Skip to content

How to deploy Arctic Wolf with PDQ Deploy & Inventory

Brock Bingham candid headshot
Brock Bingham|January 17, 2022
arctic wolf
arctic wolf

As cyber attacks continue to increase, the importance of implementing a proper cybersecurity defense can not be overstated. One vulnerability is enough for a malicious actor to have a devastating impact on an organization. Ensuring you have the necessary training and tools to mitigate and respond to security risks is key to securing your network and digital assets.

The Arctic Wolf platform

Arctic Wolf is a leading provider of security operation solutions. Their platform, combined with their 24/7 response team, is dedicated to helping organizations monitor, detect, and respond to security threats while also providing ongoing risk management.

The Arctic Wolf platform utilizes a lightweight agent to analyze and detect threats while also identifying areas of risk. While the standard agent installation procedure utilizes Group Policy to deploy the agent, we've received multiple requests to demonstrate how to deploy the Arctic Wolf Agent using PDQ Deploy and PDQ Inventory. So, in conjunction with Arctic Wolf, here's how to quickly and silently deploy the Arctic Wolf Agent to your endpoints using PDQ Deploy and PDQ Inventory.

Setting up an Arctic Wolf collection in PDQ Inventory

Before creating the Arctic Wolf deployment package, we'll first create a collection in PDQ Inventory that filters for computers missing the Arctic Wolf Agent. This collection will help us target the correct machines for our deployment.

  • With PDQ Inventory open, click New Dynamic Collection.

    arctic wolf 6
  • Enter a name for the collection (in this case, Arctic Wolf Agent Not Installed).

  • Set the filter to Not Any > Application > Name > Contains > Arctic Wolf Agent.

    arctic wolf 7
  • Click OK when finished.

This collection should automatically populate with computers that don't have the Arctic Wolf Agent already installed. You can easily modify this filter to narrow down the membership even further. For example, you can filter out servers by adding the filter Member of Collection > Name > Contains > Servers. This collection would include only workstations that do not have the Arctic Wolf Agent installed.

arctic wolf 12

Creating the Arctic Wolf package in PDQ Deploy

For this example, we'll create a deployment package containing both the Arctic Wolf Agent and the Sysmon installer, which is recommended for organizations that do not have an alternative Endpoint Detection and Response solution. If you don't intend to use the Sysmon client, you can exclude it from your deployment package.

  • Download the agent installer files from the Arctic Wolf Portal and save them to a folder in your PDQ Deploy repository. By default, the repository is located at C:\Users\Public\Documents\Admin Arsenal\PDQ Deploy\Repository.

    arctic wolf 1
  • Launch PDQ Deploy.

  • Click New Package.

    arctic wolf 2
  • Enter "Arctic Wolf" in the name field, then click New Step > Install.

    arctic wolf 3
  • Enter the path to the sysmon MSI file in the Install File field.

  • Enter the path to both sysmon EXE files in the Additional Files field.

    arctic wolf 4
  • Click New Step > Install to create a second install step.

  • Enter the path to the Arctic Wolf Agent MSI file in the Install File field.

  • Enter the path to your JSON file in the Additional Files field, then click Save to finish creating the package.

    arctic wolf 5

Deploying the Arctic Wolf Agent

Now that our Arctic Wolf package is created, we can deploy it to the collection we created in PDQ Inventory. We'll also configure a heartbeat schedule to ensure that any offline targets receive the deployment once they come online.

  • Right-click on the Arctic Wolf package and click Deploy Once.

    arctic wolf 8
  • Click Choose Targets > PDQ Inventory > Collection.

    arctic wolf 9
  • Select the collection created earlier and click OK.

    arctic wolf 10
  • The computers from the collection should populate in the target window. Once you review your settings, click Deploy Now.

    arctic wolf 11

As your Arctic Wolf deployment kicks off, you can review its status in the deployment window.

arctic wolf 16

With the initial deployment complete, we'll create a schedule with a heartbeat trigger to target endpoints that may have been offline during the deployment.

  • Click the New Schedule button.

  • At the top of the Schedule windows, enter a name for the schedule, such as Arctic Wolf.

  • Click on the Triggers tab.

  • Click Heartbeat.

    arctic wolf 13
  • Click the Targets tab and click Choose Targets > PDQ Inventory > Collection. Select the Arctic Wolf Agent Not Installed collection we created earlier. Since we've already deployed to this collection once, this collection should now only contain endpoints that may have been offline or failed during the initial deployment.

    arctic wolf 14
  • Click the Packages tab and click Attach Packages. Select the Arctic Wolf package and click the arrow (>) button to attach it to the schedule, then click OK.

    arctic wolf 17
  • Click the Options tab and make sure Stop deploying to targets once they succeed is selected.

    arctic wolf 15
  • Click OK to save and close the Schedule window.

With this schedule created, machines that may have been offline during the initial deployment will receive the package as soon as they come online.

Wrapping up

Cyber threats are becoming more sophisticated and their impact more severe. Ensuring you have the necessary security platforms and patches to protect your organization is critical. PDQ Deploy and PDQ Inventory can help quickly distribute your solutions to your endpoints, leaving you more time to focus on keeping your users and your network safe.

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles