Does anybody have a way to look for Rapid 7 and it's version? it doesn't seem to put anything in the /Applications folder.
Solved
EA for Rapid 7?
+23Best answer by mm2270
I would probably do this
grep "Agent Info" /opt/rapid7/ir_agent/components/insight_agent/common/agent.log | tail -n1 | tr ' ' '
' | awk '/Version:/{getline; print}'That should print out just 1.4.84 based on your example above. But you'll need to test it to see of course.
+23this is how the rapid7 doc says to check the version number... what would be the easiest way to grab just the portion after "Version:"
Check the version number
sudo grep "Agent Info" /opt/rapid7/ir_agent/components/insight_agent/common/agent.log | tail -n1The output should appear in the following form:
2018-03-20 18:03:02,434 [INFO] agent.agent_beacon: Agent Info -- ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Version: 1.4.84 (1519676870)
+24I would probably do this
grep "Agent Info" /opt/rapid7/ir_agent/components/insight_agent/common/agent.log | tail -n1 | tr ' ' '
' | awk '/Version:/{getline; print}'That should print out just 1.4.84 based on your example above. But you'll need to test it to see of course.
+6I tried using this in EA and it doesn't seems to work but it works if i ran as a policy or root user in terminal. any idea what i'm doing wrong?
+3#!/bin/sh
echo "<result>`grep "Agent Info" /opt/rapid7/ir_agent/components/insight_agent/common/agent.log | tail -n1 | tr ' ' '
' | awk '/Version:/{getline; print}'`</result>"
+9I have a few EAs for Rapid 7 I've put together, including my take on the client version. Hopefully they are helpful.
Rapid7 Insight IRD ClientID
#!/bin/sh
# Report the version of the Rapid7 Agent if installed
# ClientIDs can be found in https://insight.rapid7.com/platform#/datacollection
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
clientID=$(grep -Eio '"Client-ID":.*?[^\\]"' /opt/rapid7/ir_agent/components/bootstrap/common/bootstrap.cfg | awk -F'[/:]' '{print $2}' | sed -e 's/[{"]/''/g')
else
clientID="Agent Not Installed"
fi
# Report the result to the JSS.
echo "<result>$clientID</result>"Rapid7 Insight IRD Bootstrap Component Version
#!/bin/bash
# Report the version of the Rapid7 Bootstrap Component if installed
# From Rapid7 Support:
# The agent has a bootstrap component that is running 1.2.x and this is the command and control for the agent,
# it stops and starts the agent as well as updates it. The agent itself is the 2.7.x version, which is updated
# more regularly for things like bug fixes and content patches and general improvements.
# The bootstrap gets updated too but not as often.
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
versionCheck=$(/opt/rapid7/ir_agent/ir_agent -version | awk '/SemanticVersion/ {print $2}' | sed s/"//g)
else
versionCheck="Bootstrap Component Not Installed"
fi
# Report the result to the JSS.
echo "<result>$versionCheck</result>"Rapid7 Insight IRD Agent Version
#!/bin/bash
# Report the version of the Rapid7 Agent if installed
# From Rapid7 Support:
# The agent has a bootstrap component that is running 1.2.x and this is the command and control for the agent,
# it stops and starts the agent as well as updates it. The agent itself is the 2.7.x version, which is updated
# more regularly for things like bug fixes and content patches and general improvements.
# The bootstrap gets updated too but not as often.
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
versionCheck=$(/opt/rapid7/ir_agent/components/insight_agent/insight_agent --version | awk '/Semantic/ {print $3}')
else
versionCheck="Agent Not Installed"
fi
# Report the result to the JSS.
echo "<result>$versionCheck</result>"Rapid7 Asset Info Last Collection Time
#!/bin/sh
# Report the value of the Rapid7 Agent's "asset_info_last_collection_time", which seems like a good proxy for client-to-server heartbeat
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
lastCollected=$(date -r $(cat /opt/rapid7/ir_agent/components/insight_agent/common/config/agent.jobs.tem_realtime.json | awk '/asset_info_last_collection_time/ {print$2}' | sed s/,//g))
else
lastCollected="Agent Not Installed"
fi
# Report the result to the JSS.
echo "<result>$lastCollected</result>"Rapid7 Remote Execution Last Collection Time
#!/bin/sh
# Report the value of the Rapid7 Agent's "remote_execution_last_collection_time", which seems like a good proxy for when the client last checked for agent or metadata updates from Rapid7
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
lastExecuted=$(date -r $(cat /opt/rapid7/ir_agent/components/insight_agent/common/config/agent.jobs.tem_realtime.json | awk '/remote_execution_last_collection_time/ {print$2}' | sed s/,//g))
else
lastExecuted="Agent Not Installed"
fi
# Report the result to the JSS.
echo "<result>$lastExecuted</result>"jkb
+1I have a few EAs for Rapid 7 I've put together, including my take on the client version. Hopefully they are helpful.
Rapid7 Insight IRD ClientID
#!/bin/sh
# Report the version of the Rapid7 Agent if installed
# ClientIDs can be found in https://insight.rapid7.com/platform#/datacollection
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
clientID=$(grep -Eio '"Client-ID":.*?[^\\]"' /opt/rapid7/ir_agent/components/bootstrap/common/bootstrap.cfg | awk -F'[/:]' '{print $2}' | sed -e 's/[{"]/''/g')
else
clientID="Agent Not Installed"
fi
# Report the result to the JSS.
echo "<result>$clientID</result>"Rapid7 Insight IRD Bootstrap Component Version
#!/bin/bash
# Report the version of the Rapid7 Bootstrap Component if installed
# From Rapid7 Support:
# The agent has a bootstrap component that is running 1.2.x and this is the command and control for the agent,
# it stops and starts the agent as well as updates it. The agent itself is the 2.7.x version, which is updated
# more regularly for things like bug fixes and content patches and general improvements.
# The bootstrap gets updated too but not as often.
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
versionCheck=$(/opt/rapid7/ir_agent/ir_agent -version | awk '/SemanticVersion/ {print $2}' | sed s/"//g)
else
versionCheck="Bootstrap Component Not Installed"
fi
# Report the result to the JSS.
echo "<result>$versionCheck</result>"Rapid7 Insight IRD Agent Version
#!/bin/bash
# Report the version of the Rapid7 Agent if installed
# From Rapid7 Support:
# The agent has a bootstrap component that is running 1.2.x and this is the command and control for the agent,
# it stops and starts the agent as well as updates it. The agent itself is the 2.7.x version, which is updated
# more regularly for things like bug fixes and content patches and general improvements.
# The bootstrap gets updated too but not as often.
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
versionCheck=$(/opt/rapid7/ir_agent/components/insight_agent/insight_agent --version | awk '/Semantic/ {print $3}')
else
versionCheck="Agent Not Installed"
fi
# Report the result to the JSS.
echo "<result>$versionCheck</result>"Rapid7 Asset Info Last Collection Time
#!/bin/sh
# Report the value of the Rapid7 Agent's "asset_info_last_collection_time", which seems like a good proxy for client-to-server heartbeat
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
lastCollected=$(date -r $(cat /opt/rapid7/ir_agent/components/insight_agent/common/config/agent.jobs.tem_realtime.json | awk '/asset_info_last_collection_time/ {print$2}' | sed s/,//g))
else
lastCollected="Agent Not Installed"
fi
# Report the result to the JSS.
echo "<result>$lastCollected</result>"Rapid7 Remote Execution Last Collection Time
#!/bin/sh
# Report the value of the Rapid7 Agent's "remote_execution_last_collection_time", which seems like a good proxy for when the client last checked for agent or metadata updates from Rapid7
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
lastExecuted=$(date -r $(cat /opt/rapid7/ir_agent/components/insight_agent/common/config/agent.jobs.tem_realtime.json | awk '/remote_execution_last_collection_time/ {print$2}' | sed s/,//g))
else
lastExecuted="Agent Not Installed"
fi
# Report the result to the JSS.
echo "<result>$lastExecuted</result>"jkb
I just stumbled upon your Rapid7 EA's and I had to log in and say thank you. These are amazing!
I have a few EAs for Rapid 7 I've put together, including my take on the client version. Hopefully they are helpful.
Rapid7 Insight IRD ClientID
#!/bin/sh
# Report the version of the Rapid7 Agent if installed
# ClientIDs can be found in https://insight.rapid7.com/platform#/datacollection
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
clientID=$(grep -Eio '"Client-ID":.*?[^\\]"' /opt/rapid7/ir_agent/components/bootstrap/common/bootstrap.cfg | awk -F'[/:]' '{print $2}' | sed -e 's/[{"]/''/g')
else
clientID="Agent Not Installed"
fi
# Report the result to the JSS.
echo "<result>$clientID</result>"Rapid7 Insight IRD Bootstrap Component Version
#!/bin/bash
# Report the version of the Rapid7 Bootstrap Component if installed
# From Rapid7 Support:
# The agent has a bootstrap component that is running 1.2.x and this is the command and control for the agent,
# it stops and starts the agent as well as updates it. The agent itself is the 2.7.x version, which is updated
# more regularly for things like bug fixes and content patches and general improvements.
# The bootstrap gets updated too but not as often.
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
versionCheck=$(/opt/rapid7/ir_agent/ir_agent -version | awk '/SemanticVersion/ {print $2}' | sed s/"//g)
else
versionCheck="Bootstrap Component Not Installed"
fi
# Report the result to the JSS.
echo "<result>$versionCheck</result>"Rapid7 Insight IRD Agent Version
#!/bin/bash
# Report the version of the Rapid7 Agent if installed
# From Rapid7 Support:
# The agent has a bootstrap component that is running 1.2.x and this is the command and control for the agent,
# it stops and starts the agent as well as updates it. The agent itself is the 2.7.x version, which is updated
# more regularly for things like bug fixes and content patches and general improvements.
# The bootstrap gets updated too but not as often.
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
versionCheck=$(/opt/rapid7/ir_agent/components/insight_agent/insight_agent --version | awk '/Semantic/ {print $3}')
else
versionCheck="Agent Not Installed"
fi
# Report the result to the JSS.
echo "<result>$versionCheck</result>"Rapid7 Asset Info Last Collection Time
#!/bin/sh
# Report the value of the Rapid7 Agent's "asset_info_last_collection_time", which seems like a good proxy for client-to-server heartbeat
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
lastCollected=$(date -r $(cat /opt/rapid7/ir_agent/components/insight_agent/common/config/agent.jobs.tem_realtime.json | awk '/asset_info_last_collection_time/ {print$2}' | sed s/,//g))
else
lastCollected="Agent Not Installed"
fi
# Report the result to the JSS.
echo "<result>$lastCollected</result>"Rapid7 Remote Execution Last Collection Time
#!/bin/sh
# Report the value of the Rapid7 Agent's "remote_execution_last_collection_time", which seems like a good proxy for when the client last checked for agent or metadata updates from Rapid7
if [ -e /opt/rapid7/ir_agent/ir_agent ]; then
lastExecuted=$(date -r $(cat /opt/rapid7/ir_agent/components/insight_agent/common/config/agent.jobs.tem_realtime.json | awk '/remote_execution_last_collection_time/ {print$2}' | sed s/,//g))
else
lastExecuted="Agent Not Installed"
fi
# Report the result to the JSS.
echo "<result>$lastExecuted</result>"jkb
Your EA's are great.
Do you know how to add date format string "+%Y-%m-%d %H:%M:%S" to the date command so the date is in a more chronologically sortable string?
+19Old post, sorry. Just got R7 and was looking for EA ideas.
I was able to use a specific binary to get the agent's version (not depend on a log file entry). Example below:
#!/bin/zsh
R7_INSIGHT_AGENT="/opt/rapid7/ir_agent/components/insight_agent/insight_agent"
if [[ -e "${R7_INSIGHT_AGENT}" ]]; then
RESULT=$( ${R7_INSIGHT_AGENT} --version | awk '/Semantic/ {print $3}' )
else
RESULT="Missing"
fi
echo "<result>${RESULT}</result>"
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.