Developer portal

Host sensor deployment

Deploy qtangl-sensor to inventory certificates, crypto libraries, and TLS listeners on hosts and endpoints.

Pilot

Prerequisites

Tenant feature flag discovery.hostSensor enabled (or QTANGL_DISCOVERY_ENABLE_ALL=true in dev)
Monitor or Enterprise tier
mTLS agent certificates issued at enrollment (production)

1. Create a fleet

Open Dashboard → Integrations → Discovery depth, create a fleet, and copy the enrollment token. Tokens expire in 72 hours (max 100 enrollments).

POST /tenant/discovery/fleets
Authorization: Bearer $QTANGL_API_KEY
{"name": "Production fleet"}

2. Linux install

curl -fsSL https://releases.qtangl.com/sensor/install.sh | sudo bash
qtangl-sensor --enroll YOUR_TOKEN --api https://api.qtangl.com
# Daemon mode (heartbeat every 5m, scan every 24h)
qtangl-sensor --daemon --agent-id AGENT_ID --tenant-id TENANT_ID --api https://api.qtangl.com

3. Kubernetes (Helm)

See sensor/packaging/helm/qtangl-sensor/. The init enroll Job writes agent credentials to a Secret consumed by the DaemonSet.

4. Air-gap

qtangl-sensor --output findings.zip
# Upload via Dashboard or:
POST /tenant/discovery/offline-upload

Troubleshooting

403 feature not enabled — contact support to enable discovery flags
401 enroll — token expired or max uses reached; rotate fleet token
401 agent mTLS — re-enroll to obtain a fresh agent certificate
Agent offline— agents silent >7d marked stale; >30d auto-revoked

Discovery API reference · Code scan CI

Found an issue? Report documentation feedback

Host sensor deployment

Prerequisites#

1. Create a fleet#

2. Linux install#

3. Kubernetes (Helm)#

4. Air-gap#

Troubleshooting#

Related#