The Photon Agent Sensor for Windows implements a special Starlight Data Sensor that runs as a Windows service in a compatible windows system. This software observes events within the Windows system in which it is hosted and sends Interflow data records to the data processor.

The events that can be captured include:

  • Hardware events
  • Security events
  • System events
  • Windows Firewall events
  • Windows Defender events
  • PowerShell events

Supported Systems

The supported versions of Windows include:

  • Windows 7
  • Windows 10
  • Windows Server 2008 and later.

The Agent sensor is available in both 32-bit and 64-bit architectures.

Obtaining the Driver

The Agent Sensor is distributed as an MSI file. There are two methods for acquiring the software install package. The same software is delivered.

From Production Web Server

The software can be downloaded from the production server directly by using one of the following URLs.

For 64-bit version of Windows:
https://acps.stellarcyber.ai/release/latest/datasensor/windows-x64.msi

https://acps.stellarcyber.ai/release/latest/datasensor/windows-x64.msi.sha1
For 32-bit version of Windows:
https://acps.stellarcyber.ai/release/latest/datasensor/windows-x86.msi

https://acps.stellarcyber.ai/release/latestdatasensor/windows-x86.msi.sha1

For authentication to download, the user name is and the password are in your email.

The Chrome browser can be used to download the image as shown in the image to the right. Once the URL and credentials are added the file will be transferred to the local “Downloads” folder.

Installation

Once the MSI file is obtained on the local system, it may be run by various methods including directly from the Chrome browser. The image to the right shows how the file appears in the lower bar of the browser with a menu option to open.

Alternatively the file may be invoked from the File Manager by double-clicking it or from the PowerShell with the msiexec command. Depending on the version of Windows and its current security options, you may see a dialog box similar to the following:

Once authorized, the installer will show progress in a dialog box such as the following:

Once the process is complete the sensor will be installed as a service. To verify installation the Windows Services program can be run from the Administrative menu. If the Windows Agent Sensor is installed it will appear as a service as shown in the following image:

Configuring Sensor

After installation the Agent Sensor needs to be configured with the IP address of the CM (Data Processor).

To run the Agent’s CLI find the menu item Windows Agent Sensor Cli in the Windows Start Menu. If it does not appear at first used the find function. It will appear in a folder as it is shown in the image to the right.

When it is invoked it will bring up a CLI window that will accept sensor commands. Enter the show version command to verify the functioning of the sensor. It will appear as in the following image.

The following steps will complete the configuration:

  1. Enter the set cm Express.StellarCyber.ai command to set the address of the CM (data processor).
  2. Verify the data entry with the show version command.
  3. Enter the quit command to terminate the CLI.

Congratulations!

Please email us at express@stellarcyber.ai to get the credentials for the portal.