Skip to main content

Agent Access Tokens

To connect to the Lacework application, Lacework agents require an agent access token. Lacework also provides scripts and configuration files to facilitate deployment, which includes the token.

Agent Access Tokens

You can generate new agent tokens and deactivate existing tokens. All Lacework agents using a deactivated token can not communicate with Lacework and must be updated with an active token.

note

You can use the agent access token name to logically separate your deployments, for example, by environment types (e.g., QA or Dev) or system types (e.g., CentOS or RHEL).

  1. Log in to the Lacework Console as a user with administrative privileges.
  2. Go to Settings > Configuration > Agent Tokens.
  3. Click + Add New.
  4. Enter a unique name for the agent token.
  5. Enter a description.
  6. Select the operating system:
    • Select Linux if you want to use the token to install the Lacework Linux agent.
    • Select Windows if you want to use the token to install the Lacework Windows agent.
  7. Click Save.

Treat agent access tokens as secrets; do not publish them. A token uniquely identifies a Lacework customer. If you suspect your agent access token has been publicly exposed or compromised, generate a new token from the Lacework Console. You can either add the new token to the config.json file or reinstall the agent on all machines that use the old token. When complete, the old token can safely be disabled without interrupting Lacework services.

You can optionally create an agent token programmatically. For more information, see the Token API. To access the Lacework API, see Lacework API.

Install the Lacework Agent

Lacework automatically generates an agent token for your account. You can use the same token for all agents. You can also add new tokens as described in Agent Access Tokens.

Lacework-provided scripts and configuration files are token-specific and are listed in the Install options for each agent token.

  1. Click the desired installation method.
  2. Either download the token-specific script or copy the URL to use later.
  3. Click Save.