Use a D2 agent to assist you when performing an investigation
in the War Room. Cortex XSOAR
Create and install Cortex XSOAR dissoluble
agents (D2 agents) on machines that are under investigation to unobtrusively
perform forensic tasks on those machines. After the agents complete
the forensic tasks, they dissolve leaving no trace. D2 agents are
designed to assist you when performing an investigation in the War
Room and for a specific incident only.
If you want to create agents for more than
one incident, create a shared agent.
D2 Agents enable you to do the following:
Create and install D2
agents, using the CLI. You can install remotely or manually.
Perform tasks from the Cortex XSOAR CLI as if you were using
the target machine.
Run pre-defined D2 agent automation scripts.
Create and configure automation scripts using Agent Tools.
Run existing D2 agent forensic tools (agent tools) as part
of a Cortex XSOAR playbook.
Kill or assign an expiration date of an agent to dissolve
it on the target machine.
D2 Agents are usually used on Windows, as UNIX systems
have different solutions, such as SSH. If you cannot access a target
machine, you might need to set up a Cortex XSOAR engine before you
can install and run agents on that machine.