AgileSec On-Prem Validation Checklist

Follow this guide to validate AgileSec installations and upgrades.

Overview

This guide is intended to validate all core functions are working in new AgileSec installations or upgrades. Each section contains a summary table of validation subject and the appropriate validation test. Each section also includes instructions to validate AgileSec functionality.

Use the following guidance to ensure the AgileSec platform is running as expected post-install or post-upgrade.


Services Validation

Validate all services are running.

Validation

Validation Test

Validate the following produce expected results with no errors

All Services are Running

Check Services are running on all Linux nodes or Kubernetes pods.

Validate Service Statuses

  1. For Linux installations, on each node, check if all services are running.

    cd $agilesec_install_dir
    ./scripts/manage.sh status
    
  2. For Kubernetes installations, check if all application Kubernetes pods are running.

    kubectl get po -A | grep -e 'isg-' -e 'mongo' -e 'opensearch' -e 'kafka'| grep -v 'Completed'
    

AgileSec Portal: Access, Dashboards, UI Validation

Validate AgileSec access and UI are working as expected.

Validation

Validation Test

Validate the following produce expected results with no errors

Access - Basic


Login to AgileSec portal with basic username and password.

Access - SSO

Login to AgileSec portal with SSO.

Access - Dashboards

Access OpenSearch Advanced Dashboards with no permission errors popups

Confirm expected data appears based on scan history.

Platform Version

Check the UI states the correct AgileSec version in the bottom left.

Validate Access and UI

  1. Confirm the AgileSec Portal is accessible without certificate warnings.

  2. Confirm you can log in to the AgileSec Portal with basic and/or SSO login.

  3. Check the version in the bottom left of the UI is correct.

  4. Check if dashboards have expected data.

  5. Verify OpenSearch dashboards are accessible by navigating to Advanced Dashboard.

    1. Confirm no permission issues pop up.

    2. For upgrades, confirm previous scan data shows in dashboards.

    3. For new installations, after running a scan and policies run, confirm scan data appears in dashboards.


Scan Executions and Policies Validation

Run the following validation tests for all new installs and upgrades.

Validation

Validation Test

Validate the following produce expected results with no errors

Kubernetes Installations only: Tenants

Log in as a tenant organization and run a successful remote scan execution.

Remote Sensor Download

Download remote sensor package from the AgileSec Platform UI.

Generate Remote Access Token

Generate a new AgileSec Remote Access Token and execute a remote scan with it.

Remote Scan Execution


Run a successful Remote Host Scan with the new Remote Access Token.

Platform Scan Execution

Run a successful Platform Network Scan.

Sensor Scan Status and Findings

After scan completes, check for successful Sensor Execution status.

After scan completes, check for scan results.

Policy Execution and Findings Scoring

After scan completes and policies run, check for successful Policy Execution status.

After policies run, check scoring on scan results change from pending to scores per configured policies.

Post-scan Process Execution

After scan, policies, and post-scan processes complete, check for successful Process Execution status.

Highly Recommended: Ideally, validate successful scan executions for all Sensors and Connectors your organization intends to use.

Validate Remote Execution: Host Scan

Execute a host scan from a remote server, including verifying successful Remote Sensor downloads and generating a functioning access token.

Note: For Kubernetes, if using multiple tenants, validate remote host scan executions from a tenant organization.

  1. In the AgileSec Platform UI, navigate to Sensors -> Remote Scan.

  2. Download the appropriate OS’s Remote Sensor.

  3. Ensure you can generate AgileSec remote sensor tokens. On the Download Remote Sensor screen, generate a new token. Save the new token securely.

  4. Ensure Host Scans are functioning correctly with new token:

    1. Unzip the Remote Sensor download on the machine to run the remote host scan.

    2. Update the token in the Host Scan configuration file to the new token.

      1. Either modify a previous host scan file with the new token or update the provided example configuration file config/isg_sensor.yml. See Remote Sensor README for more details.

    3. Execute the Host Sensor Scan.

      #Linux Host Sensor execution example
      ./unified_sensor_linux --config <config-file>
      
  5. In the AgileSec Platform UI, navigate to Scan->History and ensure the Host Scan shows up.

  6. After the scan finishes, navigate to the Host Scan and confirm the Findings tab has Scan results.

  7. Wait for policies to run and scores to change from Pending to a Score based on your configured policies.

    1. Policy execution can take up to 45 seconds. Until policies run, all findings will show a Pending status instead of a Score under the Findings tab.

  8. On the Scan Information tab, ensure Sensor Execution, Policy Execution, and Process Execution Statuses are Successful.

  9. After policies successfully complete, verify scan results appear on Analysis->Overview dashboard.

Validate Platform Execution: Network Scan

Execute a network scan via the platform.

  1. In the AgileSec Platform UI, go to Sensors -> Network Scan.

  2. On the network scan page, enter an HTTPS URL to scan (for example: https://www.google.com), then click Scan to start the scan.

  3. In the AgileSec Platform UI, navigate to Scan->History and ensure the scan shows up.

  4. After the scan finishes, navigate to Scan->History, click on the Network scan, and confirm the Findings tab has Scan results.

  5. Wait for policies to run and scores to change from Pending to a Score based on your policies.

    1. Policy execution can take up to 45 seconds. Until policies run, all findings will show a Pending status instead of a Score under the Findings tab.

  6. On the Scan Information tab, ensure Sensor Execution, Policy Execution, and Process Execution Statuses are Successful.

  7. After policies successfully complete, verify scan results appear on Analysis->Overview dashboard.


Optional Scan Executions Validation

Validate API and CrowdStrike Workflow scan executions if you intend to use them.

Validation

Validation Test

Validate the following produce expected results with no errors

Generate new API token

Generate a new API token and run an API scan with it.

API Scan Execution

Run a successful Sensor or Connector API Scan with the new API token.


Generate new EDR ID for CrowdStrike Workflow scan executions

Generate a new EDR ID and execute a CrowdStrike Workflow scan with it.

CrowdStrike Workflow Scan Execution

Run a successful remote scan via CrowdStrike Workflow.

Validate API Execution: Connector or Sensor Scan

If applicable to your use cases, execute a sensor or connector scan via REST API calls with a newly generated API token.

  1. Choose any applicable Modules or Connectors which support API scan executions.

  2. Follow Sensor or Connector guide instructions to execute a scan via API, including generating a new API token to use for the new scan.

  3. In the AgileSec Platform UI, navigate to Scan->History and ensure the scan shows up.

  4. After the scan finishes, navigate to the scan and confirm the Findings tab has Scan results.

  5. Wait for policies to run and scores to change from Pending to a Score based on your configured policies.

    1. Policy execution can take up to 45 seconds. Until policies run, all findings will show a Pending status instead of a Score under the Findings tab.

  6. On the Scan Information tab, ensure Sensor Execution, Policy Execution, and Process Execution Statuses are Successful.

  7. After policies successfully complete, verify scan results appear on Analysis->Overview dashboard.

Validate CrowdStrike Workflow Scan Execution

If applicable to your use cases, test scan execution via CrowdStrike Workflow. If EDR ID option is available for your release, test the workflow with a newly generated EDR ID. See the CrowdStrike Host Scan Guide.

  1. If available, generate a new EDR ID.

  2. If available, use the new EDR ID in CrowdStrike Workflow to execute scans.

  3. In the AgileSec Web UI, navigate to Scan->History and ensure the scan shows up.

  4. Ensure Sensor Execution, Policy Execution, and Process Execution Statuses are Successful.

  5. After policies successfully complete, verify scan results appear on Analysis->Overview dashboard.


Optional Search API Validation

If applicable to your use cases, after performing a scan, validate the Search API returns expected results from an Search API query.

Validation

Validation Test

Validate the following produce expected results with no errors

Query Search API

After at least one scan is complete, submit a successful API Search query to the AgileSec platform.

Validate Search API

Follow instructions and examples in Search API to perform the following:

  1. Ensure at least one successful scan has run and there are scan results to query in your AgileSec platform.

  2. Configure acceptable API authentication.

  3. Send a Search query to the AgileSec platform.

  4. Validate query is successful and results are as expected.


Optional High Availability Linux Configuration Validation

For new HA Linux installations, validate the HA configuration is functioning as expected.

Validation

Validation Test

Validate the following produce expected results with no errors

High Availability (HA) Linux cluster continues functioning during single node outage

Shut down one node, then execute a successful scan. Repeat for each node.

Note: Load balancers are recommended to ensure true high availability.

Validate High Availability Linux Configuration

For a HA cluster with 2+ frontend nodes, ensure you can lose any single node (frontend or backend) without service interruption. For each node:

  1. Stop the node services:

    cd $agilesec_install_dir
    ./scripts/manage.sh stop
    
  2. Run a network scan from AgileSec Web UI (Sensors → Network Scan).

  3. The scan should complete successfully, confirming the cluster remains operational with a single node failure.

  4. Restart the node:

    cd $agilesec_install_dir
    ./scripts/manage.sh start
    
  5. Repeat with each frontend and backend node.

Note: If this validation fails, ensure the load balancer is configured correctly. If the HA configuration does not have a load balancer, ensure the external FQDN DNS handling is correct.