Sicura Agent
  1. Introduction
  2. Installation
  3. Upgrade
  4. Commands
  5. Configuration

The Sicura Agent Configuration File

Once your copy of Sicura Agent has been installed certain options can be set inside the sicura-agent.yaml file.

NOTE: This file is not generated during install time and requires you run the sicura-agent at least once to be generated.

The config file can be found here:

Linux: /etc/sicura/sicura-agent.yaml

Windows: C:\Program Files\Sicura\Sicura Agent\sicura-agent.yaml

The Sicura Agent config file has four sections. Each section has a set of options which, by default, are disabled (commented out). To enable an option, remove the comment # and enter in the relavent information for that option.


NOTE: Options within this section control the agent’s functionality system-wide.


By selecting log-level you will be able to control what information is output by the agent to stdout and stderr. The levels can be lowered or raised seven values for troubleshooting: trace, debug, info, warn, error, fatal, and panic. The default is info.


This true/false option allows you to choose if you want output from the scanner to go to a file in addition to the terminal’s stdout/stderr. This is ideal for archiving situations. The default destination for this file is STATE_DIRECTORY/sicura-agent.log


This is a custom-defined path where the log file will be saved. This will allow you to override the default log location.


The Sicura Agent will error and fail when trying to pull Sicura_Default_Content*** from the console if you are using an unsupported platform. If force_scan is set to true, this error will become a warning and continue running.

NOTE: Use this option at your own risk! Using an unsupported platform may cause undesired results for both the agent and the console.


When running sicura-agent or running the Sicura Agent as a service, the process will occasionally reconnect to its collector(s). The collector-request-interval option allows you to adjust the wait period between connections. The default is set to 2 seconds.


In some cases when doing CIS scans, a result-set may come back with all ‘Not Applicable’. If this is the case, this option can be set true to attempt a CPE agnostic scan.


Defines the information needed for the Agent to make a connection to connect to the Sicura Console.


(true) whether a secure protocol should be used when accessing the console collector.


The hostname that connections should be made to. Overrides the default of the sicura-console-collector well known DNS entry.


(6468) The port on which the Sicura Console is running and accepting connections.


Any output from the Agent is considered a “Report”. By default, reports are sent to the Sicura Console collector for further evaluation and displayed in the Console UI. If desired, they can be kept on the local system.


save-reports This true/false settings will allow you to save the reports for each job. If true, reports save to STATE_DIRECTORY/reports by default. report-path Allows you to override the default path for reports.