Team: Huntress Managed Endpoint Detection and Response
Product: Addigy
Environment: macOS
Summary: Automated Huntress Agent deployment with Addigy using a mobileconfig file and an installation script.
It is imperative that the mobileconfig file be successfully applied to the macOS endpoint(s) before pushing the installation script.
It is recommended that you test this deployment method with a small subset of devices before pushing it to production.
This article guides you through deploying the Huntress Agent to endpoints using the Huntress mobileconfig and Addigy's Smart Software. This combination enables seamless deployment, streamlining the process of getting the Huntress Agent onto your devices. For comprehensive details on Addigy's policies and Smart Software, please consult the official Addigy documentation. We are not able to offer comprehensive support for Addigy.
Getting Started
- Download our mobileconfig file by right-clicking the provided hyperlink > Save link as... > Save
- Download the Huntress Agent for macOS Installer from within your Huntress Dashboard
Installing the mobileconfig file
The mobileconfig profile must be successfully deployed to the endpoint(s) before installing the Huntress Agent.
The mobileconfig profile allows for a silent installation of the Huntress Agent on your macOS endpoints by bundling the necessary permissions required for Huntress to run before you deploy. When the mobileconfig is applied correctly, the Huntress Agent installation will be invisible to the end user.
Create the Huntress MDM Profile:
- Navigate to Catalog > MDM Profiles > New > Custom Profile (top right)
- Select the Huntress mobileconfig file you downloaded
- Confirm the Profile Name is Huntress Agent with System Extension v3, and it includes 4 payloads before clicking "Create Profile"
- Select the Huntress mobileconfig file you downloaded
Create New Huntress Install Policy:
- Navigate to Policies > New Policy
- Provide a descriptive policy name
- Leave the "Parent Policy" blank
- Save
- Leave the "Parent Policy" blank
- Provide a descriptive policy name
Assign the Huntress MDM Profile to your Huntress Install Policy:
- Navigate to your newly created Huntress Policy > Policies
- Assets > Profiles
- Locate the Huntress Agent with System Extension v3 Profile
- Select the Profile
- Add to Policy
- Select the Profile
- Locate the Huntress Agent with System Extension v3 Profile
- Assets > Profiles
Once you have confirmed the Huntress Agent with System Extension v3 profile has been added to your policy, click the "Deploy Now" button (top right) to force the profile deployment. Policies automatically deploy every 30 minutes, but nobody has time for that.
To confirm the Huntress mobileconfig profile has been applied to the endpoint(s), view one of the devices within your Addigy Dashboard > Select the Profiles tab > Installed Profiles > "Huntress Agent with System Extension v3" should be included in the list.
Installing the Huntress Agent:
Now that the Huntress mobileconfig profile has been applied to your endpoint(s), it is safe to install the Huntress Agent. To do so, we will utilize Addigy's Smart Software capabilities.
Download the macOS Huntress Installation Package:
- Navigate to your Huntress Dashboard
- Hamburger menu in top right corner > Download Agent
- Manual Install > View Installation Guides > macOS tab > Huntress Agent for macOS
- Hamburger menu in top right corner > Download Agent
Create Smart Software for Huntress Installation:
- Within your Huntress Policy, navigate to Assets > Software
- Smart Software tab > New
- Provide a descriptive Smart Software name
- Select the Huntress Agent for macOS Installer (.pkg) that you downloaded earlier
- Navigate to the Huntress Addigy Bash Installation Script
- Copy all the script text > Paste into the Installation Command section
Your New Smart Software section should now look like this:
- Within the Installation Command section, scroll down to line 47 and replace __ACCOUNT_KEY__ with your Account Key found within the Huntress Dashboard
- Scroll to line 51 to add your defaultOrgKey
- If you do not wish to use dynamic Organization Names, skip to the Set Conditions section; otherwise, see the paragraph below for information on dynamic Organization Name options
- Scroll to line 51 to add your defaultOrgKey
To dynamically use the top-level Policy name as the Organization Name (defaultOrgKey) for each agent installation, comment out line 51 and uncomment lines 68-69.
- This will pull in the
$POLICY_PATHenvironment variable and extract just the top-level policy name
Example:
If your Policy hierarchy looks like this:
The above script will use "First Tier Top Level Policy" as the Organization Name with "first-tier-top-level-policy" as the Organization Key.
-
To update this script to dynamically use the Second Tier Policy, update the end of Line 68 so that it uses
{print $2}so that it now looks like this:topLevelPolicy=$(echo ${POLICY_PATH} | awk -F ' \\| ' '{print $2}') - For the Third Tier Policy, update the line to say
{print $3}, etc- NOTE: This will only work as part of normal scheduled deployments. It will not work when deploying from GoLive or Self-Service
Set Conditions:
- Select the "If file does not exist" option and add:
/Applications/Huntress.app
With the above condition, Addigy will check to see if the Huntress.app already exists, and install the Huntress Application if it does not exist.
- Also, select the "If profile exists" option and choose:
Huntress Agent with System Extension v3
This will ensure the Huntress Application is only installed when the Huntress MDM Profile has already been applied to the endpoint.
The Condition for Install section should now look like this:
Removal Command:
If you would like Huntress to be removed when the device is removed from a corresponding policy, then copy and paste this code block into the Removal Command section:
#!/bin/sh
/bin/sh /Applications/Huntress.app/Contents/MacOS/Uninstall
The Removal Command section should look like this:
Save and Add to Your Policy
- Click Save on the bottom right
- Navigate to Policies > (Your relevant policy) > Software
- Under the Smart Software tab, check the box next to your new Smart Software for Huntress
- Click Add/Remove to add this software to your Policy
- Under the Smart Software tab, check the box next to your new Smart Software for Huntress
- Navigate to Policies > (Your relevant policy) > Software
The Smart Software section should now look like this:
- Click Deploy Now at the top of your page
- Celebrate
Viewing the Deployment Status within Addigy
- Select your relevant Huntress Agent Installation policy
- Click the Status button (next to Deploy Now)
- Click Deployment Status
- Check the Software and MDM Profiles tab for more details
- Click Deployment Status
- Click the Status button (next to Deploy Now)
Troubleshooting
The Huntress MDM Profile settings are at the device level. These will always override changes made by the user in the System Settings app. This might result in Full Disk Access (FDA) appearing to be disabled when viewed by the end user, but it's actually enabled due to the device-level settings profile. Do not make changes at the user level.
You can verify communication in several ways.
If you're still stuck, email your HuntressAgent.log file from the affected machine(s) to support@huntress.com and we'll work together to find a solution.
The HuntressAgent.log file can be found within /Library/Application Support/Huntress/HuntressAgent/