Analyzing Data Collected by Agents

Owned by Todd Erickson
Last updated: Aug 09, 2023 by Shoyeb Shaikh
3 min read

The Cloudamize agents collect system and performance data from your machines. A detailed description of the data we collect is available on the Data Collected by Agents page.

In rare cases, customers would like to analyze the actual data collected by the Cloudamize Agents before beginning their assessment. This guide outlines the steps necessary to capture the data “over-the-wire” as-is is being sent from the Cloudamize Agent to the Cloudamize Server.

To review and analyze the data collected by Cloudamize Agents, without sending any data to Cloudamize, you can use a proxy server that captures traffic to /uploadFileV3, while allowing all other traffic to continue to am.cloudamize.com, am-de.cloudamize.com, or am-ae.cloudamize.com. The proxy server described in this guide resides inside your network and must be installed and configured by your network and security teams.

Note: This guide is provided as-is and is not supported by Cloudamize Support team. As no two networks are alike and there are multiple products that can be used as proxies, Cloudamize cannot provide support or give any technical assistance in setting up the proxy server of your choice.

As an example, instructions for setting up an NGINX proxy are available here.

Before Agents send data, they must register themselves with am.cloudamize.com in the US, am-de.cloudamize.com in Europe, or am-ae.cloudamize.com in the UAE. After they have registered themselves they will begin sending data to am.cloudamize.com/uploadFileV3 (or am-de or am-ae depending on the target region). Note that the string, File Successfully Uploaded!, should be included in the response to /uploadFileV3 for a successful file upload.

After setting up the proxy, install Cloudamize Agents using the following “no-op” customer key: 44ac3d540b1a180a69b3ac4789413d0bc272f9aed9ecc86512733b8ad1cd0c1c

Note: Data sent to Cloudamize using this “no-op” customer key will be rejected by Cloudamize. Because of this, Agents installed with the “no-op” customer key will need to be uninstalled and the Agent will need to be reinstalled with a valid customer key located at Cloudamize console before beginning an assessment.

Windows Agent

You can download the Windows agent here.

When prompted for your Customer Key, please use the following: 44ac3d540b1a180a69b3ac4789413d0bc272f9aed9ecc86512733b8ad1cd0c1c

To install the Agent from the command prompt as administrator use the following:

Case 1) Forward proxy

msiexec /i <Name of the downloaded .msi> customerkey=44ac3d540b1a180a69b3ac4789413d0bc272f9aed9ecc86512733b8ad1cd0c1c USE_PROXY=1 HTTPS_PROXY="https://www.your_own_proxy.com" PROXY_PORT="your_proxy_server_port" IS_SERVER_CERTIFICATE_SIGNED_BY_CA=0 /qn

If your proxy server requires authentication, use the following, updated command:

msiexec /i <Name of the downloaded .msi> customerkey=44ac3d540b1a180a69b3ac4789413d0bc272f9aed9ecc86512733b8ad1cd0c1c USE_PROXY=1 HTTPS_PROXY="https://www.your_own_proxy.com" PROXY_PORT="your_proxy_server_port" USE_PROXY_CREDENTIAL=1 PROXY_USER_NAME="user_name" PROXY_PASSWORD="password" IS_SERVER_CERTIFICATE_SIGNED_BY_CA=0 /qn

Case 2) Reverse proxy

msiexec /i <Name of the downloaded .msi> customerkey=44ac3d540b1a180a69b3ac4789413d0bc272f9aed9ecc86512733b8ad1cd0c1c SERVER_DOMAIN_NAME="reverse proxy domain name" SERVER_IP="reverse proxy ip" IS_SERVER_CERTIFICATE_SIGNED_BY_CA=0 ALLOW_HOSTS_FILE_UPDATE=1

If a reverse proxy is installed on a machine where the agent is installed, here is the example command.

Linux Agent

Prerequisites:

  • One of the following OSes:

    • Red Hat Enterprise Linux Server release 7.0 or higher

    • Oracle Linux 6.5 or higher

    • Ubuntu 16.04 or higher

    • CentOS release 7 or higher

    • Debian GNU/Linux 8.0 or higher

    • Amazon Linux AMI release 2013.03 or higher

    • Fedora release 12 or higher

    • Suse Linux 11 or higher

  • supported version of OpenSSL

  • Root and/or Wheel Group access

  • 350 MB persistent storage

  • The Install script requires wget to retrieve content, and curl to test/verify access to our data collection servers at am.cloudamize.com for US infrastructure, am-de.cloudamize.com for EU infrastructure, or am-ae.cloudamize.com for UAE infrastructure over port 443, either directly or through a corporate proxy.

    • If your system locally caches DNS resolution, you may need to resolve am.cloudamize.com to 35.171.170.26 or am-de.cloudamize.com to 18.194.12.63 to allow egress traffic. This feature is not currently available for our UAE region.

Note: The Linux agent/Agentless approach requires a user with root permissions to get PID-to-network mapping, certain hardware details, and data on logical/physical disk volumes. Become root user either through "sudo -s" or "su", most systems use sudo.  

Procedure:

Step 1:  Export your customer key.

Step 2:  Execute the following command to install the Cloudamize Agent and configure it to route the data through your own proxy server:

If your proxy server requires authentication, use the following, updated command.

Click here for steps to troubleshoot installation issues. 

Click here for instructions on how to uninstall the linux agents.

 

Agentless

You can download the Agentless installer here.

When prompted for your Customer Key, please use the following: 44ac3d540b1a180a69b3ac4789413d0bc272f9aed9ecc86512733b8ad1cd0c1c

To install the Agent from the command prompt as administrator use the following:

If your proxy server requires authentication, use the following, updated command: