Agent Deployment
Deploy agents to your fleet using enrollment tokens or the Agent Package Builder.
Agent Overview
The VigilPrism agent is a lightweight daemon that runs on endpoints to:
- Perform security audits (55+ Windows checks, 60+ Linux checks)
- Detect vulnerabilities by scanning installed software
- Report results to the central server via HTTPS
- Execute on-demand and scheduled scans
Resource Usage
Idle CPU
< 1%
Memory
50-100 MB
Disk
50 MB
Network
Outbound only
Method 1: Agent Package Builder
The Agent Package Builder creates pre-configured installer packages with embedded server URL and enrollment token. No manual configuration required on endpoints.
- 1Open the Dashboard
Navigate to Settings → Agent Deployment
- 2Configure Package
Select target platform (Linux/Windows), enter server URL, and create or select an enrollment token
- 3Build Package
Click "Build Package" to generate a self-extracting installer
- 4Deploy to Endpoints
Download and run the installer on target machines
# Linux/macOS - Run the self-extracting installer
chmod +x vigilprism-agent-install.run
sudo ./vigilprism-agent-install.run
# Windows - Double-click or run as Administrator
# Right-click vigilprism-agent-install.exe → Run as administrator
The Windows installer is a self-extracting executable that automatically handles existing service removal before installing the new agent.
Method 2: Manual Deployment
For more control or automation workflows, deploy agents manually with enrollment tokens.
Step 1: Create Enrollment Token
Via dashboard: Settings → Enrollment Tokens → Create
Or via API:
curl -X POST http://server:8000/api/v1/agents/enrollment-token \
-H "Authorization: Bearer $TOKEN" \
-d '{"name": "Production", "expires_days": 30}'Step 2a: Deploy on Linux
# Download agent binary
wget https://download.vigilprism.com/agent/latest/linux-x64
chmod +x linux-x64
sudo mv linux-x64 /opt/vigilprism/vigilprism-agent
# Create configuration
sudo mkdir -p /etc/vigilprism
sudo cat > /etc/vigilprism/agent.yaml << EOF
server_url: https://vigilprism.example.com
enrollment_token: enr_xxxxxxxxxxxxxxxxx
EOF
# Start agent
sudo /opt/vigilprism/vigilprism-agent
Step 2b: Deploy on Windows
# Create config directory
New-Item -ItemType Directory -Path "C:\ProgramData\VigilPrism" -Force
# Create config file
@"
server_url: https://vigilprism.example.com
enrollment_token: enr_xxxxxxxxxxxxxxxxx
"@ | Out-File "C:\ProgramData\VigilPrism\agent.yaml" -Encoding UTF8
# Start agent
& "C:\Program Files\VigilPrism\vigilprism-agent.exe"
Agent Configuration
Configuration file location:
# Linux
/etc/vigilprism/agent.yaml
# Windows
C:\ProgramData\VigilPrism\agent.yaml
Configuration Options
# Required
server_url: https://vigilprism.example.com
enrollment_token: enr_xxxxxxxxxxxxxxxxx
# Scheduling
audit_schedule: "0 2 * * *" # Daily at 2 AM
vuln_schedule: "0 3 * * 0" # Weekly on Sunday
heartbeat_interval: 60 # Seconds
# Tags for organization
tags:
- production
- linux
- webserver
# Network settings
tls_verify: true
connect_timeout: 30
Fleet-Wide Deployment
Ansible Example
- name: Deploy VigilPrism Agent
hosts: all
become: yes
tasks:
- name: Copy agent binary
copy:
src: vigilprism-agent
dest: /opt/vigilprism/vigilprism-agent
mode: '0755'
- name: Create configuration
template:
src: agent.yaml.j2
dest: /etc/vigilprism/agent.yaml
- name: Start agent service
systemd:
name: vigilprism-agent
state: started
enabled: yes
Troubleshooting
Agent won't connect
Check connectivity to the server:
curl -v https://vigilprism.example.com/health
Invalid enrollment token
Tokens expire. Generate a new one in the dashboard or via API.
TLS certificate errors
Ensure server certificate is valid, or for testing only:
tls_verify: false # Testing only!
View agent logs
# Linux
journalctl -u vigilprism-agent -f
# Windows
Get-Content "C:\ProgramData\VigilPrism\logs\agent.log" -Tail 50