Skip to main content

Overview

The AirMDR Remote Agent enables AirMDR to securely access customer private resources (for example, SIEMs, internal APIs, and restricted environments) using an outbound-only connection model. This avoids inbound firewall changes while still allowing AirMDR to enrich alerts and run investigations using data that remains inside your environment. Use the Remote Agent when integrations require connectivity to private networks, VPC-only endpoints, or systems that are not internet-accessible.

How to Get Started

Follow these pages depending on what you need:

1) Understand the Architecture

Review how the Remote Agent is deployed, how it communicates with AirMDR, and how request execution works. ➡️ Remote Agent Architecture

2) Install the Remote Agent

Install the Remote Agent on a supported Linux host (jump box or target machine) and validate the service health. ➡️ Remote Agent Installation Guide

When to Use the Remote Agent

Use the Remote Agent if any of the following apply:
  • Your SIEM or log source is reachable only from within your private network
  • Your OpenSearch/Splunk/QRadar endpoint is VPC-only or behind a firewall
  • Your security policy does not allow inbound access from external services
  • You need controlled access via a jump box or restricted network segment

Typical Setup Flow

  1. Review the Remote Agent Architecture to confirm deployment location and network boundaries.
  2. Install the agent using the Remote Agent Installation Guide.
  3. Configure the relevant integrations in AirMDR to use the Remote Agent connection parameters.
  4. Validate connectivity and confirm the agent status is online.

Support

If you need help selecting the right deployment model or validating connectivity, contact AirMDR Support through your designated support channel.