Rumble requires the use of at least one Agent within your environment to enable network discovery. The agent should be installed on a system with reliable connectivity to the network you want to discover. For internal networks, Rumble works best when installed on a system with a wired (vs wireless) connection. For external network discovery, nearly any cloud provider with a reliable connection should do. If the Rumble agent is installed in a container or virtualized system, ensure that it has direct access to the network (host networking in docker, bridged networking in VMWare, etc).
To install the Rumble agent, login to the Rumble Console and switch to the Organization that should be associated with the agent. The agent download link is specific to your active Organization and using the wrong link can result a new agent being associated with the wrong Organization.
Download the correct binary for your system from the agent download page. For most systems, select the 64-bit (x86_64) architecture. For embedded devices, such as the RaspBerry Pi 3+, choose the ARM7 architecture. Windows binaries are signed with a valid Authenticode signature, which should be validated before the executable is launched.
The agent installation process requires administrative privileges. On Windows, a UAC prompt may be displayed. On Linux and macOS the downloaded binary should be made executable (
chmod u+x rumble-agent.bin) and then executed with root privileges (
sudo or from root shell). In either case, the agent should install itself as a system service and start immediately, displaying a new entry in the agents page.
Windows Server 2008, Windows Server 2012, Windows 7, and Windows 8 may be able to run the agent in a pinch, but are not officially supported.
Linux ARM devices with limited processing power and memory, such as the Raspberry Pi, can run the Rumble Agent, but may have trouble scanning larger networks.
macOS systems running Catalina (10.15) or newer need to use the
curl download method to avoid issues with the new Notary requirements.
The agent connects to the hosts
rumble-scans-prod.s3.us-east-2.amazonaws.com on TCP port 443 using TLS. This
hub.rumble.run connection is used for agent registration, job scheduling, and status messages while the S3 host is used for submission of completed scan jobs. For completely offline environments, the Rumble Scanner can be used to create scan data files that can be uploaded later via the Inventory
Import action. The host
console.rumble.run is used for automatic updates of the agent executable.
Please note that certain web proxies that perform TLS inspection do not handle Websocket communication properly and TLS inspection will
need to be disabled for the Rumble agent to successfully connect. The most popular product with this problem is the Sophos (previously Cyberoam) security appliance. Websense users may need to add a bypass rule for
Proxy support is handled automatically in most cases. On the Windows platform, proxy information is read from the registry keys (used by Chrome, Edge, and IE).
On Linux and macOS, the proxy can be configured by setting the
HTTPS_PROXY environment variable. The value of the
environment variable should be a hostname and port (
proxy:8080) or just a hostname (
Environment variables are read from the file
/opt/rumble/bin/.env on these platforms and apply to all installed agents.
The easiest way to remove an agent is to use the Agents page
and select the
Uninstall Agent option. This will remove the service and terminate the current
agent process. If you would like to remove the agent without using the Rumble Console, there are a couple options.
On the Windows platform, each agent will be listed in Programs and Features, and can be uninstalled like any other application.
On all platforms, including Windows, the agent can uninstall itself if run with the
uninstall argument from a root or Administrator shell:
c:\Program Files\Rumble\rumble-agent-[oid].exe uninstall
Linux and macOS
# /opt/rumble/rumble-agent-[oid] uninstall