Access Cytool
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Access Cytool
To view syntax and usage examples for Cytool
commands, use the /? option after any command.
- Open a command prompt (on Windows) or Terminal
(on Mac) as an administrator:Windows:
- Select StartAll ProgramsAccessories. Right-click Command prompt, and then select Run as administrator.
- Select Start. In the Start Search box, type cmd. Then, to open the command prompt as an administrator, press CTRL+SHIFT+ENTER.
Mac:- From Finder, select ApplicationsUtilities. Double-click Terminal.
- Navigate to the folder that contains Cytool:
OS Example WindowsC:\Users\Administrator> cd C:\Program Files\Palo Alto Networks\TrapsMacPANM2637HQ:~ jdoe$ cd /Library/Application\ Support/PaloAltoNetworks/Traps/binLinuxroot@ubuntu:~$ cd /opt/traps/bin - View usage and options for the cytool command:Windows:
c:\Program Files\Palo Alto Networks\Traps> cytool Traps (R) supervisor tool 4.1.2.29819 (c) Palo Alto Networks, Inc. All rights reserved Usage: CYTOOL /? | [[/a] command [/? | options]] Options: /? Display this help message. /a Authenticate as supervisor. command enum | protect | startup | runtime | policy | log | quarantine | stat | tla | info | image | wf For more information on a specific command run CYTOOL command /?Mac:On Mac endpoints, you must run the command as a superuser (sudo) and supply the administrator password.PANM2637HQ:bin jdoe$ sudo ./cytool Usage: cytool<options> cytool - Support tool Options: -h --help Display help information. enum List processes protected by Traps. rpc <enable | disable> <process_name | all> Enable/Disable RPC services for daemon(s) and agent(s). esm <connect | disconnect> [address=hostname:port] Connect/Disconnect Traps to/from ESM. startup query List startup status for traps endpoint agent(s) and daemon(s). startup <enable | disable> <process_name | all> Enable/Disable agent(s) and daemon(s) after reboot. runtime query List runtime status for agent(s), daemon(s) and kernel extensions. runtime <start | stop> <process_name | all> Start/Stop agent(s), daemon(s) and kernel extensions immediately. persist list Display list of persistent databases. persist export <db_name | all> Export database(s) to the file(s) in JSON format. persist import <db_name> <file_name> Import data into the database from the given file. persist print <db_name | all> [csv] Print database to the command prompt. log <log_level> <process_name | all> Set log level for the desired process. log collect Generate support fle archive. wakeup Wake up from OS incompatibility state. dump <enable | disable | restore> Enable/Disable dump generation or restore policy settings. checkin Initiate Check In Now (send heartbeat to server). opswat <installed | running | protected | version> Check Traps Agent status and version.Linux:From the Linux server, run the cytool command without any arguments or with -h or --help options.root@ubuntu:~$ /opt/traps/bin/cytool Usage: cytool<options> cytool - Support tool Options: -h --help Display help information. enum List processes protected by Traps. startup query List startup status for traps endpoint agent(s) and daemon(s). startup <enable | disable> <process_name | all> Enable/Disable agent(s) and daemon(s) after reboot. runtime query List runtime status for agent(s), daemon(s) and kernel extensions. runtime <start | stop> <process_name | all> Start/Stop agent(s), daemon(s) and kernel extensions immediately. persist list Display list of persistent databases. persist export <db_name | db_path> Export database(s) to the file(s) in JSON format. persist import <db_name | db_path> <file_name> Import data into the database from the given JSON file. persist print <db_name | db_path> [csv] Print database to the command prompt. log <log_level> <process_name | all> Set log level for the desired process. log collect Generate support file archive. dump <enable | disable | restore> Enable/Disable dump generation or restore policy settings. checkin Initiate Check In Now (send heartbeat to ESM).