Deploy the SentinelEra Agent in three steps.

Pick your platform

Linux and macOS ship in the same archive — pick either button; the bundle contains both binaries (bin/sia-agent-linux and bin/sia-agent-mac).

Verify with SHA256SUMS

Release: v0.1.0

Three steps to live telemetry

1. Step 1

   Download the binary for your OS

   Pick Windows / Linux / macOS above. Each release is signed and pinned to a SHA256 checksum the operator can verify before running.

2. Step 2

   Run the installer + enroll the endpoint

   Linux / macOS: extract the tarball + run the embedded systemd / launchd installer. Windows: extract + run the .ps1 install script as Administrator. The installer enrolls the endpoint against your tenant + provisions an API key bound to that host.

3. Step 3

   Verify the agent is reporting

   Within 60 seconds the endpoint appears on /dashboard/endpoints with its last-heartbeat timestamp. From that moment every Wazuh / Sysmon alert flows into your tenant's pipeline.

1. Outbound firewall blocks the API hostname

   Symptom

   The installer reports a successful service start, but the endpoint never appears on /dashboard/endpoints + the agent's local log shows repeated TLS connect timeouts.

   Fix

   Ask your firewall team to allow outbound HTTPS (TCP 443) from the endpoint to your tenant's API hostname. Default deployments use a single fully-qualified hostname (the same one your operators sign in at). No inbound rule is required — the agent always initiates the connection.

2. Corporate HTTPS proxy required

   Symptom

   The network forces traffic through an authenticated proxy. The agent reports `proxy connect refused` or `407 Proxy Authentication Required` and never establishes a heartbeat.

   Fix

   Set the HTTPS_PROXY environment variable on the endpoint before the agent starts (Linux/macOS: export HTTPS_PROXY=http://proxy.corp.example:3128 in the unit file's Environment= block; Windows: setx HTTPS_PROXY http://proxy.corp.example:3128 /M). Authenticated proxies use the http://user:pass@host:port form. The agent's Go HTTP client honours the env var natively.

3. SSL/TLS inspection middlebox

   Symptom

   The agent reports `x509: certificate signed by unknown authority` even though the API hostname resolves correctly. A middlebox is decrypting + re-signing the TLS session.

   Fix

   Either exempt the API hostname from SSL inspection on your egress middlebox (the recommended posture — preserves end-to-end TLS) OR install your corporate root CA into the endpoint's system trust store before starting the agent. The agent uses the system certificate store on every OS.

4. Required network allow-list

   Symptom

   Your IT team asks for the exact list of hostnames + ports the agent connects to before opening firewall rules.

   Fix

   Outbound TCP 443 to: (1) your tenant's API hostname for heartbeat + telemetry POSTs (every 5 seconds default); (2) GitHub Releases CDN — objects.githubusercontent.com — for OTA agent binary downloads when the tenant's update strategy is set to auto or scheduled. No inbound port is required. No DNS exceptions beyond standard HTTPS.