⌘K
v2026.1 Open Portal ↗
On this page

On-Prem Discovery

Agent Overview

On-premises infrastructure discovery uses the StackFlow Discovery Agent, a lightweight daemon that runs on Linux and Windows servers. The agent collects hardware inventory, installed software, running services, network connections, and system performance metrics, then transmits this data securely to the StackFlow API over HTTPS.

⚙️ Minimum Requirements
  • Discovery Agent: StackFlow Discovery Agent v2.x installed on at least one on-prem host in each subnet
  • Outbound: Agent requires HTTPS outbound to https://api.stackflow-tech.com/prod/api/discovery/ingest
  • SQS: StackFlow-DiscoveryIngestion.fifo queue for agent-submitted CI data
  • Lambda: StackFlowDiscoveryProcessor consuming from the SQS queue with dynamodb:PutItem on StackFlow_CI

The agent requires no inbound firewall ports — it uses an outbound HTTPS connection to the API Gateway endpoint. This makes it suitable for servers behind strict firewalls and NAT. All data is encrypted in transit with TLS 1.3 and at rest using the CMK.

Agent Installation

# Linux installation (Ubuntu/RHEL)
curl -sSL https://your-instance.stackflow-tech.com/prod/api/agent/install.sh |   STACKFLOW_TOKEN="$AGENT_TOKEN" bash

# Verify agent is running
systemctl status stackflow-agent

# Windows installation (PowerShell as Administrator)
$token = "YOUR_AGENT_TOKEN"
Invoke-WebRequest -Uri "https://your-instance.stackflow-tech.com/prod/api/agent/install.ps1" -OutFile install.ps1
.\install.ps1 -Token $token
Agent Token: Generate an agent installation token in Admin → Discovery → Agent Tokens → New Token. Tokens are scoped to a specific tenant and can be revoked at any time. Use unique tokens for different environments (prod vs dev vs test).

Agent Configuration

Agent configuration is stored at /etc/stackflow-agent/config.yaml on Linux and C:\ProgramData\StackFlowAgent\config.yaml on Windows. Key settings include collection interval, which data types to collect, and any paths or processes to exclude from discovery.

api_endpoint: https://your-instance.stackflow-tech.com/prod/api
agent_token: "${STACKFLOW_AGENT_TOKEN}"
collection_interval_minutes: 30
collect:
  hardware: true
  software: true
  services: true
  network_connections: true
  performance_metrics: true
exclude_paths:
  - /tmp
  - /var/log
exclude_processes:
  - sshd
  - rsyslogd

Discovered Data

Data CategoryExamples
HardwareCPU model/cores, RAM, disk size/type, serial number
OSOS name, version, patch level, kernel version
SoftwareInstalled applications, versions, install dates
ServicesRunning services/daemons and their status
NetworkNetwork interfaces, IPs, MACs, open ports
PerformanceCPU/memory/disk utilization (current snapshot)

Troubleshooting Agents

If an agent stops reporting, check its status in CMDB → Discovery → Agent Health. The dashboard shows the last heartbeat time, version, and any reported errors. Common issues include network connectivity to the API endpoint, expired agent tokens, and permission issues preventing hardware inventory collection.

# Check agent logs on Linux
journalctl -u stackflow-agent -n 100 --no-pager

# Test API connectivity from the agent host
curl -v https://your-instance.stackflow-tech.com/prod/api/health
← Previous
Cloud Discovery
AWS, Azure, GCP auto-discovery
Neptune Knowledge Graph
Relationship graph and Gremlin queries