Manage your fleet of Jibril security agents across all environments.

Agents Overview

Agents page showing connected Jibril agents

Agent Status

Health Indicators

Online

Healthy and reporting
  • Last heartbeat < 60 seconds
  • Actively monitoring
  • Sending events normally
  • All systems operational

Warning

Potential issues
  • Last heartbeat 1-5 minutes
  • High resource usage
  • Network intermittency
  • Configuration drift

Offline

Not responding
  • No heartbeat > 5 minutes
  • Agent crashed or stopped
  • Network connectivity lost
  • Host system issues

Error

Critical problems
  • Authentication failures
  • Corrupted configuration
  • Insufficient permissions
  • Platform incompatibility

Agent Information

System Details

Each agent displays:
  • Hostname - System identifier
  • IP Address - Network location
  • Operating System - Linux distribution and version
  • Kernel Version - Required for eBPF compatibility
  • Agent Version - Jibril software version
  • Uptime - How long agent has been running

Resource Usage

Monitor agent performance impact:
  • CPU Usage - Percentage of CPU consumed
  • Memory Usage - RAM utilized by agent
  • Network Bandwidth - Data transfer to platform
  • Disk I/O - File system operations

Detection Statistics

Track agent effectiveness:
  • Events Detected - Total security events found
  • Events This Week - Recent activity
  • Last Detection - Most recent threat found
  • False Positive Rate - Accuracy metric

Agent Configuration

Detection Mode

Detection without action
  • Logs all security events
  • Sends alerts to dashboard
  • No automatic blocking
  • Good for: Testing, compliance
# Enable monitor mode
GARNET_MODE=monitor
GARNET_BLOCKING=false

Sensitivity Settings

Adjust detection sensitivity:
  • High - Detect all suspicious activity (may increase false positives)
  • Medium - Balanced detection (recommended for most environments)
  • Low - Only obvious threats (may miss subtle attacks)

Environment Tagging

Tag agents by environment:
  • Production - Live production systems
  • Staging - Pre-production testing
  • Development - Developer environments
  • CI/CD - Build and deployment pipelines

Agent Management

Bulk Operations

Perform actions on multiple agents:
  1. Select agents using checkboxes
  2. Choose action from dropdown:
    • Update configuration
    • Restart agents
    • Change detection mode
    • Apply policy updates
  3. Confirm operation
  4. Monitor progress in real-time

Individual Agent Actions

For specific agents:
Click any agent to see:
  • Detailed system information
  • Real-time resource metrics
  • Recent security events
  • Configuration history
  • Performance graphs
Modify agent settings:
  1. Click agent name
  2. Go to “Configuration” tab
  3. Adjust settings as needed
  4. Click “Save Changes”
  5. Agent auto-updates within 60 seconds
If agent is unresponsive:
  1. Select agent
  2. Click “Actions” → “Restart”
  3. Confirm restart
  4. Wait 2-3 minutes for reconnection
To permanently remove:
  1. Select agent
  2. Click “Actions” → “Remove”
  3. Type agent name to confirm
  4. Agent stops monitoring immediately
Detailed agent view showing system information and metrics

Deployment Management

Add New Agents

Deploy agents to new systems: 
# Add to workflow
- uses: garnetlabs/garnet-action@v1
  env:
    GARNET_API_TOKEN: ${{ secrets.GARNET_API_TOKEN }}
Full setup guide →

Mass Deployment

For large-scale deployments:
  1. Prepare installation packages with pre-configured settings
  2. Use configuration management tools (Ansible, Chef, Puppet)
  3. Deploy via orchestration platforms (Kubernetes, Docker Swarm)
  4. Monitor deployment progress in real-time dashboard

Agent Updates

Keep agents current with latest security definitions:
  • Automatic updates - Agents self-update by default
  • Staged rollouts - Test updates on subset first
  • Manual control - Disable auto-updates if needed
  • Rollback capability - Revert to previous version if issues

Monitoring and Alerts

Agent Health Monitoring

Set up alerts for agent issues: 
# Configure health check alerts
Dashboard Settings Notifications Agent Alerts
Alert conditions:
  • Agent goes offline
  • High resource usage
  • Authentication failures
  • Version outdated
  • Configuration drift

Performance Monitoring

Track agent performance over time:
  • Response time trends - Latency to platform
  • Resource usage patterns - CPU/memory over time
  • Detection effectiveness - Threats found vs missed
  • Error rates - Failed operations percentage

Capacity Planning

Monitor infrastructure capacity:
  • Total agents deployed - Current coverage
  • Resource consumption - Aggregate usage
  • Growth trends - Deployment velocity
  • Scaling requirements - Future needs

Troubleshooting

Agent shows as offline despite being running.Troubleshooting steps:
  1. Check API token validity:
curl -H "Authorization: Bearer $GARNET_API_TOKEN" \
  https://api.garnet.ai/v1/agents
  1. Verify network connectivity:
telnet api.garnet.ai 443
  1. Check agent logs:
# Docker
docker logs jibril

# Kubernetes  
kubectl logs -n garnet-system -l app=jibril

# Systemd
journalctl -u jibril
  1. Restart agent if needed
Agent consuming too much CPU or memory.Optimization steps:
  1. Switch to lightweight mode:
# Set environment variables
GARNET_MODE=lightweight
GARNET_SCAN_INTERVAL=120s
  1. Reduce monitoring scope:
# Exclude certain paths
GARNET_EXCLUDE_PATHS="/tmp,/var/log"
  1. Limit resource usage:
# Docker resource limits
docker update --memory=256m --cpus=0.25 jibril

# Kubernetes resource limits
resources:
  limits:
    memory: 256Mi
    cpu: 250m
Agent reports authentication failures.Resolution steps:
  1. Verify token hasn’t expired
  2. Check token permissions in dashboard
  3. Regenerate token if needed:
    • Go to Dashboard → Settings → Tokens
    • Create new token
    • Update agent configuration
  4. Restart agent with new token
Changes in dashboard not reflected on agent.Troubleshooting:
  1. Check agent connectivity (must be online)
  2. Wait up to 60 seconds for sync
  3. Manually restart agent:
# Docker
docker restart jibril

# Kubernetes
kubectl rollout restart daemonset/jibril -n garnet-system
  1. Verify configuration in agent logs

Best Practices

Agent Deployment

  1. Use infrastructure as code - Terraform, CloudFormation, etc.
  2. Standardize configurations - Consistent settings across environments
  3. Tag appropriately - Clear environment and purpose labels
  4. Monitor coverage - Ensure all critical systems protected

Security Hardening

  1. Rotate tokens regularly - Update API tokens quarterly
  2. Use least privilege - Minimal required permissions only
  3. Secure network communications - TLS encryption enabled
  4. Monitor agent logs - Watch for suspicious behavior

Performance Optimization

  1. Right-size resources - Allocate appropriate CPU/memory
  2. Use lightweight mode - For non-critical environments
  3. Tune scan intervals - Balance security vs performance
  4. Exclude unnecessary paths - Reduce monitoring overhead

Operational Excellence

  1. Automate deployments - CI/CD integration
  2. Monitor health proactively - Set up alerts
  3. Plan for scaling - Capacity management
  4. Document configurations - Maintain deployment docs

Next Steps

View Detections

Monitor security events

Enable Blocking

Configure threat response

API Management

Automate with API