Use Scripts to Deploy Deep Security Manager and Agent

Trend Micro provides several utilities and scripts that you can adapt to your environments for deploying and monitoring Deep Security Manager. The deep-security GitHub repositories contain the following useful scripts:

  • CloudFormation templates for deploying Deep Security Manager to AWS.
  • Configuration files that contain parsing logic, saved searches, and dashboards for monitoring Deep Security via Splunk
  • Bash and Powershell scripts for automating various Agent and Manager tasks.

See the README for each repository to discover the level of support that Trend Micro  provides for the script or utility.

Generate an agent deployment script

Use the API to generate deployment scripts to automate the installation of the agent on a computer.

For background information about these scripts, see Use deployment scripts to add and protect computers in the Deep Security Help Center.

General steps

Use the following general procedure to generate a deployment script:

  1. Create an AgentDeploymentScript object and configure the properties:
    • The only required property is the platform of the target computer.
    • Properties that are used for downloading the agent software are the Deep Security Manager proxy ID and whether to require the manager to be using a valid certificate for securing the connection.
    • All other properties are useful only if you want the script to activate the agent.Create an AgentDeploymentScript object and configure the properties:
  2. Create an AgentDeploymentScriptsApi object and use it with the AgentDeploymentScript to send a request to Deep Security Manager to create the script. The returned object is an AgentDeploymentScript that stores the script in the script_body (Python) or scriptBody (JavaScript and Java) property.

For more information about the properties and operations, see the Agent Deployment Scripts operations in the API Reference.

The following example creates the most basic deployment script where only the platform is specified:

Python
deployment_script = api.AgentDeploymentScript()
deployment_script.platform = platform
JavaScript
const deploymentScript = new api.AgentDeploymentScript();
deploymentScript.platform = platform;
Java
AgentDeploymentScript deployScript = new AgentDeploymentScript();
deployScript.setPlatform(platform);

Then, the request to create the script is sent to Deep Security Manager. The returned value contains the script:

Python
deployment_scripts_api = api.AgentDeploymentScriptsApi(api.ApiClient(configuration))
deployment_script = deployment_scripts_api.generate_agent_deployment_script(api_version, agent_deployment_script = deployment_script)
JavaScript
const agentDeploymentScriptsApi = new api.AgentDeploymentScriptsApi();
agentDeploymentScriptsApi.generateAgentDeploymentScript(apiVersion, {agentDeploymentScript: deploymentScript})
Java
AgentDeploymentScriptsApi agentDeploymentScriptsApi = new AgentDeploymentScriptsApi();
deployScript = agentDeploymentScriptsApi.generateAgentDeploymentScript(deployScript, apiVersion);

Example

The following example shows the configuration of many aspects of a deployment script. Once you generate the agent deployment script, you can save the script to a file on the target computer and run it. Although the following example does not perform those activities, you can adapt it to do so, automating the entire agent deployment process.

Python

View source

# Create the AgentDeploymentScript object and configure
deployment_script = api.AgentDeploymentScript()
deployment_script.platform = platform
deployment_script.dsm_proxy_id = dsm_proxy_id
deployment_script.validate_certificate_required = validate_certificate
deployment_script.activation_required = activate
deployment_script.computer_group_id = computer_group_id
deployment_script.policy_id = policy_id
deployment_script.relay_id = relay_id
deployment_script.replay_proxy_id = relay_proxy_id
try:
    deployment_scripts_api = api.AgentDeploymentScriptsApi(api.ApiClient(configuration))
    deployment_script = deployment_scripts_api.generate_agent_deployment_script(api_version, agent_deployment_script = deployment_script)
    return deployment_script.script_body
except api_exception as e:
    return "Exception: " + str(e)
JavaScript

View source

// Create the AgentDeploymentScript object and configure
const deploymentScript = new api.AgentDeploymentScript();
deploymentScript.platform = platform;
deploymentScript.dsmProxyID = dsmProxyID;
deploymentScript.validateCertificateRequired = validateCertificate;
deploymentScript.activationRequired = activate;
deploymentScript.computerGroupID = computerGroupID;
deploymentScript.policyID = policyID;
deploymentScript.relayID = relayID;
deploymentScript.relayProxyID = relayProxyID;= {
  agentDeploymentScript: deploymentScript
};= new api.AgentDeploymentScriptsApi();
agentDeploymentScriptsApi
  .generateAgentDeploymentScript(apiVersion, options)
  .then(returnedAgentDeploymentScriptObject => {
    resolve(returnedAgentDeploymentScriptObject.scriptBody);
  })
  .catch(error => {
    reject(error);
  });
Java

View source

// Create the AgentDeplotmentScript object
AgentDeploymentScript deployScript = new AgentDeploymentScript();
deployScript.setPlatform(platform);
deployScript.setDsmProxyID(dsmProxyID);
deployScript.setValidateCertificateRequired(validateCertificate);
deployScript.setActivationRequired(activate);
deployScript.setComputerGroupID(computerGroupID);
deployScript.setPolicyID(policyID);
deployScript.setRelayGroupID(relayID);
deployScript.setRelayProxyID(relayProxyID);= new AgentDeploymentScriptsApi();
deployScript = agentDeploymentScriptsApi.generateAgentDeploymentScript(deployScript, apiVersion);

Also see the Generate Agent Deployment Scripts operation in the API Reference.