Deploying agents

Deploying agents installs endpoint visibility capabilities on supported devices so they can send telemetry to Kaseya SIEM.

This article covers deployment mechanics only: how agents are installed and where deployment artifacts are obtained. Configuration of agent behavior, performance limits, and operational overrides is handled separately through Advanced agent settings and configuration overrides.

This article explains:

• Supported agent deployment methods

• Deployment prerequisites

• Where installation commands and keys are obtained

• How deployment success is validated

• What agent deployment does not configure

Supported deployment methods

The following are the only supported agent deployment methods for Kaseya SIEM:

• GUI installer: Download and manually install the agent on the endpoint.

• CLI installer: CLI deployment uses a single command that can be run manually or executed through an RMM tool. CLI installer methods are typically provided as copy‑ready command-line instructions for the selected operating system.

• PowerShell installer: Install the agent using a PowerShell script.

• RMM‑based deployment using:

  • Kaseya VSA 10

  • Datto RMM

IMPORTANT  These are the supported deployment paths. Other scripting approaches may be technically possible but are not documented or supported.

Platform support notes

• Windows: GUI, CLI, PowerShell, and RMM‑based deployment are supported

• macOS and Linux: CLI installation is the supported method

Deployment prerequisites

Before deploying agents:

• An organization must already exist in Kaseya SIEM

• Agent deployment is performed within the context of an organization.

Agents are always deployed into a specific organization context. The organization selected when retrieving installation artifacts determines where the agent reports once installed.

Retrieving deployment artifacts (Organizations > Edit Organization > Agent Deployment)

Each organization includes an Agent Deployment tab that serves as the primary source of installation artifacts for that organization.

From Organizations > Edit organization > Agent Deployment, administrators can:

• View supported installation methods by operating system (Windows, macOS, Linux)

• Copy installer commands or scripts

• Download installers where applicable

• Retrieve organization‑specific license keys (Windows) or API keys (macOS/Linux) required during installation

The options and scripts shown on this page reflect the supported deployment methods described in this article. This page provides installation artifacts only; it does not configure agent behavior or platform features.

The Agent Deployment tab does not:

• Initiate or schedule deployments

• Push agents to devices

• Modify agent behavior or settings

Coming from RocketCyber or Kaseya MDR

This section applies if you currently use, or previously used, RocketCyber and/or Kaseya MDR and are now using Kaseya SIEM.

RocketCyber, Kaseya MDR, and Kaseya SIEM can coexist in the same environment. The guidance below is about agent reuse, not migration.

Do I need to redeploy agents?

No. Existing RocketCyber/Kaseya MDR agents can continue to be used by Kaseya SIEM. Agents do not need to be uninstalled or reinstalled solely to enable SIEM.

What still applies from this article?

The deployment steps described in this article apply only when:

• Installing agents on new endpoints

• Expanding coverage to endpoints that did not previously have an agent installed

Organizational context

For environments that already use RocketCyber/Kaseya MDR, the required organization context typically already exists when enabling Kaseya SIEM. No additional organization setup is required solely to continue using existing agents.

This distinction is intentional. Agent coexistence allows RocketCyber, Kaseya MDR, and Kaseya SIEM to share the same deployed agents, while deployment guidance applies only when installing agents on endpoints where none exist. This article does not document migration behavior.

Validating agent presence: Devices > Agents

After deploying agents, you can validate agent presence by reviewing the device inventory in Devices > Agents.

Devices > Agents is an inventory and validation surface, not a deployment surface. Use it to confirm that agents are present and checking in after deployment has already occurred.

This page answers the question: Did my deployment work?

It provides a global device and agent inventory, including:

• Device hostname

• Agent version

• Online or offline status

• Associated organization

• Operating system

• Last‑seen timestamp

Use this page to confirm that agents are installed and checking in.

Agent actions in Devices > Agents

When one or more agents are selected in Devices > Agents, a set of contextual actions becomes available. These actions apply to the selected device(s) and support post‑deployment management and investigation.

Available actions include:

• Isolate: Initiate device isolation to restrict network activity, subject to platform configuration, user permissions, and authorization. When you select Isolate, a confirmation dialog is displayed indicating that the device will be disconnected from the network. You must explicitly confirm the action before isolation is applied.

  

• Restore: Restore network connectivity for an isolated device.

• Restart agent: Restart the agent on the selected endpoint.

• Check for updates: Check for available agent updates and apply them if applicable.

• Upload agent log: Upload diagnostic agent logs for investigation or troubleshooting.

• Share: Share device‑level information or context, depending on permissions and integrations.

• Delete: Remove the device from the device inventory. This affects visibility in the platform and does not document agent uninstall procedures.

These actions are available only after agents are deployed and visible in the device inventory.

Viewing device details

Clicking a device hostname in Devices > Agents opens a device details panel. This panel provides read‑only device context and agent information for the selected endpoint.

The device details panel includes information such as:

• Hostname and network identifiers

• Operating system details

• Agent version and fingerprint

• First‑seen and last‑seen timestamps

This panel may also include additional tabs that provide contextual information (for example, inventory, applications, logs, or security‑related data), depending on available integrations and permissions.

Device details are intended for visibility and investigation context, not for deployment or configuration.

Organization‑scoped reference: Organizations > Edit Organization > Agent Deployment

Each organization includes an Agent Deployment tab that shows agent association within that specific organization.

This view answers a different question: Which agents are associated with this organization?

To access this view?

1. From the side navigation menu, click Organizations.

   

2. Click the Edit Organization icon (pencil icon) of the organization of your choice.

   

3. Open the Agent Deployment tab.

   

IMPORTANT  This tab is not the primary deployment validation surface. It may appear empty during onboarding or if backend association is still completing. An empty organization-level Agent Deployment view does not mean agent deployment failed.

Why both pages exist

These views show the same underlying agents but answer different operational questions depending on scope.

Page	Purpose	When to use it
Devices > Agents	Global device and agent inventory	Confirm device-level visibility and status
Organizations > Edit Organization > Agent Deployment	Organization-scoped association	Review agent context within an organization

What successful deployment looks like

Agent deployment is considered successful when:

• The agent is installed on the endpoint using a supported method.

• The endpoint appears in Device > Agents with a status and last‑seen timestamp.

• Endpoint activity can contribute telemetry for investigation and response.

Because Kaseya SIEM is telemetry‑driven, agent presence and activity are reflected through device and investigation surfaces rather than through a single deployment success indicator.

What agent deployment does not configure

Deploying an agent does not automatically:

• Assign user roles or permissions

• Configure integrations

• Configure alerting, detection tuning, or suppression rules

• Configure SOC workflows

• Configure agent performance limits or operational behavior

These concerns are managed separately through configuration and governance controls.

Agent behavior settings (separate from deployment)

Agent deployment determines where agents are installed.

Agent behavior settings determine how deployed agents operate.

To configure agent behavior (such as performance limits or operational controls), go to Settings > Advanced settings > Agent settings.

These settings:

• Apply globally by default

• May support organization‑level overrides depending on configuration model

• Do not install agents

• Do not affect agent inventory placement

For details, see Advanced agent settings and configuration overrides.

Troubleshooting notes

If agents do not appear as expected:

• Confirm the agent was deployed using a supported method

• Confirm the endpoint is associated with the intended organization

• For RMM‑based deployments, confirm the deployment task completed successfully in the RMM tool and that the endpoint has outbound connectivity.

Related articles

• Advanced agent settings and organization overrides: Configure how deployed agents operate, including CPU and memory limits, logging verbosity, and error reporting. Agent behavior is configured separately from deployment

• Managing organizations: Describes how organizations define security and configuration boundaries that access controls are applied against

• Global defaults and organization‑level behavior: Understand how agent‑related settings inherit global defaults or apply organization‑specific overrides, and why behavior may differ between organizations