Generate an Agent Client Collector allow list

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • Specify the checks to be included in the list of checks that are enabled to run on the agent.

    Before you begin

    Role required: agent_client_collector_admin

    About this task

    The default allow list includes all validated checks, and is included in the base system policies. If the allow list cannot be read correctly, no checks run on the agent.

    Procedure

    1. Navigate to All > Agent Client Collector > Check Definitions.
      The Check Definitions page appears.
    2. In the Related Links section at the bottom of the page, click Generate allow list.
      Note:
      Alternatively, you can click a check definition or check instance record and click Generate allow list to generate a complete allow list.

      The Agent Client Collector Command Allow-list Generator page appears, with the list of checks scanned from the Command field of the check instance records.

      The values appear with the following attributes:

      Table 1. Command attributes
      Attribute Description
      exec The executing command.
      args Possible argument strings.
      skip_arguments Boolean. Determines whether to verify that the argument was added to the allow list.
      • true: Skips argument validation and checks only for illegal characters, specifically |;\<>&'$()
      • false: Executes argument validation to ensure that the argument is included in the allow list. If it is not, the command cannot execute.
      use_regex Boolean. Determines whether to evaluate the arg strings as a regular expression.
      • true: Evaluates each entry in the args array as a regular expression
      • false: Evaluates each entry in the args array as it is.
      Note:
      Ensure that the regex is useable in valid JSON format and is golang compatible.
      allow_shell Boolean. Allow for the given entry to be executed in shell mode and for check definitions to default to execv.
      • true: This allow list entry permits execution in shell mode.
      • false: This allow list entry doesn't permit execution in shell mode.
    3. Copy the entries you want to include in the allow list and add them to the agent's check-allow-list.json file, either manually or using an automation tool.
      The location of this file is indicated in the allow-list parameter of the agent's acc.yml file.