bit systems
- Windows 11 IoT, Windows 10 IoT, and 8.1 Embedded for 64-bit systems
Tip: Sysmon, in addition to Arctic Wolf Agent, has these OS requirements:
- Windows 8.1 or newer for 64- and 32-bit systems
- Windows Server 2012 or newer for 64-bit systems
- macOS:
- macOS 10.14 or newer for 64-bit systems
- Linux:
- Amazon Linux 2
- CentOS 7 and 8
- CentOS Stream 9
- Debian 11.2 (Stable)
- Linux Mint 20.3
- Oracle Linux 8.5
- Red Hat 7 and 8
- Ubuntu 16.04, 18.04, and 20.04
Notes:
- Vulnerability scanning is not supported on CentOS.
- The following are installed dependencies:
- For Ubuntu, Debian, Linux Mint:
libc6 (>= 2.7), lsb-release, debconf, adduser, iptables, systemd, debianutils, bsdutils, procps, iproute2, dnsutils, hostname, coreutils, network-manager, usbutils, lshw, and net-tools. - For Amazon, CentOS, Oracle Linux, Red Hat:
coreutils, iptables, systemd, which, lshw, hostname, and net-tools.
- For Ubuntu, Debian, Linux Mint:
System requirements Direct link to this section
-
At a minimum, dual-core CPU
-
At a minimum, 2 GB of memory
Note: Although Agent is designed to maintain a minimal footprint on all systems, Arctic Wolf recommends certain operating system requirements. Arctic Wolf cannot guarantee Arctic Wolf Agent functionality on virtual machine (VM) environments if resources do not meet recommended levels.
Before you begin Direct link to this section
Before you install Arctic Wolf Agent:
- If you are installing Arctic Wolf Agent alongside antivirus, endpoint scanning, or similar software, you must add Arctic Wolf Agent to the AllowList in those applications for Arctic Wolf Agent to operate correctly. See Arctic Wolf Agent Processes for more information.
- You must add all necessary Arctic Wolf Agent DNS entries to your AllowList to ensure proper functionality. To see the complete list of IP addresses that you must allowlist, go to the Arctic Wolf Portal, and then click Account > Arctic Wolf IP Addresses. The IP addresses that must be allowlisted are listed under If you use Arctic Wolf Agent.
Note: Do not install Arctic Wolf Agent on an endpoint that already has Wazuh installed.
Agent installation requirements Direct link to this section
To install Arctic Wolf Agent, you must:
- Be an administrator or capable of performing admin/root level functions.
- Have the Arctic Wolf Agent
.zipcontents extracted into the same folder. These contents vary depending on operating system, including:- Windows — The
.msifile and thecustomer.jsonfile. - macOS — The
.pkgfile and thecustomer.jsonfile. - Linux — The
arcticwolfagent_<version>.<deb|rpm>package file and thecustomer.jsonfile.
- Windows — The
Caution:
- Do not make any edits to the
customer.jsonfile. Editing this file causes installation errors. - Do not save the Agent installer or
customer.jsonto publicly accessible storage.customer.jsonshould be kept confidential.
Agent installation options Direct link to this section
To install Arctic Wolf Agent on a single endpoint, see Installing a Single Arctic Wolf Agent.
To bulk install Arctic Wolf Agent on several endpoints, follow the guide for your operating system:
| Operating system | Installation tools | Guide |
|---|---|---|
| Windows |
|
Installing Arctic Wolf Agent on Windows |
| macOS |
|
Installing Arctic Wolf Agent on macOS |
| Linux |
|
Installing Arctic Wolf Agent on Linux |
Sysmon installation Direct link to this section
To install Sysmon for Agent on Windows endpoints, see Installing Sysmon for Arctic Wolf Agent on Windows.
Uninstalling Agent Direct link to this section
To uninstall Arctic Wolf Agent from a single endpoint, see Uninstalling a Single Arctic Wolf Agent.
To bulk uninstall Arctic Wolf Agent from several endpoints, follow the guide for your operating system:
| Operating system | Guide |
|---|---|
| Windows | Uninstalling Arctic Wolf Agent on Windows |
| macOS | Uninstalling Arctic Wolf Agent on macOS |
| Linux | Uninstalling Arctic Wolf Agent on Linux |