Use a D2 agent to assist you when performing an investigation in the War Room.
Note
As of February 27th, 2022, D2 Agents for new customers are no longer supported. D2 Agents in use by existing customers will remain supported until September 1st, 2022.
Create and install Cortex XSOAR dissoluble agents (D2 agents) on machines that are under investigation to unobtrusively perform forensic tasks on those machines. After the agents complete the forensic tasks, they dissolve leaving no trace. D2 agents are designed to assist you when performing an investigation in the War Room and for a specific incident only.
Note
If you want to create agents for more than one incident, create a shared agent.
D2 Agents enable you to do the following:
Create and install D2 agents, using the CLI. You can install remotely or manually.
Perform tasks from the Cortex XSOAR CLI as if you were using the target machine.
Run pre-defined D2 agent automation scripts.
Create and configure automation scripts using Agent Tools.
Run existing D2 agent forensic tools (agent tools) as part of a Cortex XSOAR playbook.
Kill or assign an expiration date of an agent to dissolve it on the target machine.
Note
D2 Agents are usually used on Windows, as UNIX systems have different solutions, such as SSH. If you cannot access a target machine, you might need to set up a Cortex XSOAR engine before you can install and run agents on that machine.