Setting up Endpoint Protection Using Scripting

The endpoint protection agent runs on hosts you want to monitor and communicates with the Barracuda XDR manager, sending data in real-time through an encrypted and authenticated channel.

To identify the URL to use in your scripts

1. In Barracuda XDR Dashboard, click Download > Endpoint Protection.
2. In the Step 2 section, copy the appropriate install URL to use in the script:
   • Linux (.rpm): https://dashboard-dev.skoutsecure.com/downloads/sentinelone?os=linux&fileType=.rpm&org=Skout+Corporate&key=34fca2646def71a81d43ed62e4d38847
   • Linux (.deb): https://dashboard-dev.skoutsecure.com/downloads/sentinelone?os=linux&fileType=.deb&org=Skout+Corporate&key=34fca2646def71a81d43ed62e4d38847
   • macOS: https://dashboard-dev.skoutsecure.com/downloads/sentinelone?os=macos&fileType=.pkg&org=Skout+Corporate&key=34fca2646def71a81d43ed62e4d38847
   • Windows:  https://dashboard-dev.skoutsecure.com/downloads/sentinelone?os=windows&fileType=.msi&org=Skout+Corporate&key=34fca2646def71a81d43ed62e4d38847
3. Use the appropriate URL in your script.
4. Make a note of the site token in the Step 3 section to use it during installation.

Script Requirements

The service must communicate outbound and inbound from ports 1514 and ports 1515, so edit any firewall policies accordingly, if applicable, to agentlogs.XDRsecure.com.

The installation script must be run as an Administrator on Windows or as a sudo user on Linux/macOS.

To run scripts

1. Download the install script for the type of operating system your device uses. If you are running a legacy version of Windows that does not have PowerShell, ensure you download the .bat file

2. As an administrator, open the command prompt (no PowerShell) or PowerShell, and navigate to the directory where the installation script was installed
   Windows: Execute the script using ./Wazuh-Windows.ps1 (PowerShell) OR ./Wazuh-Windows.bat (No PowerShell)
   Linux / macOS: In the terminal, give the script executable permissions (chmod +x macOS.sh, for example).
   Execute the script using ./(nameofscript).sh

3. When prompted, enter the site token from step 4 of the procedure above.

4. Confirm installation by checking that the service is running
   Windows: In PowerShell, "Get-Service Wazuh" -- If this returns "Running", then the installation was successful. If not, contact the SOC at soc@XDRsecure.com.
   Linux / macOS: In the terminal, type "ps aux | grep 'Wazuh'" -- If this returns multiple services like wazuh-authd, the installation was successful. If not, contact the SOC at soc@XDRsecure.com.