D2 Agent

Use a D2 agent to assist you when performing an investigation in the War Room.
Create and install Cortex XSOAR dissoluble agents (D2 agents) on machines that are under investigation to unobtrusively perform forensic tasks on those machines. After the agents complete the forensic tasks, they dissolve leaving no trace. D2 agents are designed to assist you when performing an investigation in the War Room and for a specific incident only.
If you want to create agents for more than one incident, create a shared agent
D2 Agents enable you to do the following:
  • Create and Install a D2 Agent, using the CLI. You can install remotely or manually.
  • Perform tasks from the Cortex XSOAR CLI as if you were using the target machine.
  • Run pre-defined D2 agent automation scripts.
  • Create and configure automation scripts using Agent Tools.
  • Run existing D2 agent forensic tools (agent tools) as part of a Cortex XSOAR playbook.
  • Kill or assign an expiration date of an agent to dissolve it on the target machine.
D2 Agents are usually installed on Windows, as UNIX systems have different solutions, such as SSH. If you cannot access a target machine, you might need to set up a Cortex XSOAR engine before you can install and run agents on that machine.

