Last update:
Last verified version: AMC 3.2.1
Issue
In some edge cases within restricted endpoint configurations, you can encounter a problem which causes some agents to send a lot of asset requests. This is mostly caused by hardened systems, where the ASGARD Agent is not able to write to its own configuration file. One example is SELinux prohibiting write access to the needed YAML file.
Solution
The asgard-agent process needs write access to the configuration file.
Make sure the following condition is present to avoid multiple asset requests from the same endpoint:
-
Process: /var/lib/asgard2-agent/asgard2-agent
-
File: /var/lib/asgard2-agent/asgard2-agent.yaml
-
Permission: Read/Write
Make sure to disable "Automatically accept all Asset Requests" in the "Advanced Settings" Settings in the meantime, to avoid cleaning up after the changes to the endpoints have been made.
Related Content
- THOR in Lab-Mode does not scan network or external drives
- THOR Scan Error: No rules with DEEPSCAN tag found
- Troubleshooting Cockpit Login Error and MySQL Connection Issues
- GRPC Connectivity Issues: Understanding TLS Inspection Errors and Solutions
- Resolving Elasticsearch Data Acceptance Issues Due to Disk Watermark Limit