Deploy your first agent
Install and activate the Threatmatic agent on your first endpoint
Deploy your first agent
The Threatmatic agent is a lightweight process that connects your endpoint to the control plane. It enforces policy in real time and requires no reboot or kernel extension on supported platforms.
Prerequisites
- An active Threatmatic organization
- Admin access to the Console
- A supported endpoint (macOS 12+, Windows 10/11, or Linux kernel 5.4+)
Steps
Download the agent
- Sign in to the Threatmatic Console
- Navigate to Devices → Enroll Device
- Select your operating system and download the installer
Install the agent
Open the downloaded .pkg file and follow the installation wizard. You will
be prompted to allow a system extension — approve it in System Settings →
Privacy & Security.
Run the downloaded .msi as Administrator. The agent service starts
automatically after installation.
sudo dpkg -i threatmatic-agent.deb # Debian/Ubuntu sudo rpm -i
threatmatic-agent.rpm # RHEL/Fedora sudo systemctl enable --now
threatmatic-agentActivate with your enrollment token
During installation you will be prompted for an enrollment token. Retrieve it from Devices → Enroll Device → Copy Token in the Console.
The agent will connect to the control plane within seconds of activation.
Verify enrollment
Return to Devices in the Console. Your endpoint should appear with status Active within 30 seconds.
Next steps
How is this guide?
Last updated on