Evo Agent Deployment

docs/cwa/monitors/install-evo-agent.md

@@ -0,0 +1,36 @@
+---
+id: '39162f8f-057c-4dec-adf8-e68309cbec5b'
+slug: /39162f8f-057c-4dec-adf8-e68309cbec5b
+title: 'Install Evo Agent'
+title_meta: 'Install Evo Agent'
+keywords: ['evo-agent', 'evo-mfa-agent', 'evo', 'evo-credential-provider-installer', 'evo-credential-provider']
+description: 'Detects windows machines where Evo Agent deployment is enabled and application is not installed.'
+tags: ['software', 'installation', 'security']
+draft: false
+unlisted: false
+---
+
+## Summary
+
+Detects windows machines where Evo Agent deployment is enabled and application is not installed.
+
+## Dependencies
+
+- [Install Evo Agent](/docs/b1089c56-7d18-11f0-8d05-92000234cfc2)
+- [Evo Agent Deployment](/docs/8a0815ff-2351-4eb6-a199-b0682fb03564)
+
+## Alert Template
+
+`△ Custom - Execute Script - Install Evo Agent`
+
+## Target
+
+Global
+
+## EDFs
+
+| Name | Example | Level | Section | Type | Accepted Values | Required | Description |
+|------|---------|-------|---------|------|----------------|----------|-------------|
+| Install Evo Agent | Windows Servers and Workstations | Client | Evo Agent | DropDown | Windows Servers and Workstations, Windows Workstations, Windows Servers, Disabled | false | Select OS to enable Evo Agent auto installation. |
+| Exclude - Install Evo Agent | | Location | Exclusions | Checkbox | | false | Flag to exclude the location from auto-deployment. |
+| Exclude - Install Evo Agent | | Computer | Exclusions | Checkbox | | false | Flag to exclude the endpoint from auto-deployment. |

docs/cwa/scripts/install-evo-agent.md

@@ -0,0 +1,69 @@
+---
+id: 'b1089c56-7d18-11f0-8d05-92000234cfc2'
+slug: /b1089c56-7d18-11f0-8d05-92000234cfc2
+title: 'Install Evo Agent'
+title_meta: 'Install Evo Agent'
+keywords: ['evo-agent', 'evo-mfa-agent', 'evo', 'evo-credential-provider-installer', 'evo-credential-provider']
+description: 'This script installs the Evo Credential Provider on a Windows machine using the arguments set into the client-level EDFs.'
+tags: ['software', 'installation', 'security']
+draft: false
+unlisted: false
+---
+
+## Summary
+
+This script is a CW Automate adaptation of the PowerShell script [InstallEvoAgent](https://github.com/evosecurity/EvoWindowsAgentDeploymentScripts/blob/master/InstallEvoAgent.ps1). It installs the Evo Credential Provider on a Windows machine using parameters configured in the client-level EDFs. Details about these EDFs are provided later in this document.
+
+## Sample Run
+
+**First Run:**  
+Run or debug the script on any online Windows machine with the `Set_Environment` parameter set to `1` to generate the necessary EDFs.  
+![Image1](../../../static/img/docs/b1089c56-7d18-11f0-8d05-92000234cfc2/image1.webp)
+
+**Regular Run:**  
+![Image2](../../../static/img/docs/b1089c56-7d18-11f0-8d05-92000234cfc2/image2.webp)
+
+## Dependencies
+
+- [InstallEvoAgent](https://github.com/evosecurity/EvoWindowsAgentDeploymentScripts/blob/master/InstallEvoAgent.ps1)
+- [Evo Agent Deployment](/docs/8a0815ff-2351-4eb6-a199-b0682fb03564)
+
+## Variables
+
+| Name | Value |
+| ---- | ----- |
+| ProjectName | `InstallEvoAgent` |
+| WorkingDirectory | `C:\ProgramData\_automation\script\InstallEvoAgent` |
+| ScriptUrl | `https://raw.githubusercontent.com/evosecurity/EvoWindowsAgentDeploymentScripts/refs/heads/master/InstallEvoAgent.ps1` |
+| PS1Path | `C:\ProgramData\_automation\script\InstallEvoAgent\InstallEvoAgent.ps1` |
+| SoftwareName | `Evo Agent` |
+
+## EDFs
+
+| Name | Example | Level | Section | Type | Accepted Values | Required | Description |
+|------|---------|-------|---------|------|----------------|----------|-------------|
+| Install Evo Agent | Windows Servers and Workstations | Client | Evo Agent | DropDown | Windows Servers and Workstations, Windows Workstations, Windows Servers, Disabled | false | Select OS to enable Evo Agent auto installation. |
+| Evo -EnvironmentUrl | `https://yourorg.evosecurity.com` | Client | Evo Agent | Text | | true | Evo portal base URL (e.g., `https://yourorg.evosecurity.com`). |
+| Evo -EvoDirectory | YourEvoDirectory | Client | Evo Agent | Text | | true | Your Evo organization/directory name. |
+| Evo -AccessToken | [your token] | Client | Evo Agent | Text | | true | Evo API access token. |
+| Evo -Secret | [your secret] | Client | Evo Agent | Text | | true | Evo API secret. |
+| Evo -FailSafeUser | backupUser | Client | Evo Agent | Text | | false | Optional username to use as a fallback if Evo login fails. |
+| Evo -MFATimeOut | 0 | Client | Evo Agent | Text | | false | Optional grace period to not require MFA for an unlock (minutes from last MFA prompt). Default: 0. |
+| Evo -CredentialMode | SecureAndElevatedLogin | Client | Evo Agent | DropDown | SecureLogin, ElevatedLogin, SecureAndElevatedLogin | false | Installer defaults to SecureAndElevatedLogin on a new installation or uses previous value on upgrade. |
+| Evo -OnlyEvoLoginCredential | 0 | Client | Evo Agent | DropDown | 0, 1 | false | If set, Evo becomes the only credential provider. Default: 0. |
+| Evo -RememberLastUserName | 1 | Client | Evo Agent | DropDown | 0, 1 | false | Optional flag to remember the last username used. Default: 1. |
+| Evo -DisableUpdate | 0 | Client | Evo Agent | DropDown | 0, 1 | false | Optional flag to disable auto updates. Default: 0. |
+| Evo -JitMode | 0 | Client | Evo Agent | DropDown | 0, 1 | false | Optional flag to enable Just-In-Time admin accounts. Default: 0. |
+| Evo -EndUserElevation | 0 | Client | Evo Agent | DropDown | 0, 1 | false | Optional flag to enable end-user elevation. Default: 0. |
+| Evo -UserAdminEscalation | 0 | Client | Evo Agent | DropDown | 0, 1 | false | Prompt admins with end-user elevation prompt instead of UAC. Default: 0. |
+| Evo -CustomPrompt | Custom Login Text | Client | Evo Agent | Text | | false | Optional string to customize the login prompt. |
+| Evo -CustomImage | C:\images\login.png | Client | Evo Agent | Text | | false | Optional path to custom login image (URL or local file path). |
+| Evo -NoElevatedRDP | | Client | Evo Agent | Checkbox | | false | Optional flag to disable elevation for RDP sessions when Evo is the sole login agent. |
+| Exclude - Install Evo Agent | | Location | Exclusions | Checkbox | | false | Flag to exclude the location from auto-deployment. |
+| Exclude - Install Evo Agent | | Computer | Exclusions | Checkbox | | false | Flag to exclude the endpoint from auto-deployment. |
+
+![Image3](../../../static/img/docs/b1089c56-7d18-11f0-8d05-92000234cfc2/image3.webp)
+
+## Output
+
+- Script Logs

docs/cwa/scripts/uninstall-evo-agent.md

@@ -0,0 +1,38 @@
+---
+id: '456dab4a-7d1c-11f0-8d05-92000234cfc2'
+slug: /456dab4a-7d1c-11f0-8d05-92000234cfc2
+title: 'Uninstall Evo Agent'
+title_meta: 'Uninstall Evo Agent'
+keywords: ['evo-agent', 'evo-mfa-agent', 'evo', 'evo-credential-provider-installer', 'evo-credential-provider']
+description: 'This script uninstalls the Evo Credential Provider from Windows machines.'
+tags: ['software', 'uninstallation', 'security']
+draft: false
+unlisted: false
+---
+
+## Summary
+
+This script is a CW Automate adaptation of the PowerShell script [InstallEvoAgent](https://github.com/evosecurity/EvoWindowsAgentDeploymentScripts/blob/master/InstallEvoAgent.ps1). It uninstalls the Evo Agent from Windows machines.
+
+## Sample Run
+
+![Image1](../../../static/img/docs/456dab4a-7d1c-11f0-8d05-92000234cfc2/image1.webp)
+
+## Dependencies
+
+- [InstallEvoAgent](https://github.com/evosecurity/EvoWindowsAgentDeploymentScripts/blob/master/InstallEvoAgent.ps1)
+- [Evo Agent Deployment](/docs/8a0815ff-2351-4eb6-a199-b0682fb03564)
+
+## Variables
+
+| Name | Value |
+| ---- | ----- |
+| ProjectName | `InstallEvoAgent` |
+| WorkingDirectory | `C:\ProgramData\_automation\script\InstallEvoAgent` |
+| ScriptUrl | `https://raw.githubusercontent.com/evosecurity/EvoWindowsAgentDeploymentScripts/refs/heads/master/InstallEvoAgent.ps1` |
+| PS1Path | `C:\ProgramData\_automation\script\InstallEvoAgent\InstallEvoAgent.ps1` |
+| SoftwareName | `Evo Agent` |
+
+## Output
+
+- Script Logs

docs/solutions/evo-agent-deployment.md

@@ -0,0 +1,63 @@
+---
+id: '8a0815ff-2351-4eb6-a199-b0682fb03564'
+slug: /8a0815ff-2351-4eb6-a199-b0682fb03564
+title: 'Evo Agent Deployment'
+title_meta: 'Evo Agent Deployment'
+keywords: ['evo-agent', 'evo-mfa-agent', 'evo', 'evo-credential-provider-installer', 'evo-credential-provider']
+description: 'This document outlines the process of deploying Evo Agent from CW Automate.'
+tags: ['software', 'installation', 'uninstallation', 'security']
+draft: false
+unlisted: false
+---
+
+## Purpose
+
+The solution aims to auto-deploy Evo Agent from CW Automate.
+
+## Associated Content
+
+### Primary Content
+
+| Content | Type | Purpose |
+| ------- | ---- | ------- |
+| [Install Evo Agent](/docs/b1089c56-7d18-11f0-8d05-92000234cfc2) | Script | Installs Evo Agent |
+| [Install Evo Agent](/docs/39162f8f-057c-4dec-adf8-e68309cbec5b) | Internal Monitor | Detects machines where deployment is enabled and application is not installed |
+| `△ Custom - Execute Script - Install Evo Agent` | Alert Template | Executes installation script on machines detected by the internal monitor |
+
+### Optional Content
+
+| Content | Type | Purpose |
+| ------- | ---- | ------- |
+| [Uninstall Evo Agent](/docs/456dab4a-7d1c-11f0-8d05-92000234cfc2) | Script | Uninstalls Evo Agent |
+
+## Implementation
+
+### Step 1
+
+Import the following content from the ProSync plugin.
+
+- [Script - Install Evo Agent](/docs/b1089c56-7d18-11f0-8d05-92000234cfc2)  
+- [Script - Uninstall Evo Agent](/docs/456dab4a-7d1c-11f0-8d05-92000234cfc2)  
+- [Internal Monitor - Install Evo Agent](/docs/39162f8f-057c-4dec-adf8-e68309cbec5b)
+- Alert Template - △ Custom - Execute Script - Install Evo Agent
+
+### Step 2
+
+Reload System Cache (Ctrl + R)
+
+### Step 3
+
+Run or debug the installation script on any online Windows machine with the `Set_Environment` parameter set to `1` to generate the necessary EDFs.  
+![Image1](../../static/img/docs/b1089c56-7d18-11f0-8d05-92000234cfc2/image1.webp)
+
+### Step 4
+
+Configure the automation as follow:
+
+- Internal Monitor: [Install Evo Agent](/docs/39162f8f-057c-4dec-adf8-e68309cbec5b)
+  - Alert Template: `△ Custom - Execute Script - Install Evo Agent`
+
+### Step 5
+
+Set the client-level deployment and parameter EDFs to initiate the Automation.  
+![Image3](../../static/img/docs/b1089c56-7d18-11f0-8d05-92000234cfc2/image3.webp)