TEAM: Huntress Managed Endpoint Detection and Response (EDR)
PRODUCT: Kaseya VSA RMM (Script), Huntress Agent for macOS
ENVIRONMENT: macOS
SUMMARY: Deploying the Huntress Agent script via Kaseya VSA RMM to macOS endpoints.
Installing any product should be a breeze and that's especially true with Huntress. We've created a deployment procedure for Kaseya VSA that installs the Huntress Agent on macOS endpoints (version 10.15+) without any user interruptions or reboots.
This only installs the Huntress Agent. It does not install the system extension or the network content filter, which are also needed for full EDR functionality, such as Host Isolation. Review the complete macOS installation instructions to make the right choice for your environment.
We are not able to offer comprehensive support for Kaseya VSA RMM. Refer to the Kaseya VSA RMM documentation for full details regarding the usage of Kaseya tools.
In this Article
Retrieve your Huntress Keys
Create Variable for Huntress Account Key
Import the Procedure into Kaseya
Assign Organizations
Deploy the Procedure
Troubleshooting
Retrieve your Huntress Keys
-
Log in to Huntress and go to the Agent Setup page.
- Get your Account and Organization keys. If you use Agent tags, have those ready as well.
Create Variable for Huntress Account Key
- Log in to Kaseya VSA and click Manage Variables.
- In the new window, create a new variable named HUNTRESS_ACCT_KEY.
- Set the variable value to your Huntress Account Key. Be sure to select the Org/Machine Group for the variable.
- Apply the changes.
Import the Huntress Deployment Procedure
- Download the Huntress Agent Deployment Procedure from Huntress and save it as an XML file.
- Log in to Kaseya, and go to Agent Procedures > Manage Procedures > Schedule / Create. Select the folder you want to import the procedure into and then click Import Folder/Procedure.
- In the Import Procedure/Folder window, browse to the XML file for the Huntress Agent Deployment Procedure and save it.
You should now see the Huntress Agent Deployment procedure.
Assign Organizations
The procedure automatically uses the Kaseya GroupName (vAgentConfiguration.groupName) to organize the agents within Huntress--the groupName is used for the Huntress Organization name. Since the Kaseya groupName includes the organization (e.g., group.organization), you might end up with Huntress Organization names like west.company and east.company.
Here are 3 potential fixes:
- OPTION 1 (quickest): You can change the organization display name in Huntress platform and the script will continue to use the same organization key.
-
OPTION 2 (most robust): The deployment script will split Sub-MachineGroups into separate Huntress Organizations. Some minor modifications can make the script slightly easier to deal with if you want all clients in a Kaseya organization in the same organization in Huntress.
From the Kaseya editor, insert a new line into line 9 and modify line 10:
executeShellCommandToVariable("echo "#vAgentConfiguration.groupName#" | rev | cut -d "." -f 1 | rev", "SYSTEM", true, "Mac OS X", "Halt on Fail")
executeShellCommand("/bin/bash ./#workdir#/HuntressInstall.sh -a <HUNTRESS_ACCT_KEY> -o #global:cmdresults#", "Execute as System and Wait", "Mac OS X", "Halt on Fail")
-
OPTION 3: Create a variable for HUNTRESS_ORG_KEY in each organization that contains the name you'd like to use. Edit line 9 of the deployment script to assign the key:
-o <HUNTRESS_ORG_KEY>
Deploy the Procedure
You're ready to deploy!
Congratulations, your Huntress Agent Deployment Procedure is ready to use. Schedule it to run and watch your agents show up within the Huntress Dashboard.
Note: Depending on VSA configuration, you may need to approve the script before running it.
Troubleshooting
If you don't see the endpoints you expected, we've also provided several ways to check from the Huntress platform.
You can also do some verification from Kaseya.
Kaseya VSA has detailed agent logs to troubleshoot deployments. If your deployment doesn't appear to be working properly, review these logs and have them available for Huntress support to assist with troubleshooting.
- Log in to Kaseya, and go to Agent > Agent Logs.
- Select the target agent.
. - From the Agent Admins Logs tab, select Procedure History.
- Review the log for clues as to why the deployment didn't go as expected. If requested, provide these logs to Huntress Support.
Need something else?
If you need any assistance from Huntress or notice a missing step, contact us at support@huntress.io.