HTTP

Enable communication via an HTTP interface to centralize collected data between machines and the Watchman agent.

Simplify the setup

Save time by using our automatic installation script with a single command.

Make the script executable depending on your system:

Windows

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

On each machine in the network to be scanned, install the package:

pip install watchman-http-server

sudo ufw allow 8080/tcp

To allow machines to listen or communicate via port 8080, you need to create a rule in the Windows firewall:

Open Windows Defender Firewall with Advanced Security
- Click Start
- Type Windows Defender Firewall with Advanced Security and open it
Create a new inbound rule
- In the left pane, click Inbound Rules
- In the right pane, click New Rule…
Choose rule type
- Select Port
- Click Next
Configure the port
- Choose TCP
- Select Specific local ports and enter:
```
8080
```
- Click Next
Allow the connection
- Select Allow the connection
- Click Next
Choose the profile
- Check boxes according to the network type concerned:
  - Domain: for a corporate network with Active Directory domain
  - Private: for home or trusted networks
  - Public: for public networks (optional based on needs)
- Click Next
Name the rule
- Give the rule a name, for example:
```
Watchman Agent HTTP - Port 8080
```
- Click Finish

Port 8080 is just an example. You can use any available port.

Generate an API key (using any secure generator)
Use the same API key on all machines for simplicity, or a different key per machine for stronger security
Define the authorized IP address allowed to interact with the HTTP server (usually the agent’s IP)

⚠️ The more unique the key per machine, the higher the security.

watchman-http-server runserver \
  --port <PORT> \
  --api-key <API_KEY> \
  --addresses <AGENT_IP_ADDRESS> \
  -d detach

✅ Correct HTTP configuration ensures secure and automated transfer of data collected by the agent.