Avoid orphaning agents and appliances

An orphaned agent or appliance is an asset that can no longer protect or be protected because critical configuration variables are missing. An orphaned agent or appliance often manifests after a user deletes a network, subnet, or deployment. This is also difficult to self-diagnose because these assets are not visible in the asset model due to this condition. Alert Logic will contact you if there are orphaned agents detected in your environment.

Possible solutions

The following are common scenarios and solutions that can help address orphaned assets if you suspect you may have them in your environment. Alert Logic can assist you with several actions if you have orphaned agents and appliances.

Non-Environment Specific

If the agent is outdated, you cannot reclaim the agent, and must reinstall the agent. Refer to the following documentation:

Orphaned agents for Azure or AWS deployments

If you deleted the deployment, you must create a new deployment with proper credentials for that AWS account or Azure subscription. Refer to the documentation below:

You must review and fix your credentials. Refer to the documentation below:

Refer to AWS Deployment Configuration—Manual Mode (Professional Subscription) to install a new AWS appliance in place of your previous one.

Your Customer Success Manager will provide the hostname of the appliance you need to replace.

Refer to Microsoft Azure Deployment Configuration (Professional Subscription) to install a new Azure appliance in place of your previous one.

Your Customer Success Manager will provide the hostname of the appliance you need to replace.

Orphaned agents for Data Center deployments

You must create a network CIDR in one of the Data Center deployments by following the instructions Add assets section.

To create a new Data Center deployment, refer to Data Center Deployment Configuration (Professional Subscription).

When installing Alert Logic Agents to new hosts in the environment, you must use the associated network Unique Registration Key. If you have migrated to MDR from the older Cloud Defender platform, this replaces the legacy claim key that you used previously. You can find the correct claim key in the Alert Logic console by following the steps below:

  1. Click the menu icon () to see the navigation menu.
  2. Click Configuration, and then click Deployments.
  3. Click on the deployment you wish to claim the orphan agents to.
  4. Click on Installation Instructions.
  5. One or more Unique Registration Keys will be presented. You need to update the legacy claim key with the appropriate new Unique Registration Key.

To update to a new Unique Registration Key

For Scripted methods in Linux, update the script with your Unique Registration Key as instructed in step 5 of the Install the agent documentation.

For scripted methods in Windows, update the value “prov_key” with your Unique Registration Key.

For base image, uninstall and reinstall the agent using the new claim key using your Unique Registration Key.

When a network is not found, you must create a CIDR in your Data Center deployment.

If you already have a Data Center deployment you can add a network CIDR to that network by following the instructions Add assets section.

To create a new Data Center deployment, refer to Data Center Deployment Configuration (Professional Subscription).

When there are multiple CIDR intersections, an Alert Logic team member will contact you about the issue and will work internally to resolve it.

Refer to Install and Configure the Virtual Appliance to install a new appliance in place of your previous one.

Your Customer Success Manager will provide the hostname of the appliance you need to replace.