Use Scripts to Deploy Deep Security Manager and Agent
Trend Micro provides several utilities and scripts that you can adapt to your environments for deploying and monitoring Deep Security Manager. The deep-securityGitHub repositories contain the following useful scripts:
- CloudFormation templates for deploying Deep Security Manager to AWS.
- Configuration files that contain parsing logic, saved searches, and dashboards for monitoring Deep Security via Splunk
- Bash and Powershell scripts for automating various Agent and Manager tasks.
See the README for each repository to discover the level of support that Trend Micro provides for the script or utility.
Generate an agent deployment script
Use the API to generate deployment scripts to automate the installation of theagent on a computer.
For background information about these scripts, see Use deployment scripts to add and protect computers in the Deep Security Help Center.
General steps
Use the following general procedure to generate a deployment script:
- Create an AgentDeploymentScript object and configure the properties:
- The only required property is the platform of the target computer.
- Properties that are used for downloading the agent software are the Deep Security Manager proxy ID and whether to require the manager to be using a valid certificate for securing the connection.
- All other properties are useful only if you want the script to activate the agent.Create an
AgentDeploymentScriptobject and configure the properties:
- Create an
AgentDeploymentScriptsApiobject and use it with theAgentDeploymentScriptto send a request to Deep Security Manager to create the script. The returned object is anAgentDeploymentScriptthat stores the script in thescript_body(Python) orscriptBody(JavaScript and Java) property.
For more information about the properties and operations, see the Agent Deployment Scripts operations in the API Reference.
The following example creates the most basic deployment script where only the platform is specified:
deployment_script = api.AgentDeploymentScript() deployment_script.platform = platform
const deploymentScript = new api.AgentDeploymentScript(); deploymentScript.platform = platform;
AgentDeploymentScript deployScript = new AgentDeploymentScript(); deployScript.setPlatform(platform);
Then, the request to create the script is sent to Deep Security Manager. The returned value contains the script:
deployment_scripts_api = api.AgentDeploymentScriptsApi(api.ApiClient(configuration)) deployment_script = deployment_scripts_api.generate_agent_deployment_script(api_version, agent_deployment_script = deployment_script)
const agentDeploymentScriptsApi = new api.AgentDeploymentScriptsApi();
agentDeploymentScriptsApi.generateAgentDeploymentScript(apiVersion, {agentDeploymentScript: deploymentScript})
AgentDeploymentScriptsApi agentDeploymentScriptsApi = new AgentDeploymentScriptsApi(); deployScript = agentDeploymentScriptsApi.generateAgentDeploymentScript(deployScript, apiVersion);
Example
The following example shows the configuration of many aspects of a deployment script. Once you generate the agent deployment script, you can save the script to a file on the target computer and run it. Although the following example does not perform those activities, you can adapt it to do so, automating the entire agent deployment process.
# Create the AgentDeploymentScript object and configure deployment_script = api.AgentDeploymentScript() deployment_script.platform = platform deployment_script.dsm_proxy_id = dsm_proxy_id deployment_script.validate_certificate_required = validate_certificate deployment_script.activation_required = activate deployment_script.computer_group_id = computer_group_id deployment_script.policy_id = policy_id deployment_script.relay_id = relay_id deployment_script.replay_proxy_id = relay_proxy_id deployment_scripts_api = api.AgentDeploymentScriptsApi(api.ApiClient(configuration)) deployment_script = deployment_scripts_api.generate_agent_deployment_script(api_version, agent_deployment_script = deployment_script) return deployment_script.script_body
// Create the AgentDeploymentScript object and configure
const deploymentScript = new api.AgentDeploymentScript();
deploymentScript.platform = platform;
deploymentScript.dsmProxyID = dsmProxyID;
deploymentScript.validateCertificateRequired = validateCertificate;
deploymentScript.activationRequired = activate;
deploymentScript.computerGroupID = computerGroupID;
deploymentScript.policyID = policyID;
deploymentScript.relayID = relayID;
deploymentScript.relayProxyID = relayProxyID;
// Add the AgentDeploymentScript to an object
const options = {
agentDeploymentScript: deploymentScript
};
// Obtain the agent deployment script from Deep Security Manager and return the script
const agentDeploymentScriptsApi = new api.AgentDeploymentScriptsApi();
agentDeploymentScriptsApi
.generateAgentDeploymentScript(apiVersion, options)
.then(returnedAgentDeploymentScriptObject => {
resolve(returnedAgentDeploymentScriptObject.scriptBody);
})
.catch(error => {
reject(error);
});
// Create the AgentDeplotmentScript object AgentDeploymentScript deployScript = new AgentDeploymentScript(); deployScript.setPlatform(platform); deployScript.setDsmProxyID(dsmProxyID); deployScript.setValidateCertificateRequired(validateCertificate); deployScript.setActivationRequired(activate); deployScript.setComputerGroupID(computerGroupID); deployScript.setPolicyID(policyID); deployScript.setRelayGroupID(relayID); deployScript.setRelayProxyID(relayProxyID); // Get the script from Deep Security Manager AgentDeploymentScriptsApi agentDeploymentScriptsApi = new AgentDeploymentScriptsApi(); deployScript = agentDeploymentScriptsApi.generateAgentDeploymentScript(deployScript, apiVersion);
Also see the Generate Agent Deployment Scripts operation in the API Reference.