Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel7
Info

Thank you for choosing CyberCNS. Please find below scenarios to help you choose the type of Agent suitable for your environment.

All about Agents

  • CyberCNS provides a Single Downloadable Agent which can be used as a Probe (the so-called Regular or Network Agent) OR a Lightweight Agent OR Scan Agent. You can choose the correct agent configuration based on your requirement. This document provides a way to decide which configuration is best suitable.

  • Navigate to Overview and click on Probes/Agents to download the Agent.

  • CyberCNS has three different types of installations that can be used depending on the requirement. These are Probe , LightWeight, and Scan.

  • Choose the OS Type as Windows/ Mac/ Linux, or ARM and download the required Probes / Agents (Probe/Lightweight/Scan) and copy it into the remote machine, and run the command.

Info
  1. Do not install WinPcap and Npcap in the system.

  2. NMAP is a prerequisite for Linux and Mac OS using Probe, and ARM agents.

  3. Lightweight agent and Probe Agent can not be installed on the same system.

  • A Probe or Network Agent is typically installed on any one machine in the network and it will scan all assets in that defined network.

  • A Lightweight agent on the other hand is installed on an end-user’s system and will only scan that particular asset (useful in work-from-home scenarios when the user is not on the corporate/office network).

  • The agent will behave as a Probe or Lightweight agent depending on the command line arguments passed while installation. These commands to be used for installation and are readily provided in the CyberCNS console while downloading an agent.

  • CyberCNS agent uses silent installation so it is easy to push through any RMM.

  • Probe & Lightweight agents pulls the same information except, lightweight does not provide with Network Scan Findings.

  • For lightweight agent, if NMAP is available, it will also be able to get information about Network Vulnerabilities.

Introduction

  • This document provides an overview of the various installation switches for an Agent and how they are used during the process of installation and post-installation. There are two ways:

Note: There are two executables 

🔸 cybercnsagent.exe that is used during install. 

🔹 Cybercnsagentv2.exe is the actual executable that runs the scan is that is created when you run the installation or run it on an asset.

Installation Parameters

  • 🔸 Cybercnsagent.exe

...

S.No

...

Command line Parameter

...

Description

...

1

...

-c

...

Companyid. Unique id of the company which is a guid. 

...

2

...

-a

...

ClientId. This is a clientid that identifies a company in the installation. This is used to authenticate the agent against the Keycloak Openid so that it has only specific permissions. A modified version of an agent can never delete data using these credentials

...

3

...

-s

...

ClientSecret This is a secret that authenticates the clientid in the installation. This is used to authenticate the agent against the Keycloak Openid so that it has only specific permissions. A modified version of an agent can never delete data using these credentials

...

4

...

-b

...

Base URL or Domain. CyberCNS domain that the agent needs to check into. <company name>.mycybercns.com

...

Probe Type Specific Options

...

5

...

-i

...

Install as a service. This must be followed by the Service Role that can be

  • Probe - Scans the entire network and provides data

  • Lightweight Agent- Scans the individual system where it is installed

...

6

...

-m

...

Run without creating a service or installing as in the case of conducting an assessment. This must be followed by the Service Role that can be

  • Probe - Scans the entire network and provides data

  • Lightweight Agent- Scans the individual system where it is installed

Post-installation

  • The cybercnsagentv2.exe is located into Installation Path: C:\Program Files(x86)\CyberCNSAgentV2. It has the following parameters.

...

1

...

-d

...

Run agent in debug or verbose mode on the command line. This is usually to debug a problem when discovery does not happen 

...

2

...

-h

...

Help Text display of all options

...

3

...

-u

...

Force an update of the agent. Checks if a new version is available and upgrades itself

...

4

...

-v

...

Display the version of the agent

To download the agent

  • On the global menu(⚙) Navigate to the Overview tab and click on Probe/Agent to install the Agent.

...

🔸 For successful download please follow the below steps depending on your agent selection.

To Install an agent as a probe/Lightweight Agent OR to Scan follow the below steps:-

  1. Open Powershell as an administrator.

  2. Use a copied command from the console to install. This contains information about your domain, company, etc.

...

  • In case of command prompt as administrator is used please use below-highlighted part of the command only.

  • Navigate to the folder where the agent is downloaded. You may want to create a new folder and copy the CyberCNS agent into it as it gets installed into the same folder.

...

Warning

Please do not use the command shown in the below image, use the command for the created company to download the agent as shown in your CyberCNS portal. A different ID will be generated for every company to be used in the command line parameter.

Info

The API key is included in the command-line script to install the agent.

Probe Agent

  • The Probe is a Windows Service that is installed on the windows machine in the network you would be running scans on. The Windows Service runs under the local system permission but requires the following prerequisites

    • 4 core CPU on the machine

    • Minimum of 4 GB RAM for the first 1000 Assets and 1GB for every additional 500 assets.

    • Reach-ability to all the subnets needs to scan.

    • Ports 443 outbound opened to the installation domain <yourcompany>.mycybercns.com

    • Admin SMB shares permission to login into the remote system and fetch required data.

  • The Probe is useful for an office environment where you have controlled IP Addressing.

  • It deploys the following techniques to get to the devices

    • Windows - It attempts to use the Admin SMB share to send a small executable called the Dissolvable agent that it then runs on the remote machine to fetch the details. It probes the shares using standard SMB tools and does an NFS discovery to check any NFS shares.

    • Active Directory - It uses SMB to query the users, groups from the Credentials provided during the AD set up in the Master credentials.

    • Linux - It uses SSH credentials to log in to the box and figure out using Linux commands what is running on the machines.

    • Network Devices - It uses SNMP to discover the Sysobjectid and lookup the version of the device and then query the vulnerabilities for the version. It also connects to OEM APIs to get the vulnerability details.

  • You can discover multiple subnets(CIDR/IP Range/Static IP) using a single Probe.

  • The probe will require AD Credentials in the case of the AD environment for scanning purposes.

  • In the Case of a Non-AD Environment, if any central system is able to communicate with the other systems in the network it solves the purpose.

🔹 Windows - the user will have permission to write and execute through SMB.

🔸 Linux, VM, Darwin- The user must have ssh access to execute the scripts and copying the files to the temp directory to execute and remove the copied files.

Installation Steps For Windows

  1. Open Powershell as an administrator.

To Install as a Probe (example command-line script below).

  • If the OS Type is selected as Windows, then to install the Probe Agent follow the below step:-

🔸 Select the option to install either as Probe or Lightweight or Scan, click on Download once the option is chosen, then run the command for the selected company as shown below.

  • If Probe/ Lightweight is chosen then it installs the CyberCNS service into the agent system, whereas the Scan agent will only scan that system without installing a CyberCNS service. Using installed service we can use a feature of the scheduler.

...

To Install as a Lightweight Agent

  • The below image is to download the Probe Agent by selecting the option as Lightweight agent for the selected company.

Image Removed

To run a scan

  • Once the download is completed, select the option to Scan and run the command.

  • Scan agent will help to do a one-time scan.

...

Uninstallation Steps for Windows(Probe & LightWeightAgent)

  • To uninstall cybercnsagentv2 using command prompt

>run cmd as admin

>cd C:\Program Files (x86)\CyberCNSAgentV2

>cybercnsagentv2.exe -r

🔸 To uninstall cybercnsagentv2 using windows GUI

  • Navigate to the cybercnsgentv2 folder

>cd C:\Program Files (x86)\CyberCNSAgentV2

  • As depicted in the below image, click on the uninstall.bat file and follow instructions on the screen.

...

Lightweight Agent

Info

Before installing the agent, you need to install the latest version of Nmap (free download from https://nmap.org/ ).

...

If you have an RMM deployed on the network and you are not interested in scanning network devices like in the case of a small office with a printer and broadband router then you can use the Lightweight Agent.

...

The Lightweight agent can run as an executable run from the RMM or can be installed as a service.

It collects information from the local system and pushes data to the CyberCNS portal. It does not cross the machine boundary. One weakness of this is that one does not get an outsider view of the system.

...

Table of Contents
minLevel1
maxLevel6
outlinefalse
typelist
printablefalse
Info

Thank you for choosing CyberCNS. Please find below scenarios to help you choose the type of Agent suitable for your environment.

Please note CyberCNS supports only 64-bit systems for scanning and agent installation purposes.

All about Agents

  • CyberCNS provides a Single Downloadable Agent which can be used as a Probe (the so-called Regular or Network Agent) OR a Lightweight Agent OR a Scan Agent. You can choose the correct agent configuration based on your requirement. This document provides a way to decide which configuration is best suitable.

  • Navigate to Overview and click on Probes/Agents to download the Agent.

  • CyberCNS has three different types of installations that can be used depending on the requirement. These are Probe, Lightweight, and Scan.

  • Choose the OS Type as Windows/ Mac/ Linux, or ARM and download the required Probes / Agents (Probe/Lightweight/Scan) and copy it into the remote machine, and run the command.

Info
  1. Npcap should be present in the system for the Probe agent.

  2. Do not install WinPcap and Npcap in the system for Lightweight agents.

  3. NMAP 7.9 and above is a prerequisite for Linux and Mac OS using Probe, and ARM agents.

  4. Lightweight agents and Probe agents can not be installed on the same system.

  • A Probe or Network Agent is typically installed on any machine in the network and will scan all assets in that defined network.

  • A Lightweight Agent, on the other hand, is installed on an end user’s system and will only scan that particular asset (useful in work-from-home scenarios when the user is not on the corporate/office network).

  • The agent will behave as a Probe or Lightweight agent depending on the command line arguments passed during installation. These commands are to be used for installation and are readily provided in the CyberCNS console while downloading an agent.

  • CyberCNS agent uses silent installation so it is easy to push through any RMM.

  • Probe & Lightweight agents pull the same information except, lightweight does not provide Network Scan Findings.

Info

we no longer support the installation of agents on Windows 2008 R2 in v3 , and in V4 agent. This decision is based on the absence of some required kernel Dynamic Link Libraries (DLLs) in this operating system, particularly due to limitations imposed by GoLang.

List of Supported Operating Systems for Agent Installation

UBUNTU OS

Ubuntu 22.04 LTS

Jammy Jellyfish

Ubuntu 20.04 LTS

Focal Fossa

Ubuntu 18.04 LTS

Bionic Beaver

CENT OS

CentOS - 7.0

CentOS - 8.0

REDHAT LINUX OS

RHEL 7

Maipo

RHEL 8

Ootpa

SLES

OS Version 11

Suse

OS Version 12

Suse

DEBIAN OS

Debian 7

Wheezy

Debian 8

Jessie

Debian 9

Stretch

Debian 10

Buster

Debian 11

Bullseye

MAC OS

OS X 10.9

Mavericks (Cabernet)

OS X 10.10

Yosemite (Syrah)

OS X 10.11

El Capitan (Gala)

macOS 10.12

Sierra (Fuji)

macOS 10.13

High Sierra (Lobo)

macOS 10.14

Mojave (Liberty)

macOS 10.15

Catalina (Jazz)

macOS 11

Big Sur (GoldenGate)

macOS 12

Monterey (Star)

MICROSOFT WINDOWS OS

windows windows 10 (64-bit)

Windows 11 (64-bit)

Windows Server 2012 (64-bit)

Windows Server 2012 R2 (64-bit)

Windows Server 2016 (64-bit)

Windows Server 2019 (64-bit)

Windows Server 2022 (64-bit)

Introduction

  • This document provides an overview of the various installation switches for an Agent and how they are used during the process of installation and post-installation. There are two ways:

Note: There are two executables 

🔸 Cybercnsagent.exe that is used during installation. 

🔹 Cybercnsagentv2.exe is the actual executable that runs the scan and is created when you run the installation or run it on an asset.

Installation Parameters

  • 🔸 Cybercnsagent.exe

S.No

Command line Parameter

Description

1

-c

Companyid. Unique id of the company which is a guid. 

2

-a

ClientId. This is a clientid that identifies a company in the installation. This is used to authenticate the agent against the Keycloak Openid so that it has only specific permissions. A modified version of an agent can never delete data using these credentials.

3

-s

ClientSecret. This is a secret that authenticates the clientid in the installation. This is used to authenticate the agent against the Keycloak Openid so that it has only specific permissions. A modified version of an agent can never delete data using these credentials.

4

-b

Base URL or Domain. CyberCNS domain that the agent needs to check into. <company name>.mycybercns.com

For V3 please use portal.mycybercns.com/me/<domain name>

Probe Type-Specific Options

5

-i

Install as a service. This must be followed by the Service Role that can be

  • Probe - Scans the entire network and provides data

  • Lightweight Agent- Scans the individual system where it is installed

6

-m

Run without creating a service or installing as in the case of conducting an assessment. This must be followed by the Service Role that can be

  • Probe - Scans the entire network and provides data

  • Lightweight Agent- Scans the individual system where it is installed

Post-installation

  • The cybercnsagentv2.exe is located in Installation Path: C:\Program Files(x86)\CyberCNSAgentV2. It has the following parameters.

1

-d

Run the agent in debug or verbose mode on the command line. This is usually to debug a problem when discovery does not happen 

2

-h

Help Text display all options

3

-u

Force an update of the agent. Checks if a new version is available and upgrades itself

4

-v

Display the version of the agent

To download the agent

  • On the global menu(⚙) Navigate to the Overview tab and click on Probe/Agent to install the Agent.

Info

Please use the below Direct Download URL for agent download in case required. URL used under Probes/Agents comes with expiry so not suitable for agent push through RMM.

https://configuration.mycybercns.com/api/v3/configuration/agentlink?ostype=windows

​>> Supported ostype keys

For Windows -> windows

For Linux -> Linux

For MAC -> darwin

For ARM / Raspberry Pi. -> arm

Image Added

🔸 For a successful download please follow the below steps depending on your agent selection.

To Install an agent as a probe/Lightweight Agent OR to Scan follow the below steps:-

  1. Open Powershell as an administrator.

  2. Use a copied command from the console to install. This contains information about your domain, company, etc.

...

  • Click on select Exe or Msi format for the window operating system

  • Please refer to MSI Agent installation using GPO documentation for MSI agent installation using GPO.

...

  • In case of command prompt as administrator is used please use the below-highlighted part of the command only.

  • Navigate to the folder where the agent is downloaded. You may want to create a new folder and copy the CyberCNS agent into it as it gets installed into the same folder.

...

Warning

Please do not use the command shown in the above image, use the command for the created company in your portal to download the agent as shown in your CyberCNS portal. A different ID will be generated for every company to be used in the command line parameter.

Info

The API key is included in the command-line script to install the agent.

Probe Agent

  • The Probe is a Windows Service that is installed on the Windows machine in the network you would be running scans on. The Windows Service runs under the local system permission but requires the following prerequisites

    • 4 core CPU on the machine

    • Minimum of 4 GB RAM for the first 1000 Assets and 1GB for every additional 500 assets.

    • Reachability to all the subnets needs to be scanned.

    • Ports 443 outbound opened to the installation domain <yourcompany>.mycybercns.com

    • Admin SMB shares permission to login into the remote system and fetches required data.

  • The Probe is useful for an office environment where you have controlled IP Addressing.

  • It deploys the following techniques to get to the devices

    • Windows - It attempts to use the Admin SMB share to send a small executable called the Dissolvable agent that it then runs on the remote machine to fetch the details. It probes the shares using standard SMB tools and does an NFS discovery to check any NFS shares.

    • Active Directory - It uses SMB to query the users, and groups from the Credentials provided during the AD setup in the Master credentials.

    • Linux - It uses SSH credentials to log in to the box and figure out using Linux commands what is running on the machines.

    • Network Devices - It uses SNMP to discover the Sysobjectid and look up the version of the device and then query the vulnerabilities for the version. It also connects to OEM APIs to get the vulnerability details.

  • You can discover multiple subnets(CIDR/IP Range/Static IP) using a single Probe.

  • The probe will require AD Credentials in the case of the AD environment for scanning purposes.

  • In the case of a Non-AD Environment, if any central system is able to communicate with the other systems in the network it solves the purpose.

🔹 Windows - the user will have permission to write and execute through SMB.

🔸 Linux, VM, Darwin- The user must have ssh access to execute the scripts and copy the files to the temp directory to execute and remove the copied files.

Installation Steps For Windows

Info

For Windows Agent Powershell version 3.0 and above is required.

  1. Navigate to the Company under which the agent is to be installed and open the Probes/Agents section to get the installation command. ( Below image can be referred)

  2. Select the install option as to either Probe, Lightweight or Scan install.

  3. Click on Download once the option is chosen, and then run the command for the selected company as shown below. OR Copy the complete command to the clipboard using the copy option in the command box.

  4. Open Powershell as an administrator, and run the script.

  5. A probe or lightweight agent will be installed in the chosen asset.

  • If Probe/ Lightweight is chosen then it installs the CyberCNS service into the agent system, whereas the Scan agent will only scan that system without installing a CyberCNS service. Using the installed service we can use a feature of the scheduler to help schedule further scans.

  • Select Exe/ Msi format of the installer for the Windows operating system.

...

To Install a Lightweight Agent

Info

Web installer format is available for Lightweight agent only.

  • Click on select Exe/Msi/web installer format to install lightweight agent on the windows system.

  • Either download a Lightweight agent for the selected company as per below image or use the command shown in the grey box to copy and run it under Powershell as an administrator for windows.

...

  • Click on Select Web Installer format for the Windows operating system.

    Image Added
  • The agent will be downloaded in the download folder ( or the set folder for download) of the system used for download.

...

  • Navigate to the download folder, Right-click on the downloaded file, and click on Run as administrator.

...

  • WebInstaller installation window will appear as below showing the status of agent installation.

    Image Added

To run a scan

  • Once the download is completed, select the option to Scan and run the command.

  • A scan agent will help to do a one-time scan.

...

Uninstallation Steps for Windows(Probe & LightWeightAgent)

  • To uninstall cybercnsagentv2 using a command prompt

Runn cmd as admin

>cd C:\Program Files (x86)\CyberCNSAgentV2

>cybercnsagentv2.exe -r

🔸 To uninstall cybercnsagentv2 using Windows GUI

  • Navigate to the cybercnsgentv2 folder

>cd C:\Program Files (x86)\CyberCNSAgentV2

  • As depicted in the below image, click on the uninstall.bat file and follow the instructions on the screen.

...

Lightweight Agent

Info

Before installing the agent, you need to install the latest version of Nmap (free download from https://nmap.org/ ).

  • If you have an RMM deployed on the network and you are not interested in scanning network devices like in the case of a small office with a printer and broadband router then you can use the Lightweight Agent.

  • The Lightweight agent can run as an executable run from the RMM or can be installed as a service.

  • It collects information from the local system and pushes data to the CyberCNS portal. It does not cross the machine boundary. Lightweight Agent is unable to get an outsider view of the system.

    • Ports 443 Outbound is required.

Installation Steps for Nmap

Step 1: wgethttps://nmap.org/dist/nmap-7.91-1.x86_64.rpm

Step 2: sudo apt-get install alien

Step 3: sudo alien nmap-7.91-1.x86_64.rpm

Step 4: sudo dpkg --install nmap_7.91-2_amd64.deb

Installation Steps For Mac

  1. Download Mac/Apple agent from the company & open the terminal.

  2. At the terminal run >> Sudo Su

  3. Navigate to the downloaded path and give executable permission for the installation script using the commands below. using the commands below

    Code Block
    chmod +x cybercnsagent_darwin

To Install as a Probe

  • If the OS Type is selected as Mac, then to install the LightWeight Agent follow the below step:-

🔸 Select the option to install either as Probe or Lightweight, click on Download once the option is chosen, and then run the command for the selected company as shown below.

  • If Probe/ Lightweight is chosen then it installs the CyberCNS service into the agent system, whereas the Scan agent will only scan that system without installing a CyberCNS service. Using the installed service we can use a feature of the scheduler.

...

To Install as a Lightweight Agent

  • The below image depicts the procedure to download the Lightweight Agent by selecting the option Lightweight Agent for the selected company.

...

To run a scan

  • Once the download is completed, select the option to Scan and run the command.

  • The scan agent will help to do a one-time scan.

...

Uninstallation Steps for Mac (Probe & LightWeightAgent)

  • As shown in the below steps follow to uninstall the LightWeight Agent.

>>cd /opt/CyberCNSAgentV2/

>>./cybercnsagentv2_darwin -r

  • To confirm the LightWeight agent is uninstalled follow the below steps.

>>cd /opt

>>ls

...

Linux Agent

Info

Before installing the agent, need to install the latest Nmap.

Installation Steps for Nmap

Step 1: wget https://nmap.org/dist/nmap-7.91-1.x86_64.rpm

Step 2: sudo apt-get install alien

Step 3: sudo alien nmap-7.91-1.x86_64.rpm

Step 4: sudo dpkg --install nmap_7.91-2_amd64.deb

Installation Steps For

...

Linux

  1. Download

...

  1. the Linux agent from the company & open terminal

...

  1. At the terminal run >> Sudo Su

  2. Navigate to the downloaded path and give executable permission for the installation script

...

  1. using the commands below

...

  1. .

Code Block
chmod +x 

...

cybercnsagent_

...

linux

To Install as a Probe

  • If the OS Type is selected as MacLinux, then to install the LightWeight Linux Agent follow the below step:-

🔸 Select the option to install either as Probe or Lightweight, click on Download once the option is chosen, and then run the command for the selected company as shown below.

  • If Probe/ Lightweight is chosen then it installs the CyberCNS service into the agent system, whereas the Scan agent will only scan that system without installing a CyberCNS service. Using the installed service we can use a feature of the scheduler.

...

To Install as a Lightweight Agent

  • The below image depicts the procedure is to download the Lightweight Docker Agent by selecting the option as Lightweight agent for the selected company.

...

  • Once the download is completed, select the option to Scan and run the command.

  • Scan The scan agent will help to do a one-time scan.

...

Uninstallation Steps for

...

Linux (Probe & LightWeightAgent)

  • As shown in the below steps follow to uninstall the LightWeight AgentIn the particular folder, where the Linux agent is installed, in the same folder uninstall the Linux agent with the following steps. In the depicted below image, can view each step as followed below.

>>cd /opt/CyberCNSAgentV2/

>>./cybercnsagentv2_darwin linux -r

  • To confirm the LightWeight Linux agent is uninstalled follow the below steps.

>>cd /opt..

>>ls

...

...

ARM Agent(Raspberry Pi)

Info
  • Before installing the agent, need to install the latest Nmap.

  • Minimum Requirement: Raspberry PI 4 with 8GB RAM

Installation Steps for Nmap

Step 1: wget https://nmap.org/dist/nmap-7.91- 1.x86_64.rpmStep 2: sudo apt-get install aliensu

Step 3: sudo alien nmap-7.91-1.x86_64.rpm

Step 4: sudo dpkg --install nmap_7.91-2_amd64.deb

Installation Steps For Linux

...

2: apt update

Step 3: apt install Nmap

Installation Steps for ARM(Raspberry Pi)

  1. Download the ARM agent from the company & open terminal

  2. At the terminal run >> Sudo Su

  3. Navigate to the downloaded path and give executable permission for the installation script

...

  1. using the commands below

...

  1. .

Code Block
chmod +x cybrcnsagentcybercnsagent_linuxarm

To Install as a Probe

  • If the OS Type is selected as LinuxARM(Raspberry Pi), then to install the Linux ARM Agent follow the below step:-

🔸 Select the option to install either as Probe or Lightweight, click on Download once the option is chosen, and then run the command for the selected company as shown below.

  • If Probe/ Lightweight is chosen then it installs the CyberCNS service into the agent system, whereas the Scan agent will only scan that system without installing a CyberCNS service. Using the installed service we can use a feature of the scheduler.

...

  • The below image is to download the Docker ARM Agent by selecting the option as Lightweight agent for the selected company.

...

  • Once the download is completed, select the option to Scan and run the command.

  • Scan The scan agent will help to do a one-time scan.

...

Uninstallation Steps for Linux (Probe & LightWeightAgent)

  • In the particular folder, where the Linux agent is installed, in the same folder uninstall the Linux agent with the following steps. In the depicted below image, can view each step as followed below.

>>cd /opt/CyberCNSAgentV2/

>>./cybercnsagentv2_linux -r

  • To confirm the Linux agent is uninstalled follow the below steps.

>>cd ..

>>ls

...

ARM Agent(Raspberry Pi)

Info
  • Before installing the agent, need to install the latest Nmap.

  • Minimum Requirement: Raspberry PI 4 with 8GB RAM

Installation Steps for Nmap

Step 1: sudo su

Step 2: apt update

Step 3: apt install Nmap

Installation Steps for ARM(Raspberry Pi)

  1. Download ARM agent from the company & open terminal

  2. At the terminal run >> Sudo Su

  3. Navigate to the downloaded path and give executable permission for the installation script by using the below commands.

Code Block
chmod +x cybrcnsagent_arm

To Install as a Probe

  • If the OS Type is selected as ARM(Raspberry Pi), then to install the ARM Agent follow the below step:-

🔸 Select the option to install either as Probe or Lightweight, click on Download once the option is chosen, then run the command for the selected company as shown below.

  • If Probe/ Lightweight is chosen then it installs the CyberCNS service into the agent system, whereas the Scan agent will only scan that system without installing a CyberCNS service. Using installed service we can use a feature of the scheduler.

...

To Install as a Lightweight Agent

  • The below image is to download the ARM Agent by selecting the option as Lightweight agent for the selected company.

...

To run a scan

  • Once the download is completed, select the option to Scan and run the command.

  • Scan agent will help to do a one-time scan.

...

  • ARM is architecture but OS is Linux, so in the Agent Platform it shows as Linux, and successful agent installation is shown as depicted in the below image.

...

Uninstallation Steps for ARM(Probe & LightWeightAgent)

  • As shown in the below steps follow to uninstall the ARM Agent.

>>cd /opt/

>>ls

>>cd /opt/CyberCNSAgentV2/

>>ls

>>./cybercnsagentv2_arm -r

...

Probe/Agents Tab

  • Once the agent installation is successful, Navigate to the Probe / Agents tab to view the installed agent along with the details of Hostname, Version, Agent Type, IP, OS Type, Installed On, Last Scanned Time, Last Ping Time, and whether the agent is Online (If the agent is online it shows in green) or Offline (if the agent is offline it shows in red).

  • In the below image using the Action column can add Discovery settings, Uninstall and Delete the agent if needed.

  • Full Scan, Asset Scan, Vulnerability Scan, External Scan, Port Scan, and Firewall Scan are the scan that is available on the top of the page, where the scan for the agent can be done using these options on the requirement.

...

  • After a scan is complete, it will successfully upload the results to the company from where this agent was downloaded under the Assets section.

AV/EDR Exclusion

CyberCNS agents to be whitelisted into AV or EDR solutions.

  • Please exclude C:\ProgramFiles (x86)\CyberCNSAgentv2 folder from the Agent machine ( For Probe as well as Lightweight Agent).

  • Please exclude\tmp\cybercnsagent folder from remote machines (which are scanned using Probe Agent)

Windows

🔸 Agent installed path:

C:\Program Files (x86)\CyberCNSAgentV2

🔹 Logs path:

C:\Program Files (x86)\CyberCNSAgentV2\logs

🔸 Remote Execution path:

>> net share admin$ (If we run this cmd we can get the admin share path. CyberCNS Probe agent will send the executables to the admin share path.

Linux and Mac

🔸 Agent installed path:

/opt/CyberCNSAgentV2/

🔹 Logs path:

/opt/CyberCNSAgentV2/logs/

🔸 Remote Execution path:

/tmp/cybercnsagent (CyberCNS Probe will send executables to /tmp path in linux machines scanning)

Info

In case the CyberCNS Agent yet has issues reporting to CyberCNS portal post-installation, it can be run into debug mode as follows to check the issue. The output of the below action can be shared with support@cybercns.com.

Debug Mode Command:-

In Windows

  1. Open CMD or Powershell as administrator

  2. Run "net stop cybercnsagentv2"

  3. Run "cd C:\Program Files (x86)\CyberCNSAgentV2"

  4. cybercnsagentv2.exe -m Probe -d

Debug Mode Command:-

In Linux

-->open terminal with privileged user

  1. sudo su

  2. systemctl stop cybercnsagentv2

  3. cd /opt/CyberCNSAgentV2

  4. ./cybercnsagentv2_linux -m Probe -d

Below are the primary executables in the CyberCNSAgentV2 (installation folder) to be whitelisted.

...

  • scan.

...

  • ARM is architecture but OS is Linux, so in the Agent Platform, it shows as Linux, and successful agent installation is shown as depicted in the below image.

...

Uninstallation Steps for ARM(Probe & LightWeightAgent)

  • As shown in the below steps follow to uninstall the ARM Agent.

>>cd /opt/

>>ls

>>cd /opt/CyberCNSAgentV2/

>>ls

>>./cybercnsagentv2_arm -r

...

Probe/Agents Tab

  • Once the agent installation is successful, Navigate to the Probe / Agents tab to view the installed agent along with the details of Hostname, Version, Agent Type, IP, OS Type, Installed On, Last Scanned Time, Last Ping Time, and whether the agent is Online (If the agent is online it shows in green) or Offline (if the agent is offline it shows in red).

  • In the below image using the Action column can add Discovery settings, Uninstall, and Delete the agent if needed.

  • Full Scan, Asset Scan, Vulnerability Scan, External Scan, Port Scan, and Firewall Scan are the scan that is available on the top of the page, where the scan for the agent can be done using these options on the requirement.

...

  • After a scan is complete, it will successfully upload the results to the company from where this agent was downloaded under the Assets section.

Agent Migration

Info
  • The agents can be migrated from one company to another company.

  • Only online agents will be migrated.

  • Select the agent and click on Global Action andclick on Agent Migration.

...

  • Select the destination company from the drop-down and click on migrate.

  • When the agent is migrated, the agent's data is also migrated to the appropriate company.

...

AV/EDR Exclusion

CyberCNS agents are to be whitelisted into AV or EDR solutions.

  • Please exclude C:\ProgramFiles (x86)\CyberCNSAgentv2 folder from the Agent machine ( For Probe as well as Lightweight Agent).

  • Please exclude\tmp\cybercnsagent folder from remote machines (which are scanned using Probe Agent)

Windows

🔸 Agent installed path:

C:\Program Files (x86)\CyberCNSAgentV2

🔹 Logs path:

C:\Program Files (x86)\CyberCNSAgentV2\logs

🔸 Remote Execution path:

>> net share admin$ (If we run this cmd we can get the admin share path. CyberCNS Probe agent will send the executables to the admin share path.

Linux and Mac

🔸 Agent installed path:

/opt/CyberCNSAgentV2/

🔹 Logs path:

/opt/CyberCNSAgentV2/logs/

🔸 Remote Execution path:

/tmp/cybercnsagent (CyberCNS Probe will send executables to /tmp path in Linux machines scanning)

Info

In case the CyberCNS Agent yet has issues reporting to the CyberCNS portal post-installation, it can be run into debug mode as follows to check the issue. The output of the below action can be shared with support@cybercns.com.

Debug Mode Command:-

In Windows

  1. Open CMD or Powershell as administrator

  2. Run "net stop cybercnsagentv2"

  3. Run "cd C:\Program Files (x86)\CyberCNSAgentV2"

  4. cybercnsagentv2.exe -m Probe -d

Debug Mode Command:-

In Linux

--> Open terminal with privileged user

  1. sudo su

  2. systemctl stop cybercnsagentv2

  3. cd /opt/CyberCNSAgentV2

  4. ./cybercnsagentv2_linux -m Probe -d

    Debug mode for LighWeight Agent

  5. ./cybercnsagentv2_linux -t LightWeight -d

Below are the primary executables in the CyberCNSAgentV2 (installation folder) to be whitelisted.

​cybercnsagent.exe
cyberutils.exe
nmap.exe
osqueryi.exe
ntfsfastfind-x64.exe

Proxy support for agent

Info
  1. Proxy is supported for Windows, Mac, Linux, and ARM platforms & Probe and LightWeight agents.

  2. Please note that the Proxy password does not support @ character.

  3. While installing the agent using Proxy please make sure to use the -p option.

Please use the option with the proxy format for an authenticated proxy:

-p username:password@IPaddress or Hostname:port

e.g. -p user:pass@proxy.example.me:3128

For unauthenticated Proxy

-p IP address or Hostname:port

e.g. -p proxy.example.me:3128

Tags support for LightWeight Agent

Info
  • Lightweight Agent installation (for Windows, LightWeight, Linux, and ARM) can support Tags using the below command.

  • Probe Agent discovery settings allow you to add Tags.

  • For Lightweight agent installation using Tags please make sure to use the -g <tag name> in the installation command.