Team: Huntress EDR
Product: Addigy (Script)
Environment: MacOS
Summary:Huntress Agent deployment via Addigy (Script) RMM
Addigy allows you to create Smart Software to deploy third-party software. This document provides instructions for adding Smart Software for Huntress to your Policies to deploy the Huntress Agent to your customers' computers. We are not able to offer comprehensive support for Addigy; please refer to the Addigy documentation for full details regarding the usage of Addigy policies and Smart Software.
If you have feedback or questions about this deployment, please reach out to support@huntress.com.
- Retrieve Your Huntress Account and Organization Keys
- Configure and Deploy the MDM policy
- Create Smart Software for Huntress
- Troubleshooting
Retrieve Your Huntress Account and Organization Keys
- Log in to Huntress and go to the Agent Setup page.
- On the Huntress Agent Setup page, copy your account key and organization key; you will need this later in the deployment process.
Configure and Deploy the MDM Policy
You can use the Huntress MDM mobileconfig file or you can manually configure your MDM policy. You'll need this policy deployed to your endpoints before you create the Smart Software entry.
This provides the approval and Full Disk Access needed for the Huntress system extension and network content filter.
Create Smart Software for Huntress
The Addigy Smart Software process has three parts:
Then finish the process by adding it to your policy.
Add the Huntress script
- First, add and customize the Huntress Installation Script for Addigy.
- Click the Raw button in the upper right, above the script.
- In Addigy, create a new Smart Software item.
- Add initial details for your Huntress Smart Software and scroll down to </>InstallationScript.
- Paste the Huntress script into the </>InstallationScript section of your Addigy Smart Software window.
- Scroll down to line 47 and replace
__ACCOUNT_KEY__
with the Account Key that you copied earlier on this page. - If you have a preferred Organization, go to line 51 and replace
__ORGANIZATION_KEY__
. After you have added your Account and Organization Keys, it should look like this. -
To install the Agent script and the Huntress system extension together, on line 57 change
install_system_extension=false
toinstall_system_extension=true
The endpoint must have the correct policies in place for the system extension to install automatically without prompting the user for permission.
After you have configured the user-modified variables, it should look like this:
- In most Addigy multi-tenant setups, each client has a top-level Policy representing the client name.
- If you would like to dynamically use the top-level Policy name as the Organization Name for each agent installation, comment out line 51 and uncomment lines 68-69. This will pull in the
$POLICY_PATH
environment variable and extract just the top-level policy name. - For example, if your Policy hierarchy looks like this: then the above script will use "First Tier Top Level Policy" as the Organization Name with "first-tier-top-level-policy" as the Organization Key.
- To update this script to dynamically use the Second Tier Policy, update the end of Line 68 so that it uses
{print $2}
so that it now look like this:topLevelPolicy=$(echo ${POLICY_PATH} | awk -F ' \\| ' '{print $2}')
- For Third Tier, update the line to say
{print $3}
, etc.NOTE: This will only work as part of normal scheduled deployments. It will not work when deploying from GoLive or Self-Service.
- If you would like to dynamically use the top-level Policy name as the Organization Name for each agent installation, comment out line 51 and uncomment lines 68-69. This will pull in the
Set Conditions
A Condition Script is available if you want Addigy to check if Huntress is already an installed application, and install it if it is not found on the machine.
- Under Conditions, select Check for a path.
- Set Failure if the following exists:
- In Path to file or folder input
/Applications/Huntress.app
- Click on Add to script. This action automatically adds your condition script to your Smart Software.
- Make sure to check Install on success.
- When installation script is skipped, report as: Finished. Here is an example of the generated code for the Condition Script:
if [ -e "/Applications/Huntress.app" ]; then
echo " /Applications/Huntress.app File exists "
exit 1
else
echo "/Applications/Huntress.app File does not exist"
exit 0
fi
Configure Removal Options
Additionally, for Removal Steps, if you would like Huntress to be removed when the device is removed from a corresponding policy, then copy and paste this code block into the Remove Script section:
#!/bin/sh
/bin/sh /Applications/Huntress.app/Contents/MacOS/Uninstall
Finish and Add to Your Policy
- Click Save and Review on the bottom right.
- Navigate to Policies > (Your relevant policy) > Software. Under the Smart Software tab, click the box next to your new Smart Software for Huntress. Click Add/Remove to add this software to your Policy.
Troubleshooting
These MDM profile settings in the policy are at the device level and always override changes made by the user in the System Settings app. This might result in FDA appearing to be disabled when viewed by the end user but actually enabled due to the device-level settings profile. Do not make changes at the user level.
You can verify communication in several ways.
If you see a successfully installed message like the example below, and you still don't see the agent in your portal make sure you're searching from your Account-level dashboard, not your Org-level dashboard.
If you're still stuck; email your Huntress log files from the affected machine's /tmp/
and /Library/Application Support/Huntress/HuntressAgent/
directories to support@huntress.io
Comments
0 comments
Please sign in to leave a comment.