Agents

Overview of the Agents page for managing Aegis agents used in internal attack surface scanning

Overview

The Agents page is where you manage the Aegis agents deployed inside your network. In the Praetorian Guard Platform (PGP), agents are lightweight binaries that run as system services on machines within your environment, enabling Guard to perform internal attack surface scanning. Without agents, Guard's visibility is limited to your external, cloud, and application attack surfaces. Deploying agents extends that visibility into your internal network — Active Directory, internal services, file shares, databases, and more.

Note: Aegis is not an AI agent. An Aegis agent is a Velociraptor-based endpoint agent deployed to target systems that executes VQL (Velociraptor Query Language) security capabilities — essentially a lightweight, remotely-orchestrated sensor that runs scanning, detection, and collection tasks on hosts as directed by the Chariot platform.

Before Agents Are Set Up

When you first navigate to the Agents page and no agents have been deployed, the page provides everything you need to get started:

  • Platform-specific installer downloads — One-click downloads for each supported platform, including Windows (MSI), Linux (DEB/RPM), and OVA virtual appliance options.

  • Deployment instructions — Guidance for installing and configuring the agent on each supported operating system.

No agent data will be displayed until at least one agent has been installed and has established a connection back to Guard. For detailed steps on installing your first agent, including prerequisites, network requirements, and platform-specific instructions, refer to the Agent Installation and Deployment Guide in the documentation.

The Agents Page With Deployed Agents

Once one or more agents have been installed and connected, the Agents page serves as your central management console. For each deployed agent, the page displays:

  • Hostname — The name of the machine the agent is running on.

  • IP Addresses — The network addresses associated with the agent's host.

  • Status — Whether the agent is currently online (connected and communicating with Guard) or offline (not connected to Guard's infrastructure).

  • Health Monitoring — Information about the agent's system resources, connectivity, and service status, giving you visibility into whether each agent is operating as expected.

Agent States

Each agent reports its connectivity status to Guard:

  • Online — The agent is connected to Guard's management infrastructure and operating normally. Online agents can receive scanning capabilities and report results back to the platform.

  • Offline — The agent is not currently connected to Guard. This can occur if the host machine is powered off, the agent service has stopped, or network connectivity between the agent and Guard's infrastructure has been interrupted.

Health monitoring provides additional context beyond connectivity, tracking system resources and service status on each agent's host. This helps you identify agents that may be connected but experiencing resource constraints or other conditions that could affect scanning performance.

How Agents Connect

Agents communicate with Guard's cloud infrastructure through encrypted channels using mutual TLS authentication. The connection is outbound-only — agents reach out to Guard, so no inbound firewall rules are required. Once connected, Guard pushes scanning capabilities to agents on demand with no manual configuration needed on the agent side.

For network requirements, firewall rules, and detailed setup instructions, refer to the Agent Installation and Deployment Guide.

Support

If you need assistance with agent deployment or management, reach out to our support team at support@praetorian.com.