Active Agent - Delete
376 views
Skip to first unread message
Sharo V
Feb 20, 2023, 1:32:10 AM2/20/23
to Wazuh mailing list
Dear Team,
We know how to delete inactive, disconnected agents. But we have delete unwanted agents who are still reporting to the server.
Is there a way to hard delete active agents using the backend?
Thanks
Sharo
Octavio Valle López
Feb 20, 2023, 2:04:27 AM2/20/23
to Wazuh mailing list
Hi, Sharo.
There are two different ways to remove agents from the Wazuh Manager. Please refer to these documentations:
1. Remove agents using the CLI: https://documentation.wazuh.com/current/user-manual/agents/remove-agents/remove.html
2. Remove agents using the Wazuh API: https://documentation.wazuh.com/current/user-manual/agents/remove-agents/restful-api-remove.html
This is a more user-friendly solution, using the WUI. For this you must log in to the Wazuh WUI and go to the menu: Wazuh -> Tools -> API Console.
Within the menu you should execute a request to remove the agent.
but I understand that what you want to do is remotely uninstall the agent from the manager? or just want to block the connection against the manager?
This is so? could you confirm it?
There are two different ways to remove agents from the Wazuh Manager. Please refer to these documentations:
1. Remove agents using the CLI: https://documentation.wazuh.com/current/user-manual/agents/remove-agents/remove.html
2. Remove agents using the Wazuh API: https://documentation.wazuh.com/current/user-manual/agents/remove-agents/restful-api-remove.html
This is a more user-friendly solution, using the WUI. For this you must log in to the Wazuh WUI and go to the menu: Wazuh -> Tools -> API Console.
Within the menu you should execute a request to remove the agent.
This is so? could you confirm it?
Sharo V
Mar 3, 2023, 1:20:22 AM3/3/23
to Wazuh mailing list
Hi Octavio,
The above links are working only for disconnected agents. But want to delete the agents irrespective of agent status.
Thanks
The above links are working only for disconnected agents. But want to delete the agents irrespective of agent status.
Thanks
Sharo
Sandra Ocando
Mar 10, 2023, 12:04:39 PM3/10/23
to Sharo V, Wazuh mailing list
Hi Sharo,
The remove agents methods mentioned by Octavio allow you to delete agents regardless of their status. For instance, you can specify
status=all in the DELETE /agents call.That being said, active agents will try to regain communication with the manager via auto-enrollment. That's why they may reappear after erasing them.
There's no hard way to delete these agents from the Wazuh manager. Ideally, you should uninstall them from the endpoints.
If uninstalling the agents is not possible and you want to delete them and make sure that they don't get registered again, you could add an extra security measure in your manager.
For example, you may add a registration password or change the current one and then delete the unwanted agents. This way, the deleted agents won't be able to register again.
Note that while these changes won't affect the already registered agents, it's recommended to update them in case the agents need to re-register.
Let us know if you have any questions.Best regards,
Sandra.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/04a551d1-b6ea-4043-92c6-175a2a2935efn%40googlegroups.com.
Sharo V
Mar 15, 2023, 5:14:22 AM3/15/23
to Wazuh mailing list
Thanks for your help.
Occupied with other activities. Would come back if we struck.
Occupied with other activities. Would come back if we struck.
Reply all
Reply to author
Forward
0 new messages